You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2015/02/24 01:18:55 UTC
Review Request 31332: RANGER-248: Ranger plugin for YARN authorization
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31332/
-----------------------------------------------------------
Review request for ranger.
Bugs: RANGER-248
https://issues.apache.org/jira/browse/RANGER-248
Repository: ranger
Description
-------
RANGER-248: Ranger plugin for YARN authorization (revision 2)
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java a7ad7b1
agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java b40ea18
agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json PRE-CREATION
plugin-yarn/.gitignore PRE-CREATION
plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION
plugin-yarn/conf/ranger-policymgr-ssl.xml PRE-CREATION
plugin-yarn/conf/ranger-yarn-audit-changes.cfg PRE-CREATION
plugin-yarn/conf/ranger-yarn-audit.xml PRE-CREATION
plugin-yarn/conf/ranger-yarn-security-changes.cfg PRE-CREATION
plugin-yarn/conf/ranger-yarn-security.xml PRE-CREATION
plugin-yarn/conf/yarn-site-changes.cfg PRE-CREATION
plugin-yarn/pom.xml PRE-CREATION
plugin-yarn/scripts/install.properties PRE-CREATION
plugin-yarn/scripts/yarn-plugin-install.properties PRE-CREATION
plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java PRE-CREATION
pom.xml 0c39eb8
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ca9790e
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 8608054
security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java 0a6046b
src/main/assembly/plugin-yarn.xml PRE-CREATION
Diff: https://reviews.apache.org/r/31332/diff/
Testing
-------
- Verified that YARN authorization methods checkPermission(), setPermission(), setAdmin(), isAdmin() work with Ranger as the authorizer
- Updated grant to support isRecursive flag, as this is needed for YARN semantics of allowing a queue permission to be applicable to all its children as well
- Removed logged-in user check from ServiceDBStore to enable policy update during grant/revoke. Necessary checks should be done at a higher layer than the storage (like ServiceREST)
Thanks,
Madhan Neethiraj
Re: Review Request 31332: RANGER-248: Ranger plugin for YARN
authorization
Posted by dilli dorai <di...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31332/#review73731
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java
<https://reviews.apache.org/r/31332/#comment120111>
line 68 is duplicate of line 66
- dilli dorai
On Feb. 24, 2015, 12:18 a.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31332/
> -----------------------------------------------------------
>
> (Updated Feb. 24, 2015, 12:18 a.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-248
> https://issues.apache.org/jira/browse/RANGER-248
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-248: Ranger plugin for YARN authorization (revision 2)
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java a7ad7b1
> agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java b40ea18
> agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json PRE-CREATION
> plugin-yarn/.gitignore PRE-CREATION
> plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION
> plugin-yarn/conf/ranger-policymgr-ssl.xml PRE-CREATION
> plugin-yarn/conf/ranger-yarn-audit-changes.cfg PRE-CREATION
> plugin-yarn/conf/ranger-yarn-audit.xml PRE-CREATION
> plugin-yarn/conf/ranger-yarn-security-changes.cfg PRE-CREATION
> plugin-yarn/conf/ranger-yarn-security.xml PRE-CREATION
> plugin-yarn/conf/yarn-site-changes.cfg PRE-CREATION
> plugin-yarn/pom.xml PRE-CREATION
> plugin-yarn/scripts/install.properties PRE-CREATION
> plugin-yarn/scripts/yarn-plugin-install.properties PRE-CREATION
> plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java PRE-CREATION
> pom.xml 0c39eb8
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ca9790e
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 8608054
> security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java 0a6046b
> src/main/assembly/plugin-yarn.xml PRE-CREATION
>
> Diff: https://reviews.apache.org/r/31332/diff/
>
>
> Testing
> -------
>
> - Verified that YARN authorization methods checkPermission(), setPermission(), setAdmin(), isAdmin() work with Ranger as the authorizer
> - Updated grant to support isRecursive flag, as this is needed for YARN semantics of allowing a queue permission to be applicable to all its children as well
> - Removed logged-in user check from ServiceDBStore to enable policy update during grant/revoke. Necessary checks should be done at a higher layer than the storage (like ServiceREST)
>
>
> Thanks,
>
> Madhan Neethiraj
>
>