[
https://issues.apache.org/jira/browse/YARN-5554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15715560#comment-15715560
]
Wilfred Spiegelenburg commented on YARN-5554:
---------------------------------------------
bq." doesn't have permissions submit to target queue: " is missing a "to"
before the "submit."
fixed the typo
bq. In QueueACLsManager.checkAccess(), I don't see why you need to do the
scheduler-dependent if. Can't you just call checkAccess() in all cases?
The capacity scheduler part is a copy of the checkAccess() that is already
there. The change to not use the checkAccess() of the scheduler for the
capacity scheduler was made as part of YARN-4571. Bringing the FairScheduler
and the CapacityScheduler in sync is more work than we can just push into this
jira. I think it is better to open a follow up jira to refactor this and bring
the two schedulers in sync again. Let me know if you agree with that approach.
bq. In your tests, I would feel better if you tested that the app is in the
right queue after the successful moves.
Because of the way the tests are mocked up the current tests can not do that.
We create a ClientRMService which does not have a scheduler or an application
manager. The test are focussed on the ACL managers and making sure that they
stop the move in the service. We can extend the tests to do the app checks but
that would introduce scheduler specific testing into the client service.
bq. Note that your use of a lambda in
createClientRMServiceForMoveApplicationRequest() means this patch can only go
into trunk.
oops did not think about that. I'll have rewritten the tests to remove the
lambda. I now really appreciate the simplicity of using a lambda ;-)
> MoveApplicationAcrossQueues does not check user permission on the target queue
> ------------------------------------------------------------------------------
>
> Key: YARN-5554
> URL: https://issues.apache.org/jira/browse/YARN-5554
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.7.2
> Reporter: Haibo Chen
> Assignee: Wilfred Spiegelenburg
> Labels: oct16-medium
> Attachments: YARN-5554.2.patch, YARN-5554.3.patch, YARN-5554.4.patch,
> YARN-5554.5.patch, YARN-5554.6.patch, YARN-5554.7.patch, YARN-5554.8.patch,
> YARN-5554.9.patch
>
>
> moveApplicationAcrossQueues operation currently does not check user
> permission on the target queue. This incorrectly allows one user to move
> his/her own applications to a queue that the user has no access to
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
