[
https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14518054#comment-14518054
]
Thomas Graves commented on YARN-3517:
-------------------------------------
in RMWebServices.java we don't need the isSecurityEnabled check. Just remove
the entire check. My reasoning is that logLevel app does not do those checks,
it simply makes sure you are an admin.
+ if (UserGroupInformation.isSecurityEnabled() && callerUGI == null) {
+ String msg = "Unable to obtain user name, user not authenticated";
+ throw new AuthorizationException(msg);
+ }
in the test TestRMWebServices.java. We aren't actually asserting anything. we
should assert that the expected files exist. Personally I would also like to
see an assert that the expected exception occurred.
> RM web ui for dumping scheduler logs should be for admins only
> --------------------------------------------------------------
>
> Key: YARN-3517
> URL: https://issues.apache.org/jira/browse/YARN-3517
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager, security
> Reporter: Varun Vasudev
> Assignee: Thomas Graves
> Priority: Blocker
> Labels: security
> Attachments: YARN-3517.001.patch, YARN-3517.002.patch,
> YARN-3517.003.patch, YARN-3517.004.patch, YARN-3517.005.patch
>
>
> YARN-3294 allows users to dump scheduler logs from the web UI. This should be
> for admins only.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
