Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

YARN-11392 Audit Log missing in ClientRMService (#5250). Contributed by Beibei Zhao. 

Signed-off-by: Chris Nauroth <cnauroth@apache.org>
This commit is contained in:
curie71 2022-12-28 07:58:53 +08:00 committed by GitHub
parent d25c1be517
commit 9668a85d40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
View File

@ -405,22 +405,11 @@ public class ClientRMService extends AbstractService implements
throw new ApplicationNotFoundException("Invalid application id: null"); throw new ApplicationNotFoundException("Invalid application id: null");
} }
UserGroupInformation callerUGI; UserGroupInformation callerUGI = getCallerUgi(applicationId,
try { AuditConstants.GET_APP_REPORT);
callerUGI = UserGroupInformation.getCurrentUser();
} catch (IOException ie) {
LOG.info("Error getting UGI ", ie);
throw RPCUtil.getRemoteException(ie);
}
RMApp application = this.rmContext.getRMApps().get(applicationId); RMApp application = verifyUserAccessForRMApp(applicationId, callerUGI,
if (application == null) { AuditConstants.GET_APP_REPORT, ApplicationAccessType.VIEW_APP, false);
// If the RM doesn't have the application, throw
// ApplicationNotFoundException and let client to handle.
throw new ApplicationNotFoundException("Application with id '"
+ applicationId + "' doesn't exist in RM. Please check "
+ "that the job submission was successful.");
}
boolean allowAccess = checkAccess(callerUGI, application.getUser(), boolean allowAccess = checkAccess(callerUGI, application.getUser(),
ApplicationAccessType.VIEW_APP, application); ApplicationAccessType.VIEW_APP, application);
@ -880,13 +869,8 @@ public class ClientRMService extends AbstractService implements
@Override @Override
public GetApplicationsResponse getApplications(GetApplicationsRequest request) public GetApplicationsResponse getApplications(GetApplicationsRequest request)
throws YarnException { throws YarnException {
UserGroupInformation callerUGI; UserGroupInformation callerUGI = getCallerUgi(null,
try { AuditConstants.GET_APPLICATIONS_REQUEST);
callerUGI = UserGroupInformation.getCurrentUser();
} catch (IOException ie) {
LOG.info("Error getting UGI ", ie);
throw RPCUtil.getRemoteException(ie);
}
Set<String> applicationTypes = getLowerCasedAppTypes(request); Set<String> applicationTypes = getLowerCasedAppTypes(request);
EnumSet<YarnApplicationState> applicationStates = EnumSet<YarnApplicationState> applicationStates =
@ -1048,13 +1032,8 @@ public class ClientRMService extends AbstractService implements
@Override @Override
public GetQueueInfoResponse getQueueInfo(GetQueueInfoRequest request) public GetQueueInfoResponse getQueueInfo(GetQueueInfoRequest request)
throws YarnException { throws YarnException {
UserGroupInformation callerUGI; UserGroupInformation callerUGI = getCallerUgi(null,
try { AuditConstants.GET_QUEUE_INFO_REQUEST);
callerUGI = UserGroupInformation.getCurrentUser();
} catch (IOException ie) {
LOG.info("Error getting UGI ", ie);
throw RPCUtil.getRemoteException(ie);
}
GetQueueInfoResponse response = GetQueueInfoResponse response =
recordFactory.newRecordInstance(GetQueueInfoResponse.class); recordFactory.newRecordInstance(GetQueueInfoResponse.class);
@ -1720,16 +1699,10 @@ public class ClientRMService extends AbstractService implements
SignalContainerRequest request) throws YarnException, IOException { SignalContainerRequest request) throws YarnException, IOException {
ContainerId containerId = request.getContainerId(); ContainerId containerId = request.getContainerId();
UserGroupInformation callerUGI;
try {
callerUGI = UserGroupInformation.getCurrentUser();
} catch (IOException ie) {
LOG.info("Error getting UGI ", ie);
throw RPCUtil.getRemoteException(ie);
}
ApplicationId applicationId = containerId.getApplicationAttemptId(). ApplicationId applicationId = containerId.getApplicationAttemptId().
getApplicationId(); getApplicationId();
UserGroupInformation callerUGI = getCallerUgi(applicationId,
AuditConstants.SIGNAL_CONTAINER);
RMApp application = this.rmContext.getRMApps().get(applicationId); RMApp application = this.rmContext.getRMApps().get(applicationId);
if (application == null) { if (application == null) {
RMAuditLogger.logFailure(callerUGI.getUserName(), RMAuditLogger.logFailure(callerUGI.getUserName(),

1
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java
View File

@ -57,6 +57,7 @@ public class RMAuditLogger {
public static final String GET_APP_PRIORITY = "Get Application Priority"; public static final String GET_APP_PRIORITY = "Get Application Priority";
public static final String GET_APP_QUEUE = "Get Application Queue"; public static final String GET_APP_QUEUE = "Get Application Queue";
public static final String GET_APP_ATTEMPTS = "Get Application Attempts"; public static final String GET_APP_ATTEMPTS = "Get Application Attempts";
public static final String GET_APP_REPORT = "Get Application Report";
public static final String GET_APP_ATTEMPT_REPORT public static final String GET_APP_ATTEMPT_REPORT
= "Get Application Attempt Report"; = "Get Application Attempt Report";
public static final String GET_CONTAINERS = "Get Containers"; public static final String GET_CONTAINERS = "Get Containers";