Dev,
Livy session or batches are not currently secured. i.e. User A can start a session or batch and User B can submit code to session started by User A or even stop that session. This is critical issue on secured cluster, when User A is having sensitive data access, there may be a chance User B can access those sensitive datasets through User-A Session.
Please let me know how we can handle this one.
Here, is an example from our secured cluster.
# Starting session from user "prabhu"
curl --silent --negotiate -u:prabhu localhost:8998/sessions -X POST -H 'Content-Type: application/json' -d '{
"kind":"scala",
"proxyUser":"prabhu",
"name":"Testing"
}' | python -m json.tool
{
"id": 371,
"appId": null,
"owner": "prabhu",
"proxyUser": "prabhu",
"state": "starting",
"kind": "spark",
"appInfo": {
"driverLogUrl": null,
"sparkUiUrl": null
},
"log": []
}
# Executing code to above session by some other user "don"
curl --silent --negotiate -u:don localhost:8998/sessions/371/statements -X POST -H 'Content-Type: application/json' -d '{
"code":"sc.applicationId"
}' | python -m json.tool
{
"id": 0,
"state": "available",
"output": {
"status": "ok",
"execution_count": 0,
"data": {
"text/plain": "res0: String = application_1476926173701_398436"
}
}
}
# Stopping above session by different user "john" this time
curl --silent --negotiate -u:john localhost:8998/sessions/371 -X DELETE | python -m json.tool
{
"msg": "deleted"
}
Thanks
Prabhu