More YARN pages need to honor yarn.resourcemanager.display.per-user-apps(addendum). Contributed by Sunil G.

(cherry picked from commit 8261f9e571)
This commit is contained in:
Rohith Sharma K S 2018-06-02 09:29:06 +05:30
parent fdacc8a088
commit f7d0ca71ac
2 changed files with 33 additions and 6 deletions

View File

@ -24,12 +24,14 @@ import java.util.Set;
import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.classification.InterfaceAudience.Private;
import org.apache.hadoop.classification.InterfaceStability.Unstable; import org.apache.hadoop.classification.InterfaceStability.Unstable;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.service.AbstractService; import org.apache.hadoop.service.AbstractService;
import org.apache.hadoop.yarn.api.records.timelineservice.FlowActivityEntity; import org.apache.hadoop.yarn.api.records.timelineservice.FlowActivityEntity;
import org.apache.hadoop.yarn.api.records.timelineservice.FlowRunEntity; import org.apache.hadoop.yarn.api.records.timelineservice.FlowRunEntity;
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity; import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity;
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntityType; import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntityType;
import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.AdminACLsManager;
import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader; import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
/** /**
@ -42,12 +44,19 @@ import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
public class TimelineReaderManager extends AbstractService { public class TimelineReaderManager extends AbstractService {
private TimelineReader reader; private TimelineReader reader;
private AdminACLsManager adminACLsManager;
public TimelineReaderManager(TimelineReader timelineReader) { public TimelineReaderManager(TimelineReader timelineReader) {
super(TimelineReaderManager.class.getName()); super(TimelineReaderManager.class.getName());
this.reader = timelineReader; this.reader = timelineReader;
} }
@Override
protected void serviceInit(Configuration conf) throws Exception {
// TODO Once ACLS story is played, this need to be removed or modified.
this.adminACLsManager = new AdminACLsManager(conf);
}
/** /**
* Gets cluster ID from config yarn.resourcemanager.cluster-id * Gets cluster ID from config yarn.resourcemanager.cluster-id
* if not supplied by client. * if not supplied by client.
@ -198,4 +207,16 @@ public class TimelineReaderManager extends AbstractService {
context.setClusterId(getClusterID(context.getClusterId(), getConfig())); context.setClusterId(getClusterID(context.getClusterId(), getConfig()));
return reader.getEntityTypes(new TimelineReaderContext(context)); return reader.getEntityTypes(new TimelineReaderContext(context));
} }
/**
* The API to confirm is a User is allowed to read this data.
* @param callerUGI UserGroupInformation of the user
*/
public boolean checkAccess(UserGroupInformation callerUGI) {
// TODO to be removed or modified once ACL story is played
if (!adminACLsManager.areACLsEnabled()) {
return true;
}
return callerUGI != null && adminACLsManager.isAdmin(callerUGI);
}
} }

View File

@ -1435,6 +1435,7 @@ public class TimelineReaderWebServices {
long startTime = Time.monotonicNow(); long startTime = Time.monotonicNow();
init(res); init(res);
TimelineReaderManager timelineReaderManager = getTimelineReaderManager(); TimelineReaderManager timelineReaderManager = getTimelineReaderManager();
Configuration config = timelineReaderManager.getConfig();
Set<TimelineEntity> entities = null; Set<TimelineEntity> entities = null;
try { try {
DateRange range = parseDateRange(dateRange); DateRange range = parseDateRange(dateRange);
@ -1454,15 +1455,15 @@ public class TimelineReaderWebServices {
long endTime = Time.monotonicNow(); long endTime = Time.monotonicNow();
if (entities == null) { if (entities == null) {
entities = Collections.emptySet(); entities = Collections.emptySet();
} else if (isDisplayEntityPerUserFilterEnabled( } else if (isDisplayEntityPerUserFilterEnabled(config)) {
timelineReaderManager.getConfig())) {
Set<TimelineEntity> userEntities = new LinkedHashSet<>(); Set<TimelineEntity> userEntities = new LinkedHashSet<>();
userEntities.addAll(entities); userEntities.addAll(entities);
for (TimelineEntity entity : userEntities) { for (TimelineEntity entity : userEntities) {
if (entity.getInfo() != null) { if (entity.getInfo() != null) {
String userId = String userId =
(String) entity.getInfo().get(FlowActivityEntity.USER_INFO_KEY); (String) entity.getInfo().get(FlowActivityEntity.USER_INFO_KEY);
if (!validateAuthUserWithEntityUser(callerUGI, userId)) { if (!validateAuthUserWithEntityUser(timelineReaderManager, callerUGI,
userId)) {
entities.remove(entity); entities.remove(entity);
} }
} }
@ -3422,11 +3423,16 @@ public class TimelineReaderWebServices {
} }
private boolean isDisplayEntityPerUserFilterEnabled(Configuration config) { private boolean isDisplayEntityPerUserFilterEnabled(Configuration config) {
return config return !config
.getBoolean(YarnConfiguration.TIMELINE_SERVICE_READ_AUTH_ENABLED,
YarnConfiguration.DEFAULT_TIMELINE_SERVICE_READ_AUTH_ENABLED)
&& config
.getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false); .getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false);
} }
private boolean validateAuthUserWithEntityUser(UserGroupInformation ugi, // TODO to be removed/modified once ACL story has played
private boolean validateAuthUserWithEntityUser(
TimelineReaderManager readerManager, UserGroupInformation ugi,
String entityUser) { String entityUser) {
String authUser = TimelineReaderWebServicesUtils.getUserName(ugi); String authUser = TimelineReaderWebServicesUtils.getUserName(ugi);
String requestedUser = TimelineReaderWebServicesUtils.parseStr(entityUser); String requestedUser = TimelineReaderWebServicesUtils.parseStr(entityUser);
@ -3434,6 +3440,6 @@ public class TimelineReaderWebServices {
LOG.debug( LOG.debug(
"Authenticated User: " + authUser + " Requested User:" + entityUser); "Authenticated User: " + authUser + " Requested User:" + entityUser);
} }
return authUser.equals(requestedUser); return (readerManager.checkAccess(ugi) || authUser.equals(requestedUser));
} }
} }