YARN-10247. Application priority queue ACLs are not respected. Contributed by Sunil G

2020-04-29 15:53:30 +02:00 · 2020-04-29 15:53:30 +02:00 · 410c605aec
commit 410c605aec
parent db6252b6c3
2 changed files with 4 additions and 3 deletions
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/CapacityScheduler.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/CapacityScheduler.java
@ -2686,10 +2686,10 @@ public Priority checkAndGetApplicationPriority(
      }

      // Lets check for ACLs here.
-      if (!appPriorityACLManager.checkAccess(user, queuePath, appPriority)) {
+      if (!appPriorityACLManager.checkAccess(user, normalizeQueueName(queuePath), appPriority)) {
        throw new YarnException(new AccessControlException(
-            "User " + user + " does not have permission to submit/update "
-                + applicationId + " for " + appPriority));
+                "User " + user + " does not have permission to submit/update "
+                        + applicationId + " for " + appPriority));
      }

      LOG.info("Priority '" + appPriority.getPriority()
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestApplicationPriorityACLs.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestApplicationPriorityACLs.java
@ -143,6 +143,7 @@ private void submitAppToRMWithInValidAcl(String submitter,
        .newInstance(appSubmissionContext);
    try {
      submitterClient.submitApplication(submitRequest);
+      Assert.fail();
    } catch (YarnException ex) {
      Assert.assertTrue(ex.getCause() instanceof RemoteException);
    }