Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-3100

Make YARN authorization pluggable

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.7.0
    • None
    • None
    • Reviewed

    Description

      The goal is to have YARN acl model pluggable so as to integrate other authorization tool such as Apache Ranger, Sentry.

      Currently, we have

      • admin ACL
      • queue ACL
      • application ACL
      • time line domain ACL
      • service ACL

      The proposal is to create a YarnAuthorizationProvider interface. Current implementation will be the default implementation. Ranger or Sentry plug-in can implement this interface.

      Benefit:

      • Unify the code base. With the default implementation, we can get rid of each specific ACL manager such as AdminAclManager, ApplicationACLsManager, QueueAclsManager etc.
      • Enable Ranger, Sentry to do authorization for YARN.

      Attachments

        1. YARN-3100.1.patch
          34 kB
          Jian He
        2. YARN-3100.2.patch
          50 kB
          Jian He
        3. YARN-3100.2.patch
          50 kB
          Jian He

        Issue Links

          Activity

            People

              jianhe Jian He
              jianhe Jian He
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: