[
https://issues.apache.org/jira/browse/YARN-5554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15803665#comment-15803665
]
Wilfred Spiegelenburg commented on YARN-5554:
---------------------------------------------
bq. In testMoveApplicationSubmitTargetQueue() and
testMoveApplicationAdminTargetQueue(), would it make sense to test that the
moves that are supposed to work do actually work?
The application object itself is hidden and mocked up as an object. The testing
from this side is purely for the ACL checks and enforcement. The application
object that would be changed is not reachable from the {{ClientRMService}} at
all. It would require a lot of changes that test underlying the underlying code
base more than the client service.
Now that I think about it: we might even be able to make this far simpler if we
move things around. Now that we have the move in the {{RMAppManager}} we could
even think about moving all these ACL checks etc into the pre-validate check,
or a security check, that is performed in the app manager. It does make more
sense to have it there.
bq. Why a ConcurrentHashMap in createClientRMServiceForMoveApplicationRequest()
instead of Collections.singletonMap()?
I used that because the {{thenReturn}} expects a {{ConcurrentHashMap}}. The
{{apps}} variable must be declared like it is. To use th singletonMap I then
have to cast in the code which does not make it any more readable or
maintainable. The code that works would look like this:
{code}
ConcurrentHashMap<ApplicationId, RMApp> apps = (ConcurrentHashMap)
Collections.singletonMap(applicationId, app);
when(rmContext.getRMApps()).thenReturn(apps);
{code}
That does not look any nicer than what we now have does it?
> MoveApplicationAcrossQueues does not check user permission on the target queue
> ------------------------------------------------------------------------------
>
> Key: YARN-5554
> URL: https://issues.apache.org/jira/browse/YARN-5554
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.7.2
> Reporter: Haibo Chen
> Assignee: Wilfred Spiegelenburg
> Labels: oct16-medium
> Attachments: YARN-5554.10.patch, YARN-5554.11.patch,
> YARN-5554.12.patch, YARN-5554.13.patch, YARN-5554.14.patch,
> YARN-5554.2.patch, YARN-5554.3.patch, YARN-5554.4.patch, YARN-5554.5.patch,
> YARN-5554.6.patch, YARN-5554.7.patch, YARN-5554.8.patch, YARN-5554.9.patch
>
>
> moveApplicationAcrossQueues operation currently does not check user
> permission on the target queue. This incorrectly allows one user to move
> his/her own applications to a queue that the user has no access to
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
