Sevada Abraamyan created YARN-2911:

             Summary: Issues with GetApplications request in secure cluster
                 Key: YARN-2911
             Project: Hadoop YARN
          Issue Type: Bug
          Components: resourcemanager
            Reporter: Sevada Abraamyan
            Assignee: Sevada Abraamyan

Both problems arise from the fact that the RM stores the short username of the 
app submitter. 

1) When the {{GetApplicationsRequest}} contains a 
{{ApplicationsRequestScope.OWN}} filter, i.e. it wants to filter out all apps 
not owned by the user. The RM attempts to match the full username of the 
GetApplications requester against the stored short username to determine if the 
requester is the owner of the app. In a secure cluster this can fail as the two 
are not always equivalent. 

2) The {{GetApplicationsRequest}} can be used to filter the the set of app 
returned to be only those which were submitted/owned by a set of users. Once 
again there is a mismatch here between short/full usernames. Since the client 
specifies the set of users, theoretically they can pass in a set of short 
usernames which would makes this feature work in a secure cluster. However, it 
is not expected that a client will have the correct 
{{}} configuration and therefore they can not 
always be expected to get the correct short usernames. 

This message was sent by Atlassian JIRA

Reply via email to