[SPARK-16122][CORE] Add rest api for job environment #16949
Conversation
|
Test build #72979 has finished for PR 16949 at commit
|
|
jenkins crushed. retest this please. |
|
Test build #72986 has started for PR 16949 at commit |
|
cc @srowen |
|
terminated by signal 9. retest this please. |
|
Test build #72989 has finished for PR 16949 at commit
|
|
It's a simple change, but I wonder if this is that important to add? |
|
@srowen good question!IMHO,we should add this API:
Any suggestion is appreciated! |
ajbozarth
left a comment
ajbozarth
left a comment
There was a problem hiding this comment.
I agree with @srowen that this highlights one of the web ui's current security holes, access to the system env via the web ui, but like @uncleGen said, this is already an issue in the current code. I like expanding the REST API to include the same info as the web ui, especially since it will be necessary if @vanzin 's history server project is accepted. Overall LGTM.
|
@uncleGen As followup I'd recommend opening a JIRA to research and address the potential security flaws in the env tab. I know we've already merged some fixes to hide passwords in the env tab, but we should make sure there aren't more issues. |
|
re: security, this change doesn't really change anything; all this information is already available in the UI. Note it doesn't expose the system env (as in environment variables), although people may still expose things through system properties and spark configuration. There's some code to redact sensitive info and even a config to control what gets redacted, but ultimately, the solution to security is auth + ssl. As Spark gets more and more features, data may start leaking through other places (e.g. SQL query plans which are shown in the UI). As for the change, I kinda implemented it as part of my SHS project, and I went with a slightly different API: Mainly I broke the "JVM properties" into a separate type; I kinda prefer that instead of "magic keys", especially when these keys contain spaces and thus don't map well to code. |
|
@vanzin I opened a jira (https://issues.apache.org/jira/browse/SPARK-19642) to research and address the potential security flaws. Do you mind if I continue this pr? |
|
Sure, this PR is fine, I'd just prefer some minor API adjustments to bring it closer to the code I linked above. |
|
@vanzin @ajbozarth sure, I will do some update based on the linked code. |
|
Test build #73145 has finished for PR 16949 at commit
|
|
LGTM |
vanzin
left a comment
vanzin
left a comment
There was a problem hiding this comment.
LGTM but needs an update because of other changes.
There was a problem hiding this comment.
You'll need to update your diff because this method doesn't exist anymore.
uncleGen
force-pushed
the
SPARK-16122
branch
from
ad570cf to
6094743
Compare
|
Test build #73309 has finished for PR 16949 at commit
|
|
Merging to master. |
## What changes were proposed in this pull request? follow up pr of #16949. ## How was this patch tested? jenkins Author: uncleGen <[email protected]> Closes #17033 from uncleGen/doc-restapi-environment.
## What changes were proposed in this pull request? add rest api for job environment. ## How was this patch tested? existing ut. Author: uncleGen <[email protected]> Closes apache#16949 from uncleGen/SPARK-16122.
## What changes were proposed in this pull request? follow up pr of apache#16949. ## How was this patch tested? jenkins Author: uncleGen <[email protected]> Closes apache#17033 from uncleGen/doc-restapi-environment.
5 participants
What changes were proposed in this pull request?
add rest api for job environment.
How was this patch tested?
existing ut.