[
https://issues.apache.org/jira/browse/YARN-2446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14151272#comment-14151272
]
Vinod Kumar Vavilapalli commented on YARN-2446:
-----------------------------------------------
This is close, few comments:
- Get domains API: "If callerUGI is not the owner or the admin of the domain,
we need to hide the details from him, and only allow him to see the ID": Why is
that, I think we should just not allow non-owners to see anything. Is there a
user-case for this?
- Based on the above decision,
TestTimelineWebServices.testGetDomainsYarnACLsEnabled() should be changed to
either validate that only IDs are visible or nothing is visible.
- LeveldbTimelineStore: The method writePrimaryFilterEntries() - the one that
is newly added - is not really used anywhere?
- Shouldn't the server completely own DEFAULT_DOMAIN_ID, instead of letting
anyone create it with potentially arbitrary permission?
- In the test, where you say "Reader should be allowed to modify", it should
be "Writer".
- testGetEntitiesWithYarnACLsEnabled()
-- Not related to the JIRA: The first write via user tester will fail, but
that is not validated. IAC, I am not sure what we are doing here. Similar is
the first post in testGetEventsWithYarnACLsEnabled().
-- Can we add a test to validate cross-domain entity relationship?
> Using TimelineNamespace to shield the entities of a user
> --------------------------------------------------------
>
> Key: YARN-2446
> URL: https://issues.apache.org/jira/browse/YARN-2446
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Zhijie Shen
> Assignee: Zhijie Shen
> Attachments: YARN-2446.1.patch, YARN-2446.2.patch
>
>
> Given YARN-2102 adds TimelineNamespace, we can make use of it to shield the
> entities, preventing them from being accessed or affected by other users'
> operations.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
