big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

YARN-8591. [ATSv2] NPE while checking for entity acl in non-secure cluster. Contributed by Rohith Sharma K S.

Browse Source
This commit is contained in:
Sunil G 2018-07-30 14:48:04 +05:30
parent 0857f116b7
commit 63e08ec071
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
View File

@ -3532,7 +3532,8 @@ static boolean validateAuthUserWithEntityUser(
static boolean checkAccess(TimelineReaderManager readerManager, static boolean checkAccess(TimelineReaderManager readerManager,
UserGroupInformation ugi, String entityUser) { UserGroupInformation ugi, String entityUser) {
if (isDisplayEntityPerUserFilterEnabled(readerManager.getConfig())) { if (isDisplayEntityPerUserFilterEnabled(readerManager.getConfig())) {
if (!validateAuthUserWithEntityUser(readerManager, ugi, entityUser)) { if (ugi != null && !validateAuthUserWithEntityUser(readerManager, ugi,
entityUser)) {
String userName = ugi.getShortUserName(); String userName = ugi.getShortUserName();
String msg = "User " + userName String msg = "User " + userName
+ " is not allowed to read TimelineService V2 data."; + " is not allowed to read TimelineService V2 data.";

4
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
View File

@ -88,6 +88,10 @@ public class TestTimelineReaderWebServicesBasicAcl {
Assert.assertFalse(TimelineReaderWebServices Assert.assertFalse(TimelineReaderWebServices
.validateAuthUserWithEntityUser(manager, null, user1)); .validateAuthUserWithEntityUser(manager, null, user1));
// true because ugi is null
Assert.assertTrue(
TimelineReaderWebServices.checkAccess(manager, null, user1));
// incoming ugi is admin asking for entity owner user1 // incoming ugi is admin asking for entity owner user1
Assert.assertTrue( Assert.assertTrue(
TimelineReaderWebServices.checkAccess(manager, adminUgi, user1)); TimelineReaderWebServices.checkAccess(manager, adminUgi, user1));