[
https://issues.apache.org/jira/browse/HADOOP-3698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12623400#action_12623400
]
owen.omalley edited comment on HADOOP-3698 at 8/18/08 9:40 AM:
----------------------------------------------------------------
I'd suggest keeping the implementation concrete until we have a more complete
story for security. I'd suggest:
* Make the class concrete rather than abstract & pluggable, until we have a
better handle on what we'd need from a plugin.
* Make it Configured, rather than recoding it.
* Drop initialize. It can be done in a configure method, if necessary.
* I think that verifyAccess should take a UGI, since it is a security check.
* I assume this is only being used in the JobTracker, rather than in the
client.
{code}
class QueueAccessVerifier extends Configured {
enum QueueOperation {
SUBMIT_JOB,
ADMINISTER_JOBS
// TODO Add LIST_JOBS when we have a http security story
}
// verify if the specified operation is allowed on the specified queue
public boolean verifyAccess(QueueOperation operation,
String queue,
UserGroupInformation user)
throws IOException {..}
}
{code}
was (Author: owen.omalley):
I'd suggest keeping the implementation concrete until we have a more
complete story for security. I'd suggest:
* Make the class concrete rather than abstract & pluggable, until we have a
better handle on what we'd need from a plugin.
* Make it Configured, rather than recoding it.
* Drop initialize. It can be done in a configure method, if necessary.
* I think that verifyAccess should take a UGI, since it is a security check.
* I assume this is only being used in the JobTracker, rather than in the
client.
{code}
class QueueAccessVerifier extends Configured {
enum QueueOperation {
SUBMIT_JOB,
ADMINISTER_JOBS
// TODO Add LIST_JOBS when we have a http security story
}
// verify if the specified operation is allowed on the specified queue
public boolean verifyAccess(QueueOperation operation,
String queue,
UserGroupInformation user)
throws IOException {..}
}
> Implement access control for submitting jobs to queues in the JobTracker
> ------------------------------------------------------------------------
>
> Key: HADOOP-3698
> URL: https://issues.apache.org/jira/browse/HADOOP-3698
> Project: Hadoop Core
> Issue Type: New Feature
> Components: mapred
> Reporter: Hemanth Yamijala
> Assignee: Hemanth Yamijala
> Fix For: 0.19.0
>
>
> HADOOP-3445 implements multiple queues in the JobTracker as part of the new
> resource manager for Hadoop (HADOOP-3421). There needs to be a mechanism to
> control who can submit jobs to a specified queue. This JIRA is for tracking
> the requirements, approach and implementation for the same.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
