[
https://issues.apache.org/jira/browse/YARN-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14051085#comment-14051085
]
Varun Vasudev commented on YARN-2228:
-------------------------------------
Looks good. Couple of things -
1.
{noformat}
- if (callerUGI != null
+ if ((callerUGI != null
&& (adminAclsManager.isAdmin(callerUGI) ||
- callerUGI.getShortUserName().equals(owner))) {
+ callerUGI.getShortUserName().equals(owner))) ||
+ (callerUGI == null && (owner == null || owner.length() == 0))) {
return true;
}
{noformat}
Can you split up the individual tests so that the conditions are easier to
understand? Something like
{noformat}
boolean isAdmin = (callerUGI == null) ? false :
adminAclsManager.isAdmin(callerUGI);
booelan isOwner = (callerUGI == null) ? false :
callerUGI.getShortUserName().equals(owner);
boolean unOwned = (callerUGI == null) && ((owner == null) || (owner.length() ==
0));
if((isAdmin || isOwner) || unOwned) {
return true;
}
{noformat}
2. The config variables - yarn.timeline-service.http.authentication.\*. It
looks like we've essentially replication hadoop.http.authentication.\*. Maybe
we should just use the hadoop.http.authentication.* instead of a new subset?
Rest of the patch looks good.
> TimelineServer should load pseudo authentication filter when authentication =
> simple
> ------------------------------------------------------------------------------------
>
> Key: YARN-2228
> URL: https://issues.apache.org/jira/browse/YARN-2228
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Zhijie Shen
> Assignee: Zhijie Shen
> Attachments: YARN-2228.1.patch
>
>
> When kerberos authentication is not enabled, we should let the timeline
> server to work with pseudo authentication filter. In this way, the sever is
> able to detect the request user by checking "user.name".
> On the other hand, timeline client should append "user.name" in un-secure
> case as well, such that ACLs can keep working in this case.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
