From 9668a85d40a6a98514a24d5f25ab757501fe3423 Mon Sep 17 00:00:00 2001 From: curie71 <39853223+curie71@users.noreply.github.com> Date: Wed, 28 Dec 2022 07:58:53 +0800 Subject: [PATCH] YARN-11392 Audit Log missing in ClientRMService (#5250). Contributed by Beibei Zhao. Signed-off-by: Chris Nauroth --- .../resourcemanager/ClientRMService.java | 47 ++++--------------- .../server/resourcemanager/RMAuditLogger.java | 1 + 2 files changed, 11 insertions(+), 37 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java index f0bc3d67a46..6f262dc5f12 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java @@ -405,22 +405,11 @@ public class ClientRMService extends AbstractService implements throw new ApplicationNotFoundException("Invalid application id: null"); } - UserGroupInformation callerUGI; - try { - callerUGI = UserGroupInformation.getCurrentUser(); - } catch (IOException ie) { - LOG.info("Error getting UGI ", ie); - throw RPCUtil.getRemoteException(ie); - } + UserGroupInformation callerUGI = getCallerUgi(applicationId, + AuditConstants.GET_APP_REPORT); - RMApp application = this.rmContext.getRMApps().get(applicationId); - if (application == null) { - // If the RM doesn't have the application, throw - // ApplicationNotFoundException and let client to handle. - throw new ApplicationNotFoundException("Application with id '" - + applicationId + "' doesn't exist in RM. Please check " - + "that the job submission was successful."); - } + RMApp application = verifyUserAccessForRMApp(applicationId, callerUGI, + AuditConstants.GET_APP_REPORT, ApplicationAccessType.VIEW_APP, false); boolean allowAccess = checkAccess(callerUGI, application.getUser(), ApplicationAccessType.VIEW_APP, application); @@ -880,13 +869,8 @@ public class ClientRMService extends AbstractService implements @Override public GetApplicationsResponse getApplications(GetApplicationsRequest request) throws YarnException { - UserGroupInformation callerUGI; - try { - callerUGI = UserGroupInformation.getCurrentUser(); - } catch (IOException ie) { - LOG.info("Error getting UGI ", ie); - throw RPCUtil.getRemoteException(ie); - } + UserGroupInformation callerUGI = getCallerUgi(null, + AuditConstants.GET_APPLICATIONS_REQUEST); Set applicationTypes = getLowerCasedAppTypes(request); EnumSet applicationStates = @@ -1048,13 +1032,8 @@ public class ClientRMService extends AbstractService implements @Override public GetQueueInfoResponse getQueueInfo(GetQueueInfoRequest request) throws YarnException { - UserGroupInformation callerUGI; - try { - callerUGI = UserGroupInformation.getCurrentUser(); - } catch (IOException ie) { - LOG.info("Error getting UGI ", ie); - throw RPCUtil.getRemoteException(ie); - } + UserGroupInformation callerUGI = getCallerUgi(null, + AuditConstants.GET_QUEUE_INFO_REQUEST); GetQueueInfoResponse response = recordFactory.newRecordInstance(GetQueueInfoResponse.class); @@ -1720,16 +1699,10 @@ public class ClientRMService extends AbstractService implements SignalContainerRequest request) throws YarnException, IOException { ContainerId containerId = request.getContainerId(); - UserGroupInformation callerUGI; - try { - callerUGI = UserGroupInformation.getCurrentUser(); - } catch (IOException ie) { - LOG.info("Error getting UGI ", ie); - throw RPCUtil.getRemoteException(ie); - } - ApplicationId applicationId = containerId.getApplicationAttemptId(). getApplicationId(); + UserGroupInformation callerUGI = getCallerUgi(applicationId, + AuditConstants.SIGNAL_CONTAINER); RMApp application = this.rmContext.getRMApps().get(applicationId); if (application == null) { RMAuditLogger.logFailure(callerUGI.getUserName(), diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java index 854b6ca64e2..cc54d0b5861 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java @@ -57,6 +57,7 @@ public class RMAuditLogger { public static final String GET_APP_PRIORITY = "Get Application Priority"; public static final String GET_APP_QUEUE = "Get Application Queue"; public static final String GET_APP_ATTEMPTS = "Get Application Attempts"; + public static final String GET_APP_REPORT = "Get Application Report"; public static final String GET_APP_ATTEMPT_REPORT = "Get Application Attempt Report"; public static final String GET_CONTAINERS = "Get Containers";