[
https://issues.apache.org/jira/browse/RANGER-1738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16253284#comment-16253284
]
Colm O hEigeartaigh commented on RANGER-1738:
---------------------------------------------
[~rmani], [~vperiasamy], OK so what you are suggesting here is to drop the
Hadoop 2.7.x dependency from Ranger altogether? This could work, but 3.0.0 is
currently a "beta" - I'm not sure when the plans are to ship a final 3.0.0
version. Would we be happy to release Ranger 1.0.0 off a beta Hadoop version?
It might be less risky just to leave the dependency on Hadoop 2.7.x, but add
some exclusions in the Yarn 3.0.0 plugin to exclude 2.7.x jars. The
distribution for the new plugin doesn't include any Hadoop jars in the "lib"
directory.
[~vperiasamy], It's not possible to have RangerYarnAuthorizer work with
multiple versions, as with Hadoop 3.0.0 you have to implement methods that take
arguments that are only available in Hadoop 3.0.0.
> RangerYarnAuthorizer not compatible with Hadoop-3.0.0
> -----------------------------------------------------
>
> Key: RANGER-1738
> URL: https://issues.apache.org/jira/browse/RANGER-1738
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 0.7.1
> Reporter: Hong Shen
> Assignee: Colm O hEigeartaigh
> Fix For: 1.0.0
>
> Attachments:
> 0001-RANGER-1738-RangerYarnAuthorizer-not-compatible-with.patch
>
>
> In the newest hadoop version 3.0.0, YarnAuthorizationProvider has changed.
> The new YarnAuthorizationProvider.java has change the methods checkPermission
> and setPermission,
> {code:title=YarnAuthorizationProvider.java|borderStyle=solid}
> /**
> * Check if user has the permission to access the target object.
> *
> * @param accessRequest
> * the request object which contains all the access context info.
> * @return true if user can access the object, otherwise false.
> */
> public abstract boolean checkPermission(AccessRequest accessRequest);
> /**
> * Set permissions for the target object.
> *
> * @param permissions
> * A list of permissions on the target object.
> * @param ugi User who sets the permissions.
> */
> public abstract void setPermission(List<Permission> permissions,
> UserGroupInformation ugi);
> {code}
> But the RangerYarnAuthorizer extends YarnAuthorizationProvider impletement
> the old method.
> {code:title=RangerYarnAuthorizer.java|borderStyle=solid}
> @Override
> public void setPermission(PrivilegedEntity entity, Map<AccessType,
> AccessControlList> permission, UserGroupInformation ugi) {
> ...
> @Override
> public boolean checkPermission(AccessType accessType, PrivilegedEntity
> entity, UserGroupInformation ugi) {
> {code}
> I think yarn plugin should also impletement the new method. I will add a
> patch for it.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
