YARN-6991. "Kill application" button does not show error if other user tries to kill the application for secure cluster. (Suma Shivaprasad via wangda)
Change-Id: I7e7894b24609709f89064ee5882f055dbb09080b Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/263e2c69 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/263e2c69 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/263e2c69 Branch: refs/heads/YARN-6592 Commit: 263e2c692a4b0013766cd1f6b6d7ed674b2b1040 Parents: b9e423f Author: Wangda Tan <wan...@apache.org> Authored: Thu Sep 21 12:00:53 2017 -0700 Committer: Wangda Tan <wan...@apache.org> Committed: Thu Sep 21 12:00:53 2017 -0700 ---------------------------------------------------------------------- .../hadoop/yarn/server/webapp/AppBlock.java | 44 +++++++++++--------- 1 file changed, 24 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/263e2c69/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java index 08e75ac..b429b5d 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java @@ -137,6 +137,30 @@ public class AppBlock extends HtmlBlock { setTitle(join("Application ", aid)); + //Validate if able to read application attempts + // which should also validate if kill is allowed for the user based on ACLs + + Collection<ApplicationAttemptReport> attempts; + try { + final GetApplicationAttemptsRequest request = + GetApplicationAttemptsRequest.newInstance(appID); + attempts = callerUGI.doAs( + new PrivilegedExceptionAction<Collection< + ApplicationAttemptReport>>() { + @Override + public Collection<ApplicationAttemptReport> run() throws Exception { + return getApplicationAttemptsReport(request); + } + }); + } catch (Exception e) { + String message = + "Failed to read the attempts of the application " + appID + "."; + LOG.error(message, e); + html.p().__(message).__(); + return; + } + + // YARN-6890. for secured cluster allow anonymous UI access, application kill // shouldn't be there. boolean unsecuredUIForSecuredCluster = UserGroupInformation.isSecurityEnabled() @@ -183,26 +207,6 @@ public class AppBlock extends HtmlBlock { generateOverviewTable(app, schedulerPath, webUiType, appReport); - Collection<ApplicationAttemptReport> attempts; - try { - final GetApplicationAttemptsRequest request = - GetApplicationAttemptsRequest.newInstance(appID); - attempts = callerUGI.doAs( - new PrivilegedExceptionAction<Collection< - ApplicationAttemptReport>>() { - @Override - public Collection<ApplicationAttemptReport> run() throws Exception { - return getApplicationAttemptsReport(request); - } - }); - } catch (Exception e) { - String message = - "Failed to read the attempts of the application " + appID + "."; - LOG.error(message, e); - html.p().__(message).__(); - return; - } - createApplicationMetricsTable(html); html.__(InfoBlock.class); --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org