-
Notifications
You must be signed in to change notification settings - Fork 28.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SPARK-4223] [Core] Support * in acls. #8398
Conversation
…port 'defaultuser, *' pattern
@@ -310,7 +310,13 @@ private[spark] class SecurityManager(sparkConf: SparkConf) | |||
setViewAcls(Set[String](defaultUser), allowedUsers) | |||
} | |||
|
|||
def getViewAcls: String = viewAcls.mkString(",") | |||
def getViewAcls: String = { | |||
if (viewAcls.contains("*")) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be good here to put a comment that YARN requires only a * to be returned. you can't have *,user1,user2 to explain why we do this
Jenkins, test this please |
Test build #41646 has finished for PR 8398 at commit
|
conf.set("spark.ui.view.acls", "*") | ||
conf.set("spark.modify.acls", "user4") | ||
|
||
val securityManager = new SecurityManager(conf); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: nuke ';'
Just minor nits, otherwise LGTM. Also, minor, but we generally write "YARN" instead of "Yarn" in comments. |
retest this please |
Thanks @vanzin, comments addressed. |
Test build #41651 has finished for PR 8398 at commit
|
I think it would be nice if we update the docs to tell users * is supported. Can you update docs/configuration.md. Perhaps under each description of modify.acsl, view.acls, admin.acls add something that says Special value of * means anyone |
Sure. Docs updated. |
Jenkins, ok to test |
retest this please |
Test build #41699 has finished for PR 8398 at commit
|
retest this please |
Test build #41703 has finished for PR 8398 at commit
|
def getModifyAcls: String = modifyAcls.mkString(",") | ||
/** | ||
* Checking the existence of "*" is necessary as YARN can't recognize the "*" in "defaultuser,*" | ||
*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit - spacing off. remove space before *
@rxin @JoshRosen Since this is in core would one of you like to take a look. Minor nit in spacing otherwise LGTM. |
Test build #41746 has finished for PR 8398 at commit
|
LGTM - I've merged this. |
SPARK-4223.
Currently we support setting view and modify acls but you have to specify a list of users. It would be nice to support * meaning all users have access.
Manual tests to verify that: "*" works for any user in:
a. Spark ui: view and kill stage. Done.
b. Spark history server. Done.
c. Yarn application killing. Done.