[YARN-3100] Make YARN authorization pluggable - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.7.0
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

The goal is to have YARN acl model pluggable so as to integrate other authorization tool such as Apache Ranger, Sentry.

Currently, we have

admin ACL
queue ACL
application ACL
time line domain ACL
service ACL

The proposal is to create a YarnAuthorizationProvider interface. Current implementation will be the default implementation. Ranger or Sentry plug-in can implement this interface.

Benefit:

Unify the code base. With the default implementation, we can get rid of each specific ACL manager such as AdminAclManager, ApplicationACLsManager, QueueAclsManager etc.
Enable Ranger, Sentry to do authorization for YARN.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-3100.2.patch
07/Feb/15 00:03
50 kB
Jian He
YARN-3100.2.patch
09/Feb/15 03:35
50 kB
Jian He
YARN-3100.1.patch
28/Jan/15 19:27
34 kB
Jian He

Issue Links

is related to

HADOOP-4348 Adding service-level authorization to Hadoop

Closed

HDFS-6826 Plugin interface to enable delegation of HDFS authorization assertions

Closed

YARN-3162 persistence support for YarnAuthorizationProvider

Resolved

Activity

People

Assignee:: Jian He

Reporter:: Jian He

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: 27/Jan/15 00:34

Updated:: 24/Apr/15 23:17

Resolved:: 10/Feb/15 04:39