From 290dc7817c0ce6cf3015f829787bfab08c56303c Mon Sep 17 00:00:00 2001 From: curie71 <39853223+curie71@users.noreply.github.com> Date: Wed, 28 Dec 2022 07:58:53 +0800 Subject: [PATCH] YARN-11392 Audit Log missing in ClientRMService (#5250). Contributed by Beibei Zhao. Signed-off-by: Chris Nauroth (cherry picked from commit 9668a85d40a6a98514a24d5f25ab757501fe3423) --- .../resourcemanager/ClientRMService.java | 47 ++++--------------- .../server/resourcemanager/RMAuditLogger.java | 1 + 2 files changed, 11 insertions(+), 37 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java index c725c2c0b3..7861a6b3e5 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java @@ -406,22 +406,11 @@ public GetApplicationReportResponse getApplicationReport( throw new ApplicationNotFoundException("Invalid application id: null"); } - UserGroupInformation callerUGI; - try { - callerUGI = UserGroupInformation.getCurrentUser(); - } catch (IOException ie) { - LOG.info("Error getting UGI ", ie); - throw RPCUtil.getRemoteException(ie); - } + UserGroupInformation callerUGI = getCallerUgi(applicationId, + AuditConstants.GET_APP_REPORT); - RMApp application = this.rmContext.getRMApps().get(applicationId); - if (application == null) { - // If the RM doesn't have the application, throw - // ApplicationNotFoundException and let client to handle. - throw new ApplicationNotFoundException("Application with id '" - + applicationId + "' doesn't exist in RM. Please check " - + "that the job submission was successful."); - } + RMApp application = verifyUserAccessForRMApp(applicationId, callerUGI, + AuditConstants.GET_APP_REPORT, ApplicationAccessType.VIEW_APP, false); boolean allowAccess = checkAccess(callerUGI, application.getUser(), ApplicationAccessType.VIEW_APP, application); @@ -881,13 +870,8 @@ public GetClusterMetricsResponse getClusterMetrics( @Override public GetApplicationsResponse getApplications(GetApplicationsRequest request) throws YarnException { - UserGroupInformation callerUGI; - try { - callerUGI = UserGroupInformation.getCurrentUser(); - } catch (IOException ie) { - LOG.info("Error getting UGI ", ie); - throw RPCUtil.getRemoteException(ie); - } + UserGroupInformation callerUGI = getCallerUgi(null, + AuditConstants.GET_APPLICATIONS_REQUEST); Set applicationTypes = getLowerCasedAppTypes(request); EnumSet applicationStates = @@ -1028,13 +1012,8 @@ public GetClusterNodesResponse getClusterNodes(GetClusterNodesRequest request) @Override public GetQueueInfoResponse getQueueInfo(GetQueueInfoRequest request) throws YarnException { - UserGroupInformation callerUGI; - try { - callerUGI = UserGroupInformation.getCurrentUser(); - } catch (IOException ie) { - LOG.info("Error getting UGI ", ie); - throw RPCUtil.getRemoteException(ie); - } + UserGroupInformation callerUGI = getCallerUgi(null, + AuditConstants.GET_QUEUE_INFO_REQUEST); GetQueueInfoResponse response = recordFactory.newRecordInstance(GetQueueInfoResponse.class); @@ -1700,16 +1679,10 @@ public SignalContainerResponse signalToContainer( SignalContainerRequest request) throws YarnException, IOException { ContainerId containerId = request.getContainerId(); - UserGroupInformation callerUGI; - try { - callerUGI = UserGroupInformation.getCurrentUser(); - } catch (IOException ie) { - LOG.info("Error getting UGI ", ie); - throw RPCUtil.getRemoteException(ie); - } - ApplicationId applicationId = containerId.getApplicationAttemptId(). getApplicationId(); + UserGroupInformation callerUGI = getCallerUgi(applicationId, + AuditConstants.SIGNAL_CONTAINER); RMApp application = this.rmContext.getRMApps().get(applicationId); if (application == null) { RMAuditLogger.logFailure(callerUGI.getUserName(), diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java index 854b6ca64e..cc54d0b586 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java @@ -57,6 +57,7 @@ public static class AuditConstants { public static final String GET_APP_PRIORITY = "Get Application Priority"; public static final String GET_APP_QUEUE = "Get Application Queue"; public static final String GET_APP_ATTEMPTS = "Get Application Attempts"; + public static final String GET_APP_REPORT = "Get Application Report"; public static final String GET_APP_ATTEMPT_REPORT = "Get Application Attempt Report"; public static final String GET_CONTAINERS = "Get Containers";