hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@apache.org
Subject [02/50] [abbrv] hadoop git commit: YARN-8630. ATSv2 REST APIs should honor filter-entity-list-by-user in non-secure cluster when ACls are enabled. Contributed by Rohith Sharma K S.
Date Tue, 18 Sep 2018 02:05:38 GMT
YARN-8630. ATSv2 REST APIs should honor filter-entity-list-by-user in non-secure cluster when
ACls are enabled. Contributed by Rohith Sharma K S.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f4bda5e8
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f4bda5e8
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f4bda5e8

Branch: refs/heads/HDFS-12943
Commit: f4bda5e8e9fee6c5a0dda7c79ef14e73aec20e7e
Parents: e084627
Author: Sunil G <sunilg@apache.org>
Authored: Thu Sep 13 17:47:02 2018 +0530
Committer: Sunil G <sunilg@apache.org>
Committed: Thu Sep 13 17:47:21 2018 +0530

----------------------------------------------------------------------
 .../reader/TimelineReaderWebServices.java                |  4 ++--
 .../reader/TestTimelineReaderWebServicesBasicAcl.java    | 11 ++++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/f4bda5e8/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
index b10b705..3a4ea2e 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
@@ -3532,9 +3532,9 @@ public class TimelineReaderWebServices {
   static boolean checkAccess(TimelineReaderManager readerManager,
       UserGroupInformation ugi, String entityUser) {
     if (isDisplayEntityPerUserFilterEnabled(readerManager.getConfig())) {
-      if (ugi != null && !validateAuthUserWithEntityUser(readerManager, ugi,
+      if (!validateAuthUserWithEntityUser(readerManager, ugi,
           entityUser)) {
-        String userName = ugi.getShortUserName();
+        String userName = ugi == null ? null : ugi.getShortUserName();
         String msg = "User " + userName
             + " is not allowed to read TimelineService V2 data.";
         throw new ForbiddenException(msg);

http://git-wip-us.apache.org/repos/asf/hadoop/blob/f4bda5e8/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
index 6651457..6ad4427 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
@@ -88,9 +88,14 @@ public class TestTimelineReaderWebServicesBasicAcl {
     Assert.assertFalse(TimelineReaderWebServices
         .validateAuthUserWithEntityUser(manager, null, user1));
 
-    // true because ugi is null
-    Assert.assertTrue(
-        TimelineReaderWebServices.checkAccess(manager, null, user1));
+    // false because ugi is null in non-secure cluster. User must pass
+    // ?user.name as query params in REST end points.
+    try {
+      TimelineReaderWebServices.checkAccess(manager, null, user1);
+      Assert.fail("user1Ugi is not allowed to view user1");
+    } catch (ForbiddenException e) {
+      // expected
+    }
 
     // incoming ugi is admin asking for entity owner user1
     Assert.assertTrue(


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message