Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
Reviewed
Description
The goal is to have YARN acl model pluggable so as to integrate other authorization tool such as Apache Ranger, Sentry.
Currently, we have
- admin ACL
- queue ACL
- application ACL
- time line domain ACL
- service ACL
The proposal is to create a YarnAuthorizationProvider interface. Current implementation will be the default implementation. Ranger or Sentry plug-in can implement this interface.
Benefit:
- Unify the code base. With the default implementation, we can get rid of each specific ACL manager such as AdminAclManager, ApplicationACLsManager, QueueAclsManager etc.
- Enable Ranger, Sentry to do authorization for YARN.
Attachments
Attachments
Issue Links
- is related to
-
HADOOP-4348 Adding service-level authorization to Hadoop
- Closed
-
HDFS-6826 Plugin interface to enable delegation of HDFS authorization assertions
- Closed
-
YARN-3162 persistence support for YarnAuthorizationProvider
- Resolved