YARN-10555. Missing access check before getAppAttempts (#2608)

Co-authored-by: lujie <lujie@foxmail.com>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit d92a25b)

Author: 2 people

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMAppBlock.java

@@ -142,7 +142,7 @@ protected void generateApplicationTable(Block html,
         continue;
       }
       AppAttemptInfo attemptInfo =
-          new AppAttemptInfo(this.rm, rmAppAttempt, rmApp.getUser(),
+          new AppAttemptInfo(this.rm, rmAppAttempt, true, rmApp.getUser(),
               WebAppUtils.getHttpSchemePrefix(conf));
       Set<String> nodes = rmAppAttempt.getBlacklistedNodes();
       // nodes which are blacklisted by the application

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMWebServices.java

@@ -826,7 +826,7 @@ public AppAttemptsInfo getAppAttempts(@Context HttpServletRequest hsr,
     AppAttemptsInfo appAttemptsInfo = new AppAttemptsInfo();
     for (RMAppAttempt attempt : app.getAppAttempts().values()) {
       AppAttemptInfo attemptInfo = new AppAttemptInfo(rm, attempt,
-          app.getUser(), hsr.getScheme() + "://");
+          hasAccess(app, hsr), app.getUser(), hsr.getScheme() + "://");
       appAttemptsInfo.add(attemptInfo);
     }
 

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/dao/AppAttemptInfo.java

@@ -47,8 +47,8 @@ public class AppAttemptInfo {
   public AppAttemptInfo() {
   }
 
-  public AppAttemptInfo(ResourceManager rm, RMAppAttempt attempt, String user,
-      String schemePrefix) {
+  public AppAttemptInfo(ResourceManager rm, RMAppAttempt attempt,
+      Boolean hasAccess, String user, String schemePrefix) {
     this.startTime = 0;
     this.containerId = "";
     this.nodeHttpAddress = "";
@@ -60,7 +60,7 @@ public AppAttemptInfo(ResourceManager rm, RMAppAttempt attempt, String user,
       this.startTime = attempt.getStartTime();
       this.finishedTime = attempt.getFinishTime();
       Container masterContainer = attempt.getMasterContainer();
-      if (masterContainer != null) {
+      if (masterContainer != null && hasAccess) {
         this.containerId = masterContainer.getId().toString();
         this.nodeHttpAddress = masterContainer.getNodeHttpAddress();
         this.nodeId = masterContainer.getNodeId().toString();