You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Allen Wittenauer (JIRA)" <ji...@apache.org> on 2015/01/27 06:58:35 UTC
[jira] [Comment Edited] (YARN-3100) Make YARN authorization
pluggable
[ https://issues.apache.org/jira/browse/YARN-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14293015#comment-14293015 ]
Allen Wittenauer edited comment on YARN-3100 at 1/27/15 5:57 AM:
-----------------------------------------------------------------
It sounds like this JIRA should get split in half then: a generic interface sitting in common that other components can use and the YARN-specific bits.
was (Author: aw):
It sounds like this JIRA should get split in half then: a generic interface sitting in common that other components can use and the YARN-specific one.
> Make YARN authorization pluggable
> ---------------------------------
>
> Key: YARN-3100
> URL: https://issues.apache.org/jira/browse/YARN-3100
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Jian He
> Assignee: Jian He
>
> The goal is to have YARN acl model pluggable so as to integrate other authorization tool such as Apache Ranger, Sentry.
> Currently, we have
> - admin ACL
> - queue ACL
> - application ACL
> - time line domain ACL
> - service ACL
> The proposal is to create a YarnAuthorizationProvider interface. Current implementation will be the default implementation. Ranger or Sentry plug-in can implement this interface.
> Benefit:
> - Unify the code base. With the default implementation, we can get rid of each specific ACL manager such as AdminAclManager, ApplicationACLsManager, QueueAclsManager etc.
> - Enable Ranger, Sentry to do authorization for YARN.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)