You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2015/02/24 01:18:55 UTC

Review Request 31332: RANGER-248: Ranger plugin for YARN authorization

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31332/
-----------------------------------------------------------

Review request for ranger.


Bugs: RANGER-248
    https://issues.apache.org/jira/browse/RANGER-248


Repository: ranger


Description
-------

RANGER-248: Ranger plugin for YARN authorization (revision 2)


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java a7ad7b1 
  agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java b40ea18 
  agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json PRE-CREATION 
  plugin-yarn/.gitignore PRE-CREATION 
  plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
  plugin-yarn/conf/ranger-policymgr-ssl.xml PRE-CREATION 
  plugin-yarn/conf/ranger-yarn-audit-changes.cfg PRE-CREATION 
  plugin-yarn/conf/ranger-yarn-audit.xml PRE-CREATION 
  plugin-yarn/conf/ranger-yarn-security-changes.cfg PRE-CREATION 
  plugin-yarn/conf/ranger-yarn-security.xml PRE-CREATION 
  plugin-yarn/conf/yarn-site-changes.cfg PRE-CREATION 
  plugin-yarn/pom.xml PRE-CREATION 
  plugin-yarn/scripts/install.properties PRE-CREATION 
  plugin-yarn/scripts/yarn-plugin-install.properties PRE-CREATION 
  plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java PRE-CREATION 
  pom.xml 0c39eb8 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ca9790e 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 8608054 
  security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java 0a6046b 
  src/main/assembly/plugin-yarn.xml PRE-CREATION 

Diff: https://reviews.apache.org/r/31332/diff/


Testing
-------

- Verified that YARN authorization methods checkPermission(), setPermission(), setAdmin(), isAdmin() work with Ranger as the authorizer
- Updated grant to support isRecursive flag, as this is needed for YARN semantics of allowing a queue permission to be applicable to all its children as well
- Removed logged-in user check from ServiceDBStore to enable policy update during grant/revoke. Necessary checks should be done at a higher layer than the storage (like ServiceREST)


Thanks,

Madhan Neethiraj

Re: Review Request 31332: RANGER-248: Ranger plugin for YARN authorization

Posted by dilli dorai <di...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31332/#review73731
-----------------------------------------------------------



agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java
<https://reviews.apache.org/r/31332/#comment120111>

    line 68 is duplicate of line 66


- dilli dorai


On Feb. 24, 2015, 12:18 a.m., Madhan Neethiraj wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31332/
> -----------------------------------------------------------
> 
> (Updated Feb. 24, 2015, 12:18 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-248
>     https://issues.apache.org/jira/browse/RANGER-248
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-248: Ranger plugin for YARN authorization (revision 2)
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java a7ad7b1 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java b40ea18 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json PRE-CREATION 
>   plugin-yarn/.gitignore PRE-CREATION 
>   plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-yarn/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-yarn/conf/ranger-yarn-audit-changes.cfg PRE-CREATION 
>   plugin-yarn/conf/ranger-yarn-audit.xml PRE-CREATION 
>   plugin-yarn/conf/ranger-yarn-security-changes.cfg PRE-CREATION 
>   plugin-yarn/conf/ranger-yarn-security.xml PRE-CREATION 
>   plugin-yarn/conf/yarn-site-changes.cfg PRE-CREATION 
>   plugin-yarn/pom.xml PRE-CREATION 
>   plugin-yarn/scripts/install.properties PRE-CREATION 
>   plugin-yarn/scripts/yarn-plugin-install.properties PRE-CREATION 
>   plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java PRE-CREATION 
>   pom.xml 0c39eb8 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ca9790e 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 8608054 
>   security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java 0a6046b 
>   src/main/assembly/plugin-yarn.xml PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/31332/diff/
> 
> 
> Testing
> -------
> 
> - Verified that YARN authorization methods checkPermission(), setPermission(), setAdmin(), isAdmin() work with Ranger as the authorizer
> - Updated grant to support isRecursive flag, as this is needed for YARN semantics of allowing a queue permission to be applicable to all its children as well
> - Removed logged-in user check from ServiceDBStore to enable policy update during grant/revoke. Necessary checks should be done at a higher layer than the storage (like ServiceREST)
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>