[
https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14524328#comment-14524328
]
Li Lu commented on YARN-3401:
-----------------------------
I just changed the title of this JIRA to security so that we're decoupling this
JIRA with data model related changes. This JIRA is part of the (not-yet)
proposed security design for timeline v2. I'm not sure the role of this JIRA
after we have a comprehensive design, so I'm just linking this JIRA to the
security JIRA so that we remember this use case.
> [Security] users should not be able to create a generic TimelineEntity and
> associate arbitrary type
> ---------------------------------------------------------------------------------------------------
>
> Key: YARN-3401
> URL: https://issues.apache.org/jira/browse/YARN-3401
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Sangjin Lee
> Assignee: Naganarasimha G R
>
> IIUC it is possible for users to create a generic TimelineEntity and set an
> arbitrary entity type. For example, for a YARN app, the right entity API is
> ApplicationEntity. However, today nothing stops users from instantiating a
> base TimelineEntity class and set the application type on it. This presents a
> problem in handling these YARN system entities in the storage layer for
> example.
> We need to ensure that the API allows only the right type of the class to be
> created for a given entity type.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
