svn merge -c 1302980 from trunk to branch 0.23.2 FIXES MAPREDUCE-4034. Unable to view task logs on history server with mapreduce.job.acl-view-job=* (Jason Lowe and Siddarth Seth via bobby)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.23.2@1302983 13f79535-47bb-0310-9956-ffa450edef68

hadoop-mapreduce-project/CHANGES.txt

@@ -34,9 +34,12 @@ Release 0.23.2 - UNRELEASED
     MAPREDUCE-3954. Added new envs to separate heap size for different daemons
     started via bin scripts. (Robert Joseph Evans via vinodkv)
 
-    MAPREDUCE-4025.  AM can crash if task attempt reports bogus progress value
+    MAPREDUCE-4025. AM can crash if task attempt reports bogus progress value
     (Jason Lowe via bobby)
 
+    MAPREDUCE-4034. Unable to view task logs on history server with
+    mapreduce.job.acl-view-job=* (Jason Lowe and Siddarth Seth via bobby)
+
   OPTIMIZATIONS
 
     MAPREDUCE-3901. Modified JobHistory records in YARN to lazily load job and

hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ApplicationMasterService.java

@@ -183,7 +183,8 @@ public class ApplicationMasterService extends AbstractService implements
           new RMAppAttemptRegistrationEvent(applicationAttemptId, request
               .getHost(), request.getRpcPort(), request.getTrackingUrl()));
 
-      RMAuditLogger.logSuccess(this.rmContext.getRMApps().get(appID).getUser(),
+      RMApp app = this.rmContext.getRMApps().get(appID);
+      RMAuditLogger.logSuccess(app.getUser(),
           AuditConstants.REGISTER_AM, "ApplicationMasterService", appID,
           applicationAttemptId);
 
@@ -194,6 +195,8 @@ public class ApplicationMasterService extends AbstractService implements
           .getMinimumResourceCapability());
       response.setMaximumResourceCapability(rScheduler
           .getMaximumResourceCapability());
+      response.setApplicationACLs(app.getRMAppAttempt(applicationAttemptId)
+          .getSubmissionContext().getAMContainerSpec().getApplicationACLs());
       return response;
     }
   }

hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java

@@ -18,6 +18,8 @@
 
 package org.apache.hadoop.yarn.server.resourcemanager;
 
+import java.util.Map;
+
 import junit.framework.Assert;
 
 import org.apache.hadoop.conf.Configuration;
@@ -26,6 +28,7 @@ import org.apache.hadoop.yarn.api.protocolrecords.KillApplicationRequest;
 import org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationRequest;
 import org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationResponse;
 import org.apache.hadoop.yarn.api.protocolrecords.SubmitApplicationRequest;
+import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
 import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
 import org.apache.hadoop.yarn.api.records.ApplicationId;
 import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
@@ -93,6 +96,11 @@ public class MockRM extends ResourceManager {
 
   // client
   public RMApp submitApp(int masterMemory, String name, String user) throws Exception {
+    return submitApp(masterMemory, name, user, null);
+  }
+
+  public RMApp submitApp(int masterMemory, String name, String user,
+      Map<ApplicationAccessType, String> acls) throws Exception {
     ClientRMProtocol client = getClientRMService();
     GetNewApplicationResponse resp = client.getNewApplication(Records
         .newRecord(GetNewApplicationRequest.class));
@@ -110,6 +118,7 @@ public class MockRM extends ResourceManager {
     Resource capability = Records.newRecord(Resource.class);
     capability.setMemory(masterMemory);
     clc.setResource(capability);
+    clc.setApplicationACLs(acls);
     sub.setAMContainerSpec(clc);
     req.setApplicationSubmissionContext(sub);
 

hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAMAuthorization.java

@@ -20,6 +20,7 @@ package org.apache.hadoop.yarn.server.resourcemanager;
 
 import java.io.IOException;
 import java.security.PrivilegedAction;
+import java.util.HashMap;
 import java.util.Map;
 
 import org.apache.commons.logging.Log;
@@ -36,10 +37,12 @@ import org.apache.hadoop.yarn.api.ContainerManager;
 import org.apache.hadoop.yarn.api.protocolrecords.GetContainerStatusRequest;
 import org.apache.hadoop.yarn.api.protocolrecords.GetContainerStatusResponse;
 import org.apache.hadoop.yarn.api.protocolrecords.RegisterApplicationMasterRequest;
+import org.apache.hadoop.yarn.api.protocolrecords.RegisterApplicationMasterResponse;
 import org.apache.hadoop.yarn.api.protocolrecords.StartContainerRequest;
 import org.apache.hadoop.yarn.api.protocolrecords.StartContainerResponse;
 import org.apache.hadoop.yarn.api.protocolrecords.StopContainerRequest;
 import org.apache.hadoop.yarn.api.protocolrecords.StopContainerResponse;
+import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
 import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
 import org.apache.hadoop.yarn.conf.YarnConfiguration;
 import org.apache.hadoop.yarn.exceptions.YarnRemoteException;
@@ -121,7 +124,10 @@ public class TestAMAuthorization {
 
     MockNM nm1 = rm.registerNode("localhost:1234", 5120);
 
-    RMApp app = rm.submitApp(1024);
+    Map<ApplicationAccessType, String> acls =
+        new HashMap<ApplicationAccessType, String>(2);
+    acls.put(ApplicationAccessType.VIEW_APP, "*");
+    RMApp app = rm.submitApp(1024, "appname", "appuser", acls);
 
     nm1.nodeHeartbeat(true);
 
@@ -164,7 +170,10 @@ public class TestAMAuthorization {
     RegisterApplicationMasterRequest request = Records
         .newRecord(RegisterApplicationMasterRequest.class);
     request.setApplicationAttemptId(applicationAttemptId);
-    client.registerApplicationMaster(request);
+    RegisterApplicationMasterResponse response =
+        client.registerApplicationMaster(request);
+    Assert.assertEquals("Register response has bad ACLs", "*",
+        response.getApplicationACLs().get(ApplicationAccessType.VIEW_APP));
 
     rm.stop();
   }