Zhijie Shen commented on YARN-2446:

bq. Get domains API: "If callerUGI is not the owner or the admin of the domain, 
we need to hide the details from him, and only allow him to see the ID": Why is 
that, I think we should just not allow non-owners to see anything. Is there a 
user-case for this?

bq. Based on the above decision, 
TestTimelineWebServices.testGetDomainsYarnACLsEnabled() should be changed to 
either validate that only IDs are visible or nothing is visible.

The rationale before is to let users to check whether the namespace Id is 
occupied or not before putting one. Talked to vindo offline, since it cannot 
save the race condition of multiple putting requests anyway, let's simplify the 
behavior as is suggested above. It's not related to code in this patch. Let me 
file a separate Jira for it.

bq. Shouldn't the server completely own DEFAULT_DOMAIN_ID, instead of letting 
anyone create it with potentially arbitrary permission?

Yes, DEFAULT_DOMAIN_ID is owned by the timeline server. When 
TimelineDataManager is constructed, if the default domain is not created 
before, the timeline server is going to create one. Users can not create or 
modify the domain with DEFAULT_DOMAIN_ID.

bq. testGetEntitiesWithYarnACLsEnabled()

The test cases seem to be problematic. I've updated these test cases and add 
the validation of cross-domain entity relationship.

One more issue I've noticed that after this patch, we should make RM put the 
application metrics into a secured domain instead of the default one. Will file 
a Jira for it as well.

> Using TimelineNamespace to shield the entities of a user
> --------------------------------------------------------
>                 Key: YARN-2446
>                 URL: https://issues.apache.org/jira/browse/YARN-2446
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2446.1.patch, YARN-2446.2.patch, YARN-2446.3.patch
> Given YARN-2102 adds TimelineNamespace, we can make use of it to shield the 
> entities, preventing them from being accessed or affected by other users' 
> operations.

This message was sent by Atlassian JIRA

Reply via email to