Repository: hadoop Updated Branches: refs/heads/trunk 53e267fa7 -> fa9ef15ec
YARN-8415. TimelineWebServices.getEntity should throw ForbiddenException instead of 404 when ACL checks fail. Contributed by Suma Shivaprasad. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/fa9ef15e Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/fa9ef15e Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/fa9ef15e Branch: refs/heads/trunk Commit: fa9ef15ecd6dc30fb260e1c342a2b51505d39b6b Parents: 53e267f Author: Sunil G <sun...@apache.org> Authored: Mon Jul 2 15:34:37 2018 -0700 Committer: Sunil G <sun...@apache.org> Committed: Mon Jul 2 15:34:47 2018 -0700 ---------------------------------------------------------------------- .../yarn/server/timeline/RollingLevelDBTimelineStore.java | 6 ++++++ .../hadoop/yarn/server/timeline/TimelineDataManager.java | 7 ++++++- .../yarn/server/timeline/webapp/TimelineWebServices.java | 4 ++++ .../yarn/server/timeline/webapp/TestTimelineWebServices.java | 2 +- 4 files changed, 17 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/fa9ef15e/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/RollingLevelDBTimelineStore.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/RollingLevelDBTimelineStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/RollingLevelDBTimelineStore.java index 36b5ce8..255547b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/RollingLevelDBTimelineStore.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/RollingLevelDBTimelineStore.java @@ -413,6 +413,9 @@ public class RollingLevelDBTimelineStore extends AbstractService implements EnumSet<Field> fields) throws IOException { Long revStartTime = getStartTimeLong(entityId, entityType); if (revStartTime == null) { + if ( LOG.isDebugEnabled()) { + LOG.debug("Could not find start time for {} {} ", entityType, entityId); + } return null; } byte[] prefix = KeyBuilder.newInstance().add(entityType) @@ -421,6 +424,9 @@ public class RollingLevelDBTimelineStore extends AbstractService implements DB db = entitydb.getDBForStartTime(revStartTime); if (db == null) { + if ( LOG.isDebugEnabled()) { + LOG.debug("Could not find db for {} {} ", entityType, entityId); + } return null; } try (DBIterator iterator = db.iterator()) { http://git-wip-us.apache.org/repos/asf/hadoop/blob/fa9ef15e/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java index 56b71fa..c538196 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java @@ -219,7 +219,12 @@ public class TimelineDataManager extends AbstractService { // check ACLs if (!timelineACLsManager.checkAccess( callerUGI, ApplicationAccessType.VIEW_APP, entity)) { - entity = null; + final String user = callerUGI != null ? callerUGI.getShortUserName(): + null; + throw new YarnException( + user + " is not allowed to get the timeline entity " + + "{ id: " + entity.getEntityId() + ", type: " + + entity.getEntityType() + " }."); } } return entity; http://git-wip-us.apache.org/repos/asf/hadoop/blob/fa9ef15e/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/TimelineWebServices.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/TimelineWebServices.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/TimelineWebServices.java index be8e3c5..9423e7f 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/TimelineWebServices.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/TimelineWebServices.java @@ -162,6 +162,10 @@ public class TimelineWebServices { parseStr(entityId), parseFieldsStr(fields, ","), getUser(req)); + } catch (YarnException e) { + // The user doesn't have the access to override the existing domain. + LOG.info(e.getMessage(), e); + throw new ForbiddenException(e); } catch (IllegalArgumentException e) { throw new BadRequestException(e); } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/hadoop/blob/fa9ef15e/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java index ca78cbc..b6d2967 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java @@ -709,7 +709,7 @@ public class TestTimelineWebServices extends JerseyTestBase { .get(ClientResponse.class); assertEquals(MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, response.getType().toString()); - assertResponseStatusCode(Status.NOT_FOUND, response.getStatusInfo()); + assertResponseStatusCode(Status.FORBIDDEN, response.getStatusInfo()); } finally { timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
