[ https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14524328#comment-14524328 ]
Li Lu commented on YARN-3401: ----------------------------- I just changed the title of this JIRA to security so that we're decoupling this JIRA with data model related changes. This JIRA is part of the (not-yet) proposed security design for timeline v2. I'm not sure the role of this JIRA after we have a comprehensive design, so I'm just linking this JIRA to the security JIRA so that we remember this use case. > [Security] users should not be able to create a generic TimelineEntity and > associate arbitrary type > --------------------------------------------------------------------------------------------------- > > Key: YARN-3401 > URL: https://issues.apache.org/jira/browse/YARN-3401 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver > Reporter: Sangjin Lee > Assignee: Naganarasimha G R > > IIUC it is possible for users to create a generic TimelineEntity and set an > arbitrary entity type. For example, for a YARN app, the right entity API is > ApplicationEntity. However, today nothing stops users from instantiating a > base TimelineEntity class and set the application type on it. This presents a > problem in handling these YARN system entities in the storage layer for > example. > We need to ensure that the API allows only the right type of the class to be > created for a given entity type. -- This message was sent by Atlassian JIRA (v6.3.4#6332)