[ https://issues.apache.org/jira/browse/YARN-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rohith updated YARN-2894: ------------------------- Summary: When ACL's are enabled, if RM switches then application can not be viewed from web. (was: Disallow binding of aclManagers while starting RMWebApp) I updated summary as per defect description. > When ACL's are enabled, if RM switches then application can not be viewed > from web. > ----------------------------------------------------------------------------------- > > Key: YARN-2894 > URL: https://issues.apache.org/jira/browse/YARN-2894 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager > Affects Versions: 2.6.0 > Reporter: Rohith > Assignee: Rohith > Fix For: 2.7.0 > > > Binding aclManager to RMWebApp would cause problem if RM is switched. There > could be some validation check may fail. > I think , we should not bind aclManager for RMWebApp, instead we should get > from RM instance. > In RMWebApp, > {code} > if (rm != null) { > bind(ResourceManager.class).toInstance(rm); > bind(RMContext.class).toInstance(rm.getRMContext()); > bind(ApplicationACLsManager.class).toInstance( > rm.getApplicationACLsManager()); > bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager()); > } > {code} > and in AppBlock#render below check may fail(Need to test and confirm) > {code} > if (callerUGI != null > && !(this.aclsManager.checkAccess(callerUGI, > ApplicationAccessType.VIEW_APP, app.getUser(), appID) || > this.queueACLsManager.checkAccess(callerUGI, > QueueACL.ADMINISTER_QUEUE, app.getQueue()))) { > puts("You (User " + remoteUser > + ") are not authorized to view application " + appID); > return; > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)