GitHub user lhaiesp opened a pull request:

    https://github.com/apache/samza/pull/592

    SAMZA-1794: setting application acl in launch context 

    Currently we don't set application acl for container launch context. See 
https://hadoop.apache.org/docs/r2.6.4/api/org/apache/hadoop/yarn/api/records/ContainerLaunchContext.html#setApplicationACLs(java.util.Map)
    
    This could potentially cause problem if samza job is running on a secured 
YARN cluster. Say user A submits the job, then by default only user A can view 
the log and the status of the job. Even worse case is that user A submits the 
job through some proxy account, then even user A herself/himself couldn't 
access to logs/status of the application.
    
    We need to make some changes for the YARN application submission to set 
application acls in launch context as configured.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/lhaiesp/samza master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/samza/pull/592.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #592
    
----
commit 6f11c2c0d3dd2b96b3261174b068dae75a2fb2b3
Author: Hai Lu <halu@...>
Date:   2018-07-31T22:27:03Z

    SAMZA-1794: setting application acl in launch context for secured YARN 
cluster

----


---

Reply via email to