[ 
https://issues.apache.org/jira/browse/YARN-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15502912#comment-15502912
 ] 

Varun Saxena commented on YARN-5599:
------------------------------------

Thanks [~rohithsharma] for the patch. Should we do this for ATSv1 too because 
ATSv2 is still in alpha phase.

>From the patch, the test does not check if AM command is published or not. The 
>test with the changes passes with or without the core changes. Looking at the 
>test code, probably we can add a check somewhere in verifyEntity method. Or 
>can add some other way of verifying if entity with this info has been 
>published.

IMO, app level authorization in ATS should be enough as an access control 
mechanism. If you have authorization to read app details, you should be able to 
read it as well.
I am not sure about the part regarding publishing application logs.  Access to 
aggregated container logs in HDFS will be controlled based on user. And in 
AHS/ATSv1 we provide an endpoint to access container logs too. We plan to add 
this in ATSv2 too, pending discussion.



> Post AM launcher artifacts to ATS
> ---------------------------------
>
>                 Key: YARN-5599
>                 URL: https://issues.apache.org/jira/browse/YARN-5599
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Daniel Templeton
>            Assignee: Rohith Sharma K S
>         Attachments: 0001-YARN-5599.patch
>
>
> To aid in debugging launch failures, it would be valuable to have an 
> application's launch script and logs posted to ATS.  Because the 
> application's command line may contain private credentials or other secure 
> information, access to the data in ATS should be restricted to the job owner, 
> including the at-rest data.
> Along with making the data available through ATS, the configuration parameter 
> introduced in YARN-5549 and the log line that it guards should be removed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to