[
https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Varun Vasudev updated YARN-3517:
--------------------------------
Attachment: YARN-3517.006.patch
{quote}
in RMWebServices.java we don't need the isSecurityEnabled check. Just remove
the entire check. My reasoning is that logLevel app does not do those checks,
it simply makes sure you are an admin.
+ if (UserGroupInformation.isSecurityEnabled() && callerUGI == null)
\{ + String msg = "Unable to obtain user name, user not authenticated"; + throw
new AuthorizationException(msg); + }
{quote}
Removed the check.
{quote}
in the test TestRMWebServices.java. We aren't actually asserting anything. we
should assert that the expected files exist. Personally I would also like to
see an assert that the expected exception occurred.
{quote}
Added explicit check for the exception being thrown as well as a check for the
log files existing.
> RM web ui for dumping scheduler logs should be for admins only
> --------------------------------------------------------------
>
> Key: YARN-3517
> URL: https://issues.apache.org/jira/browse/YARN-3517
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager, security
> Reporter: Varun Vasudev
> Assignee: Thomas Graves
> Priority: Blocker
> Labels: security
> Attachments: YARN-3517.001.patch, YARN-3517.002.patch,
> YARN-3517.003.patch, YARN-3517.004.patch, YARN-3517.005.patch,
> YARN-3517.006.patch
>
>
> YARN-3294 allows users to dump scheduler logs from the web UI. This should be
> for admins only.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
