[ https://issues.apache.org/jira/browse/YARN-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15502912#comment-15502912 ]
Varun Saxena commented on YARN-5599: ------------------------------------ Thanks [~rohithsharma] for the patch. Should we do this for ATSv1 too because ATSv2 is still in alpha phase. >From the patch, the test does not check if AM command is published or not. The >test with the changes passes with or without the core changes. Looking at the >test code, probably we can add a check somewhere in verifyEntity method. Or >can add some other way of verifying if entity with this info has been >published. IMO, app level authorization in ATS should be enough as an access control mechanism. If you have authorization to read app details, you should be able to read it as well. I am not sure about the part regarding publishing application logs. Access to aggregated container logs in HDFS will be controlled based on user. And in AHS/ATSv1 we provide an endpoint to access container logs too. We plan to add this in ATSv2 too, pending discussion. > Post AM launcher artifacts to ATS > --------------------------------- > > Key: YARN-5599 > URL: https://issues.apache.org/jira/browse/YARN-5599 > Project: Hadoop YARN > Issue Type: Improvement > Reporter: Daniel Templeton > Assignee: Rohith Sharma K S > Attachments: 0001-YARN-5599.patch > > > To aid in debugging launch failures, it would be valuable to have an > application's launch script and logs posted to ATS. Because the > application's command line may contain private credentials or other secure > information, access to the data in ATS should be restricted to the job owner, > including the at-rest data. > Along with making the data available through ATS, the configuration parameter > introduced in YARN-5549 and the log line that it guards should be removed. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org