You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Bibin A Chundatt (JIRA)" <ji...@apache.org> on 2017/07/05 10:41:00 UTC
[jira] [Comment Edited] (YARN-6727) Improve getQueueUserAcls API to
query for specific queue and user
[ https://issues.apache.org/jira/browse/YARN-6727?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16074561#comment-16074561 ]
Bibin A Chundatt edited comment on YARN-6727 at 7/5/17 10:40 AM:
-----------------------------------------------------------------
Thank you [~sunilg] for explanation
{quote}
Is safer for CS as we lock with a readLock only in YarnAuthorizationProvider
{quote}
+ queue level readlock
{quote}
Whichever user is passed with checkAccess at one point of time (from cli/api side or app submission time etc) could be cached.
{quote}
Submission time QUEUE_SUBMIT right we could cache but we need all .. am i missing something?
{quote}
Cache could be invalidated in cases here a config refresh happened for queues/acls or in similar conditions.
{quote}
The ACL mapping will depend on user to group mapping also which gets refreshed based in time interval.
IIUC the refresh interval is about 5/10 min.We dont have direct update or notifier as of now.
was (Author: bibinchundatt):
Thank you [~sunilg] for explanation
{quote}
Is safer for CS as we lock with a readLock only in YarnAuthorizationProvider
{quote}
+ queue level readlock
{quote}
Whichever user is passed with checkAccess at one point of time (from cli/api side or app submission time etc) could be cached.
{quote}
Submission time QUEUE_SUBMIT right we could cache but we need all .. am i missing something?
{quote}
Cache could be invalidated in cases here a config refresh happened for queues/acls or in similar conditions.
{quote}
The ACL mapping will depend on user to group mapping also which gets refreshed based in time interval.
IIUC the refresh interval is about 5/10 min. I dont this we have direct update or notifier as of now.
> Improve getQueueUserAcls API to query for specific queue and user
> ------------------------------------------------------------------
>
> Key: YARN-6727
> URL: https://issues.apache.org/jira/browse/YARN-6727
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Bibin A Chundatt
> Assignee: Bibin A Chundatt
> Attachments: YARN-6727.WIP.patch
>
>
> Currently {{ApplicationClientProtocol#getQueueUserAcls}} return data for all the queues available in scheduler for user.
> User wants to know whether he has rights of a particular queue only. For systems with 5K queues returning all queues list is not efficient.
> Suggested change: support additional parameters *userName and queueName* as optional. Admin user should be able to query other users ACL for a particular queueName.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org