Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

More YARN pages need to honor yarn.resourcemanager.display.per-user-apps(addendum). Contributed by Sunil G.

(cherry picked from commit 8261f9e5710038ccbc475dbfcea3b9ae79b6f482)
Rohith Sharma K S 7 years ago
parent
fdacc8a088
commit
f7d0ca71ac
2 changed files with 33 additions and 6 deletions
Split View Show Diff Stats
  1. 21 0
      hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderManager.java
  2. 12 6
      hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java

+ 21 - 0
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderManager.java
View File 

@@ -24,12 +24,14 @@ import java.util.Set;
 
 import org.apache.hadoop.classification.InterfaceAudience.Private;
 
 import org.apache.hadoop.classification.InterfaceStability.Unstable;
 
 import org.apache.hadoop.conf.Configuration;
 
+import org.apache.hadoop.security.UserGroupInformation;
 
 import org.apache.hadoop.service.AbstractService;
 
 import org.apache.hadoop.yarn.api.records.timelineservice.FlowActivityEntity;
 
 import org.apache.hadoop.yarn.api.records.timelineservice.FlowRunEntity;
 
 import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity;
 
 import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntityType;
 
 import org.apache.hadoop.yarn.conf.YarnConfiguration;
 
+import org.apache.hadoop.yarn.security.AdminACLsManager;
 
 import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
 
 
 /**
 
@@ -42,12 +44,19 @@ import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
 
 public class TimelineReaderManager extends AbstractService {
 
 
   private TimelineReader reader;
 
+  private AdminACLsManager adminACLsManager;
 
 
   public TimelineReaderManager(TimelineReader timelineReader) {
 
     super(TimelineReaderManager.class.getName());
 
     this.reader = timelineReader;
 
   }
 
 
+  @Override
 
+  protected void serviceInit(Configuration conf) throws Exception {
 
+    // TODO Once ACLS story is played, this need to be removed or modified.
 
+    this.adminACLsManager = new AdminACLsManager(conf);
 
+  }
 
+
 
   /**
 
    * Gets cluster ID from config yarn.resourcemanager.cluster-id
 
    * if not supplied by client.
 
@@ -198,4 +207,16 @@ public class TimelineReaderManager extends AbstractService {
 
     context.setClusterId(getClusterID(context.getClusterId(), getConfig()));
 
     return reader.getEntityTypes(new TimelineReaderContext(context));
 
   }
 
+
 
+  /**
 
+   * The API to confirm is a User is allowed to read this data.
 
+   * @param callerUGI UserGroupInformation of the user
 
+   */
 
+  public boolean checkAccess(UserGroupInformation callerUGI) {
 
+    // TODO to be removed or modified once ACL story is played
 
+    if (!adminACLsManager.areACLsEnabled()) {
 
+      return true;
 
+    }
 
+    return callerUGI != null && adminACLsManager.isAdmin(callerUGI);
 
+  }
 
 }

+ 12 - 6
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
View File 

@@ -1435,6 +1435,7 @@ public class TimelineReaderWebServices {
 
     long startTime = Time.monotonicNow();
 
     init(res);
 
     TimelineReaderManager timelineReaderManager = getTimelineReaderManager();
 
+    Configuration config = timelineReaderManager.getConfig();
 
     Set<TimelineEntity> entities = null;
 
     try {
 
       DateRange range = parseDateRange(dateRange);
 
@@ -1454,15 +1455,15 @@ public class TimelineReaderWebServices {
 
     long endTime = Time.monotonicNow();
 
     if (entities == null) {
 
       entities = Collections.emptySet();
 
-    } else if (isDisplayEntityPerUserFilterEnabled(
 
-        timelineReaderManager.getConfig())) {
 
+    } else if (isDisplayEntityPerUserFilterEnabled(config)) {
 
       Set<TimelineEntity> userEntities = new LinkedHashSet<>();
 
       userEntities.addAll(entities);
 
       for (TimelineEntity entity : userEntities) {
 
         if (entity.getInfo() != null) {
 
           String userId =
 
               (String) entity.getInfo().get(FlowActivityEntity.USER_INFO_KEY);
 
-          if (!validateAuthUserWithEntityUser(callerUGI, userId)) {
 
+          if (!validateAuthUserWithEntityUser(timelineReaderManager, callerUGI,
 
+              userId)) {
 
             entities.remove(entity);
 
           }
 
         }
 
@@ -3422,11 +3423,16 @@ public class TimelineReaderWebServices {
 
   }
 
 
   private boolean isDisplayEntityPerUserFilterEnabled(Configuration config) {
 
-    return config
 
+    return !config
 
+        .getBoolean(YarnConfiguration.TIMELINE_SERVICE_READ_AUTH_ENABLED,
 
+            YarnConfiguration.DEFAULT_TIMELINE_SERVICE_READ_AUTH_ENABLED)
 
+        && config
 
         .getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false);
 
   }
 
 
-  private boolean validateAuthUserWithEntityUser(UserGroupInformation ugi,
 
+  // TODO to be removed/modified once ACL story has played
 
+  private boolean validateAuthUserWithEntityUser(
 
+      TimelineReaderManager readerManager, UserGroupInformation ugi,
 
       String entityUser) {
 
     String authUser = TimelineReaderWebServicesUtils.getUserName(ugi);
 
     String requestedUser = TimelineReaderWebServicesUtils.parseStr(entityUser);
 
@@ -3434,6 +3440,6 @@ public class TimelineReaderWebServices {
 
       LOG.debug(
 
           "Authenticated User: " + authUser + " Requested User:" + entityUser);
 
     }
 
-    return authUser.equals(requestedUser);
 
+    return (readerManager.checkAccess(ugi) || authUser.equals(requestedUser));
 
   }
 
 }