More YARN pages need to honor yarn.resourcemanager.display.per-user-apps(addendum). Contributed by Sunil G.
(cherry picked from commit 8261f9e571
)
This commit is contained in:
parent
fdacc8a088
commit
f7d0ca71ac
|
@ -24,12 +24,14 @@ import java.util.Set;
|
||||||
import org.apache.hadoop.classification.InterfaceAudience.Private;
|
import org.apache.hadoop.classification.InterfaceAudience.Private;
|
||||||
import org.apache.hadoop.classification.InterfaceStability.Unstable;
|
import org.apache.hadoop.classification.InterfaceStability.Unstable;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.service.AbstractService;
|
import org.apache.hadoop.service.AbstractService;
|
||||||
import org.apache.hadoop.yarn.api.records.timelineservice.FlowActivityEntity;
|
import org.apache.hadoop.yarn.api.records.timelineservice.FlowActivityEntity;
|
||||||
import org.apache.hadoop.yarn.api.records.timelineservice.FlowRunEntity;
|
import org.apache.hadoop.yarn.api.records.timelineservice.FlowRunEntity;
|
||||||
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity;
|
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity;
|
||||||
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntityType;
|
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntityType;
|
||||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||||
|
import org.apache.hadoop.yarn.security.AdminACLsManager;
|
||||||
import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
|
import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -42,12 +44,19 @@ import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
|
||||||
public class TimelineReaderManager extends AbstractService {
|
public class TimelineReaderManager extends AbstractService {
|
||||||
|
|
||||||
private TimelineReader reader;
|
private TimelineReader reader;
|
||||||
|
private AdminACLsManager adminACLsManager;
|
||||||
|
|
||||||
public TimelineReaderManager(TimelineReader timelineReader) {
|
public TimelineReaderManager(TimelineReader timelineReader) {
|
||||||
super(TimelineReaderManager.class.getName());
|
super(TimelineReaderManager.class.getName());
|
||||||
this.reader = timelineReader;
|
this.reader = timelineReader;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void serviceInit(Configuration conf) throws Exception {
|
||||||
|
// TODO Once ACLS story is played, this need to be removed or modified.
|
||||||
|
this.adminACLsManager = new AdminACLsManager(conf);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets cluster ID from config yarn.resourcemanager.cluster-id
|
* Gets cluster ID from config yarn.resourcemanager.cluster-id
|
||||||
* if not supplied by client.
|
* if not supplied by client.
|
||||||
|
@ -198,4 +207,16 @@ public class TimelineReaderManager extends AbstractService {
|
||||||
context.setClusterId(getClusterID(context.getClusterId(), getConfig()));
|
context.setClusterId(getClusterID(context.getClusterId(), getConfig()));
|
||||||
return reader.getEntityTypes(new TimelineReaderContext(context));
|
return reader.getEntityTypes(new TimelineReaderContext(context));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The API to confirm is a User is allowed to read this data.
|
||||||
|
* @param callerUGI UserGroupInformation of the user
|
||||||
|
*/
|
||||||
|
public boolean checkAccess(UserGroupInformation callerUGI) {
|
||||||
|
// TODO to be removed or modified once ACL story is played
|
||||||
|
if (!adminACLsManager.areACLsEnabled()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return callerUGI != null && adminACLsManager.isAdmin(callerUGI);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1435,6 +1435,7 @@ public class TimelineReaderWebServices {
|
||||||
long startTime = Time.monotonicNow();
|
long startTime = Time.monotonicNow();
|
||||||
init(res);
|
init(res);
|
||||||
TimelineReaderManager timelineReaderManager = getTimelineReaderManager();
|
TimelineReaderManager timelineReaderManager = getTimelineReaderManager();
|
||||||
|
Configuration config = timelineReaderManager.getConfig();
|
||||||
Set<TimelineEntity> entities = null;
|
Set<TimelineEntity> entities = null;
|
||||||
try {
|
try {
|
||||||
DateRange range = parseDateRange(dateRange);
|
DateRange range = parseDateRange(dateRange);
|
||||||
|
@ -1454,15 +1455,15 @@ public class TimelineReaderWebServices {
|
||||||
long endTime = Time.monotonicNow();
|
long endTime = Time.monotonicNow();
|
||||||
if (entities == null) {
|
if (entities == null) {
|
||||||
entities = Collections.emptySet();
|
entities = Collections.emptySet();
|
||||||
} else if (isDisplayEntityPerUserFilterEnabled(
|
} else if (isDisplayEntityPerUserFilterEnabled(config)) {
|
||||||
timelineReaderManager.getConfig())) {
|
|
||||||
Set<TimelineEntity> userEntities = new LinkedHashSet<>();
|
Set<TimelineEntity> userEntities = new LinkedHashSet<>();
|
||||||
userEntities.addAll(entities);
|
userEntities.addAll(entities);
|
||||||
for (TimelineEntity entity : userEntities) {
|
for (TimelineEntity entity : userEntities) {
|
||||||
if (entity.getInfo() != null) {
|
if (entity.getInfo() != null) {
|
||||||
String userId =
|
String userId =
|
||||||
(String) entity.getInfo().get(FlowActivityEntity.USER_INFO_KEY);
|
(String) entity.getInfo().get(FlowActivityEntity.USER_INFO_KEY);
|
||||||
if (!validateAuthUserWithEntityUser(callerUGI, userId)) {
|
if (!validateAuthUserWithEntityUser(timelineReaderManager, callerUGI,
|
||||||
|
userId)) {
|
||||||
entities.remove(entity);
|
entities.remove(entity);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3422,11 +3423,16 @@ public class TimelineReaderWebServices {
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isDisplayEntityPerUserFilterEnabled(Configuration config) {
|
private boolean isDisplayEntityPerUserFilterEnabled(Configuration config) {
|
||||||
return config
|
return !config
|
||||||
|
.getBoolean(YarnConfiguration.TIMELINE_SERVICE_READ_AUTH_ENABLED,
|
||||||
|
YarnConfiguration.DEFAULT_TIMELINE_SERVICE_READ_AUTH_ENABLED)
|
||||||
|
&& config
|
||||||
.getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false);
|
.getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean validateAuthUserWithEntityUser(UserGroupInformation ugi,
|
// TODO to be removed/modified once ACL story has played
|
||||||
|
private boolean validateAuthUserWithEntityUser(
|
||||||
|
TimelineReaderManager readerManager, UserGroupInformation ugi,
|
||||||
String entityUser) {
|
String entityUser) {
|
||||||
String authUser = TimelineReaderWebServicesUtils.getUserName(ugi);
|
String authUser = TimelineReaderWebServicesUtils.getUserName(ugi);
|
||||||
String requestedUser = TimelineReaderWebServicesUtils.parseStr(entityUser);
|
String requestedUser = TimelineReaderWebServicesUtils.parseStr(entityUser);
|
||||||
|
@ -3434,6 +3440,6 @@ public class TimelineReaderWebServices {
|
||||||
LOG.debug(
|
LOG.debug(
|
||||||
"Authenticated User: " + authUser + " Requested User:" + entityUser);
|
"Authenticated User: " + authUser + " Requested User:" + entityUser);
|
||||||
}
|
}
|
||||||
return authUser.equals(requestedUser);
|
return (readerManager.checkAccess(ugi) || authUser.equals(requestedUser));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue