Vinod Kumar Vavilapalli commented on YARN-2446:

This is close, few comments: 
 - Get domains API: "If callerUGI is not the owner or the admin of the domain, 
we need to hide the details from him, and only allow him to see the ID": Why is 
that, I think we should just not allow non-owners to see anything. Is there a 
user-case for this?
 - Based on the above decision, 
TestTimelineWebServices.testGetDomainsYarnACLsEnabled() should be changed to 
either validate that only IDs are visible or nothing is visible.
 - LeveldbTimelineStore: The method writePrimaryFilterEntries() - the one that 
is newly added  - is not really used anywhere?
 - Shouldn't the server completely own DEFAULT_DOMAIN_ID, instead of letting 
anyone create it with potentially arbitrary permission?
 - In the test, where you say "Reader should be allowed to modify", it should 
be "Writer".
 - testGetEntitiesWithYarnACLsEnabled()
    -- Not related to the JIRA: The first write via user tester will fail, but 
that is not validated. IAC, I am not sure what we are doing here. Similar is 
the first post in testGetEventsWithYarnACLsEnabled().
    -- Can we add a test to validate cross-domain entity relationship?

> Using TimelineNamespace to shield the entities of a user
> --------------------------------------------------------
>                 Key: YARN-2446
>                 URL: https://issues.apache.org/jira/browse/YARN-2446
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2446.1.patch, YARN-2446.2.patch
> Given YARN-2102 adds TimelineNamespace, we can make use of it to shield the 
> entities, preventing them from being accessed or affected by other users' 
> operations.

This message was sent by Atlassian JIRA

Reply via email to