[ 
https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Varun Vasudev updated YARN-3517:
--------------------------------
    Attachment: YARN-3517.006.patch

{quote}
in RMWebServices.java we don't need the isSecurityEnabled check. Just remove 
the entire check. My reasoning is that logLevel app does not do those checks, 
it simply makes sure you are an admin.

+ if (UserGroupInformation.isSecurityEnabled() && callerUGI == null)
\{ + String msg = "Unable to obtain user name, user not authenticated"; + throw 
new AuthorizationException(msg); + }
{quote}

Removed the check.

{quote}
in the test TestRMWebServices.java. We aren't actually asserting anything. we 
should assert that the expected files exist. Personally I would also like to 
see an assert that the expected exception occurred.
{quote}

Added explicit check for the exception being thrown as well as a check for the 
log files existing.

> RM web ui for dumping scheduler logs should be for admins only
> --------------------------------------------------------------
>
>                 Key: YARN-3517
>                 URL: https://issues.apache.org/jira/browse/YARN-3517
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager, security
>            Reporter: Varun Vasudev
>            Assignee: Thomas Graves
>            Priority: Blocker
>              Labels: security
>         Attachments: YARN-3517.001.patch, YARN-3517.002.patch, 
> YARN-3517.003.patch, YARN-3517.004.patch, YARN-3517.005.patch, 
> YARN-3517.006.patch
>
>
> YARN-3294 allows users to dump scheduler logs from the web UI. This should be 
> for admins only.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to