Affects Version/s: None
Fix Version/s: 2.7.0
The goal is to have YARN acl model pluggable so as to integrate other authorization tool such as Apache Ranger, Sentry.
Currently, we have
- admin ACL
- queue ACL
- application ACL
- time line domain ACL
- service ACL
The proposal is to create a YarnAuthorizationProvider interface. Current implementation will be the default implementation. Ranger or Sentry plug-in can implement this interface.
- Unify the code base. With the default implementation, we can get rid of each specific ACL manager such as AdminAclManager, ApplicationACLsManager, QueueAclsManager etc.
- Enable Ranger, Sentry to do authorization for YARN.