architgyl commented on code in PR #22509: URL: https://github.com/apache/flink/pull/22509#discussion_r1184308688
########## flink-yarn/src/main/java/org/apache/flink/yarn/Utils.java: ########## @@ -620,4 +623,30 @@ public static YarnConfiguration getYarnConfiguration( return yarnConfig; } + + /** + * Sets the application ACLs for the given ContainerLaunchContext based on the values specified + * in the given Flink configuration. Only ApplicationAccessType.VIEW_APP and + * ApplicationAccessType.MODIFY_APP ACLs are set, and only if they are configured in the Flink + * configuration. + * + * @param amContainer the ContainerLaunchContext to set the ACLs for + * @param flinkConfig the Flink configuration to read the ACL values from + */ + public static void setAclsFor( + ContainerLaunchContext amContainer, + org.apache.flink.configuration.Configuration flinkConfig) { + Map<ApplicationAccessType, String> acls = new HashMap<>(); + String viewAcls = flinkConfig.getString(YarnConfigOptions.APPLICATION_VIEW_ACLS, null); + String modifyAcls = flinkConfig.getString(YarnConfigOptions.APPLICATION_MODIFY_ACLS, null); + if (viewAcls != null) { + acls.put(ApplicationAccessType.VIEW_APP, viewAcls); + } + if (modifyAcls != null) { + acls.put(ApplicationAccessType.MODIFY_APP, modifyAcls); + } Review Comment: User who is running the Flink application will always have the right to view the logs and kill the application irrespective of the `yarn.view.acls` and `yarn.modify.acls` values. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org