Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.7.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      The goal is to have YARN acl model pluggable so as to integrate other authorization tool such as Apache Ranger, Sentry.

      Currently, we have

      • admin ACL
      • queue ACL
      • application ACL
      • time line domain ACL
      • service ACL

      The proposal is to create a YarnAuthorizationProvider interface. Current implementation will be the default implementation. Ranger or Sentry plug-in can implement this interface.

      Benefit:

      • Unify the code base. With the default implementation, we can get rid of each specific ACL manager such as AdminAclManager, ApplicationACLsManager, QueueAclsManager etc.
      • Enable Ranger, Sentry to do authorization for YARN.

        Attachments

        1. YARN-3100.2.patch
          50 kB
          Jian He
        2. YARN-3100.2.patch
          50 kB
          Jian He
        3. YARN-3100.1.patch
          34 kB
          Jian He

          Issue Links

            Activity

              People

              • Assignee:
                jianhe Jian He
                Reporter:
                jianhe Jian He
              • Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: