More YARN pages need to honor yarn.resourcemanager.display.per-user-apps(addendum). Contributed by Sunil G.
This commit is contained in:
parent
d5e69d8994
commit
8261f9e571
|
@ -24,12 +24,14 @@ import java.util.Set;
|
|||
import org.apache.hadoop.classification.InterfaceAudience.Private;
|
||||
import org.apache.hadoop.classification.InterfaceStability.Unstable;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.service.AbstractService;
|
||||
import org.apache.hadoop.yarn.api.records.timelineservice.FlowActivityEntity;
|
||||
import org.apache.hadoop.yarn.api.records.timelineservice.FlowRunEntity;
|
||||
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity;
|
||||
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntityType;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.security.AdminACLsManager;
|
||||
import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
|
||||
|
||||
/**
|
||||
|
@ -42,12 +44,19 @@ import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
|
|||
public class TimelineReaderManager extends AbstractService {
|
||||
|
||||
private TimelineReader reader;
|
||||
private AdminACLsManager adminACLsManager;
|
||||
|
||||
public TimelineReaderManager(TimelineReader timelineReader) {
|
||||
super(TimelineReaderManager.class.getName());
|
||||
this.reader = timelineReader;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void serviceInit(Configuration conf) throws Exception {
|
||||
// TODO Once ACLS story is played, this need to be removed or modified.
|
||||
this.adminACLsManager = new AdminACLsManager(conf);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets cluster ID from config yarn.resourcemanager.cluster-id
|
||||
* if not supplied by client.
|
||||
|
@ -198,4 +207,16 @@ public class TimelineReaderManager extends AbstractService {
|
|||
context.setClusterId(getClusterID(context.getClusterId(), getConfig()));
|
||||
return reader.getEntityTypes(new TimelineReaderContext(context));
|
||||
}
|
||||
|
||||
/**
|
||||
* The API to confirm is a User is allowed to read this data.
|
||||
* @param callerUGI UserGroupInformation of the user
|
||||
*/
|
||||
public boolean checkAccess(UserGroupInformation callerUGI) {
|
||||
// TODO to be removed or modified once ACL story is played
|
||||
if (!adminACLsManager.areACLsEnabled()) {
|
||||
return true;
|
||||
}
|
||||
return callerUGI != null && adminACLsManager.isAdmin(callerUGI);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1435,6 +1435,7 @@ public class TimelineReaderWebServices {
|
|||
long startTime = Time.monotonicNow();
|
||||
init(res);
|
||||
TimelineReaderManager timelineReaderManager = getTimelineReaderManager();
|
||||
Configuration config = timelineReaderManager.getConfig();
|
||||
Set<TimelineEntity> entities = null;
|
||||
try {
|
||||
DateRange range = parseDateRange(dateRange);
|
||||
|
@ -1454,15 +1455,15 @@ public class TimelineReaderWebServices {
|
|||
long endTime = Time.monotonicNow();
|
||||
if (entities == null) {
|
||||
entities = Collections.emptySet();
|
||||
} else if (isDisplayEntityPerUserFilterEnabled(
|
||||
timelineReaderManager.getConfig())) {
|
||||
} else if (isDisplayEntityPerUserFilterEnabled(config)) {
|
||||
Set<TimelineEntity> userEntities = new LinkedHashSet<>();
|
||||
userEntities.addAll(entities);
|
||||
for (TimelineEntity entity : userEntities) {
|
||||
if (entity.getInfo() != null) {
|
||||
String userId =
|
||||
(String) entity.getInfo().get(FlowActivityEntity.USER_INFO_KEY);
|
||||
if (!validateAuthUserWithEntityUser(callerUGI, userId)) {
|
||||
if (!validateAuthUserWithEntityUser(timelineReaderManager, callerUGI,
|
||||
userId)) {
|
||||
entities.remove(entity);
|
||||
}
|
||||
}
|
||||
|
@ -3422,11 +3423,16 @@ public class TimelineReaderWebServices {
|
|||
}
|
||||
|
||||
private boolean isDisplayEntityPerUserFilterEnabled(Configuration config) {
|
||||
return config
|
||||
return !config
|
||||
.getBoolean(YarnConfiguration.TIMELINE_SERVICE_READ_AUTH_ENABLED,
|
||||
YarnConfiguration.DEFAULT_TIMELINE_SERVICE_READ_AUTH_ENABLED)
|
||||
&& config
|
||||
.getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false);
|
||||
}
|
||||
|
||||
private boolean validateAuthUserWithEntityUser(UserGroupInformation ugi,
|
||||
// TODO to be removed/modified once ACL story has played
|
||||
private boolean validateAuthUserWithEntityUser(
|
||||
TimelineReaderManager readerManager, UserGroupInformation ugi,
|
||||
String entityUser) {
|
||||
String authUser = TimelineReaderWebServicesUtils.getUserName(ugi);
|
||||
String requestedUser = TimelineReaderWebServicesUtils.parseStr(entityUser);
|
||||
|
@ -3434,6 +3440,6 @@ public class TimelineReaderWebServices {
|
|||
LOG.debug(
|
||||
"Authenticated User: " + authUser + " Requested User:" + entityUser);
|
||||
}
|
||||
return authUser.equals(requestedUser);
|
||||
return (readerManager.checkAccess(ugi) || authUser.equals(requestedUser));
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue