More YARN pages need to honor yarn.resourcemanager.display.per-user-apps(addendum). Contributed by Sunil G.

(cherry picked from commit 8261f9e571)
This commit is contained in:
Rohith Sharma K S 2018-06-02 09:29:06 +05:30
parent fdacc8a088
commit f7d0ca71ac
2 changed files with 33 additions and 6 deletions

View File

@ -24,12 +24,14 @@ import java.util.Set;
import org.apache.hadoop.classification.InterfaceAudience.Private;
import org.apache.hadoop.classification.InterfaceStability.Unstable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.service.AbstractService;
import org.apache.hadoop.yarn.api.records.timelineservice.FlowActivityEntity;
import org.apache.hadoop.yarn.api.records.timelineservice.FlowRunEntity;
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity;
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntityType;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.AdminACLsManager;
import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
/**
@ -42,12 +44,19 @@ import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
public class TimelineReaderManager extends AbstractService {
private TimelineReader reader;
private AdminACLsManager adminACLsManager;
public TimelineReaderManager(TimelineReader timelineReader) {
super(TimelineReaderManager.class.getName());
this.reader = timelineReader;
}
@Override
protected void serviceInit(Configuration conf) throws Exception {
// TODO Once ACLS story is played, this need to be removed or modified.
this.adminACLsManager = new AdminACLsManager(conf);
}
/**
* Gets cluster ID from config yarn.resourcemanager.cluster-id
* if not supplied by client.
@ -198,4 +207,16 @@ public class TimelineReaderManager extends AbstractService {
context.setClusterId(getClusterID(context.getClusterId(), getConfig()));
return reader.getEntityTypes(new TimelineReaderContext(context));
}
/**
* The API to confirm is a User is allowed to read this data.
* @param callerUGI UserGroupInformation of the user
*/
public boolean checkAccess(UserGroupInformation callerUGI) {
// TODO to be removed or modified once ACL story is played
if (!adminACLsManager.areACLsEnabled()) {
return true;
}
return callerUGI != null && adminACLsManager.isAdmin(callerUGI);
}
}

View File

@ -1435,6 +1435,7 @@ public class TimelineReaderWebServices {
long startTime = Time.monotonicNow();
init(res);
TimelineReaderManager timelineReaderManager = getTimelineReaderManager();
Configuration config = timelineReaderManager.getConfig();
Set<TimelineEntity> entities = null;
try {
DateRange range = parseDateRange(dateRange);
@ -1454,15 +1455,15 @@ public class TimelineReaderWebServices {
long endTime = Time.monotonicNow();
if (entities == null) {
entities = Collections.emptySet();
} else if (isDisplayEntityPerUserFilterEnabled(
timelineReaderManager.getConfig())) {
} else if (isDisplayEntityPerUserFilterEnabled(config)) {
Set<TimelineEntity> userEntities = new LinkedHashSet<>();
userEntities.addAll(entities);
for (TimelineEntity entity : userEntities) {
if (entity.getInfo() != null) {
String userId =
(String) entity.getInfo().get(FlowActivityEntity.USER_INFO_KEY);
if (!validateAuthUserWithEntityUser(callerUGI, userId)) {
if (!validateAuthUserWithEntityUser(timelineReaderManager, callerUGI,
userId)) {
entities.remove(entity);
}
}
@ -3422,11 +3423,16 @@ public class TimelineReaderWebServices {
}
private boolean isDisplayEntityPerUserFilterEnabled(Configuration config) {
return config
return !config
.getBoolean(YarnConfiguration.TIMELINE_SERVICE_READ_AUTH_ENABLED,
YarnConfiguration.DEFAULT_TIMELINE_SERVICE_READ_AUTH_ENABLED)
&& config
.getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false);
}
private boolean validateAuthUserWithEntityUser(UserGroupInformation ugi,
// TODO to be removed/modified once ACL story has played
private boolean validateAuthUserWithEntityUser(
TimelineReaderManager readerManager, UserGroupInformation ugi,
String entityUser) {
String authUser = TimelineReaderWebServicesUtils.getUserName(ugi);
String requestedUser = TimelineReaderWebServicesUtils.parseStr(entityUser);
@ -3434,6 +3440,6 @@ public class TimelineReaderWebServices {
LOG.debug(
"Authenticated User: " + authUser + " Requested User:" + entityUser);
}
return authUser.equals(requestedUser);
return (readerManager.checkAccess(ugi) || authUser.equals(requestedUser));
}
}