Varun Saxena commented on YARN-5599:

Thanks [~rohithsharma] for the patch. Should we do this for ATSv1 too because 
ATSv2 is still in alpha phase.

>From the patch, the test does not check if AM command is published or not. The 
>test with the changes passes with or without the core changes. Looking at the 
>test code, probably we can add a check somewhere in verifyEntity method. Or 
>can add some other way of verifying if entity with this info has been 

IMO, app level authorization in ATS should be enough as an access control 
mechanism. If you have authorization to read app details, you should be able to 
read it as well.
I am not sure about the part regarding publishing application logs.  Access to 
aggregated container logs in HDFS will be controlled based on user. And in 
AHS/ATSv1 we provide an endpoint to access container logs too. We plan to add 
this in ATSv2 too, pending discussion.

> Post AM launcher artifacts to ATS
> ---------------------------------
>                 Key: YARN-5599
>                 URL: https://issues.apache.org/jira/browse/YARN-5599
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Daniel Templeton
>            Assignee: Rohith Sharma K S
>         Attachments: 0001-YARN-5599.patch
> To aid in debugging launch failures, it would be valuable to have an 
> application's launch script and logs posted to ATS.  Because the 
> application's command line may contain private credentials or other secure 
> information, access to the data in ATS should be restricted to the job owner, 
> including the at-rest data.
> Along with making the data available through ATS, the configuration parameter 
> introduced in YARN-5549 and the log line that it guards should be removed.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to