More YARN pages need to honor yarn.resourcemanager.display.per-user-apps(addendum). Contributed by Sunil G.

(cherry picked from commit 8261f9e5710038ccbc475dbfcea3b9ae79b6f482)

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderManager.java

@@ -24,12 +24,14 @@ import java.util.Set;
 import org.apache.hadoop.classification.InterfaceAudience.Private;
 import org.apache.hadoop.classification.InterfaceStability.Unstable;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.service.AbstractService;
 import org.apache.hadoop.yarn.api.records.timelineservice.FlowActivityEntity;
 import org.apache.hadoop.yarn.api.records.timelineservice.FlowRunEntity;
 import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity;
 import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntityType;
 import org.apache.hadoop.yarn.conf.YarnConfiguration;
+import org.apache.hadoop.yarn.security.AdminACLsManager;
 import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
 
 /**
@@ -42,12 +44,19 @@ import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
 public class TimelineReaderManager extends AbstractService {
 
   private TimelineReader reader;
+  private AdminACLsManager adminACLsManager;
 
   public TimelineReaderManager(TimelineReader timelineReader) {
     super(TimelineReaderManager.class.getName());
     this.reader = timelineReader;
   }
 
+  @Override
+  protected void serviceInit(Configuration conf) throws Exception {
+    // TODO Once ACLS story is played, this need to be removed or modified.
+    this.adminACLsManager = new AdminACLsManager(conf);
+  }
+
   /**
    * Gets cluster ID from config yarn.resourcemanager.cluster-id
    * if not supplied by client.
@@ -198,4 +207,16 @@ public class TimelineReaderManager extends AbstractService {
     context.setClusterId(getClusterID(context.getClusterId(), getConfig()));
     return reader.getEntityTypes(new TimelineReaderContext(context));
   }
+
+  /**
+   * The API to confirm is a User is allowed to read this data.
+   * @param callerUGI UserGroupInformation of the user
+   */
+  public boolean checkAccess(UserGroupInformation callerUGI) {
+    // TODO to be removed or modified once ACL story is played
+    if (!adminACLsManager.areACLsEnabled()) {
+      return true;
+    }
+    return callerUGI != null && adminACLsManager.isAdmin(callerUGI);
+  }
 }

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java

@@ -1435,6 +1435,7 @@ public class TimelineReaderWebServices {
     long startTime = Time.monotonicNow();
     init(res);
     TimelineReaderManager timelineReaderManager = getTimelineReaderManager();
+    Configuration config = timelineReaderManager.getConfig();
     Set<TimelineEntity> entities = null;
     try {
       DateRange range = parseDateRange(dateRange);
@@ -1454,15 +1455,15 @@ public class TimelineReaderWebServices {
     long endTime = Time.monotonicNow();
     if (entities == null) {
       entities = Collections.emptySet();
-    } else if (isDisplayEntityPerUserFilterEnabled(
-        timelineReaderManager.getConfig())) {
+    } else if (isDisplayEntityPerUserFilterEnabled(config)) {
       Set<TimelineEntity> userEntities = new LinkedHashSet<>();
       userEntities.addAll(entities);
       for (TimelineEntity entity : userEntities) {
         if (entity.getInfo() != null) {
           String userId =
               (String) entity.getInfo().get(FlowActivityEntity.USER_INFO_KEY);
-          if (!validateAuthUserWithEntityUser(callerUGI, userId)) {
+          if (!validateAuthUserWithEntityUser(timelineReaderManager, callerUGI,
+              userId)) {
             entities.remove(entity);
           }
         }
@@ -3422,11 +3423,16 @@ public class TimelineReaderWebServices {
   }
 
   private boolean isDisplayEntityPerUserFilterEnabled(Configuration config) {
-    return config
+    return !config
+        .getBoolean(YarnConfiguration.TIMELINE_SERVICE_READ_AUTH_ENABLED,
+            YarnConfiguration.DEFAULT_TIMELINE_SERVICE_READ_AUTH_ENABLED)
+        && config
         .getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false);
   }
 
-  private boolean validateAuthUserWithEntityUser(UserGroupInformation ugi,
+  // TODO to be removed/modified once ACL story has played
+  private boolean validateAuthUserWithEntityUser(
+      TimelineReaderManager readerManager, UserGroupInformation ugi,
       String entityUser) {
     String authUser = TimelineReaderWebServicesUtils.getUserName(ugi);
     String requestedUser = TimelineReaderWebServicesUtils.parseStr(entityUser);
@@ -3434,6 +3440,6 @@ public class TimelineReaderWebServices {
       LOG.debug(
           "Authenticated User: " + authUser + " Requested User:" + entityUser);
     }
-    return authUser.equals(requestedUser);
+    return (readerManager.checkAccess(ugi) || authUser.equals(requestedUser));
   }
 }