[ 
https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14524328#comment-14524328
 ] 

Li Lu commented on YARN-3401:
-----------------------------

I just changed the title of this JIRA to security so that we're decoupling this 
JIRA with data model related changes. This JIRA is part of the (not-yet) 
proposed security design for timeline v2. I'm not sure the role of this JIRA 
after we have a comprehensive design, so I'm just linking this JIRA to the 
security JIRA so that we remember this use case. 

> [Security] users should not be able to create a generic TimelineEntity and 
> associate arbitrary type
> ---------------------------------------------------------------------------------------------------
>
>                 Key: YARN-3401
>                 URL: https://issues.apache.org/jira/browse/YARN-3401
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Sangjin Lee
>            Assignee: Naganarasimha G R
>
> IIUC it is possible for users to create a generic TimelineEntity and set an 
> arbitrary entity type. For example, for a YARN app, the right entity API is 
> ApplicationEntity. However, today nothing stops users from instantiating a 
> base TimelineEntity class and set the application type on it. This presents a 
> problem in handling these YARN system entities in the storage layer for 
> example.
> We need to ensure that the API allows only the right type of the class to be 
> created for a given entity type.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to