[jira] [Commented] (RANGER-1738) RangerYarnAuthorizer not compatible with Hadoop-3.0.0

Thu, 16 Nov 2017 04:08:13 -0800 

    [ 
https://issues.apache.org/jira/browse/RANGER-1738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16255203#comment-16255203
 ] 

Colm O hEigeartaigh commented on RANGER-1738:
---------------------------------------------

The problem with switching Ranger to Hadoop 3.0.0, is that a lot of the 
components rely on Hadoop 2.7.x, and it ends up breaking a lot of the tests 
(HBase, Hive, etc.), as we end up having different Hadoop versions on the 
classpath. Perhaps we should wait to update to Hadoop 3.0.0 until more of the 
components release new major versions depending on Hadoop 3.0.0? Until then I 
could just add a new plugin for Yarn 3.0.0 so we can claim to support Hadoop 
3.0.0. WDYT?



> RangerYarnAuthorizer not compatible with Hadoop-3.0.0
> -----------------------------------------------------
>
>                 Key: RANGER-1738
>                 URL: https://issues.apache.org/jira/browse/RANGER-1738
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 0.7.1
>            Reporter: Hong Shen
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.0.0
>
>         Attachments: 
> 0001-RANGER-1738-RangerYarnAuthorizer-not-compatible-with.patch
>
>
> In the newest hadoop version 3.0.0, YarnAuthorizationProvider has changed.
> The new YarnAuthorizationProvider.java has change the methods checkPermission 
> and setPermission, 
> {code:title=YarnAuthorizationProvider.java|borderStyle=solid}
>   /**
>    * Check if user has the permission to access the target object.
>    * 
>    * @param accessRequest
>    *          the request object which contains all the access context info.
>    * @return true if user can access the object, otherwise false.
>    */
>   public abstract boolean checkPermission(AccessRequest accessRequest);
>   /**
>    * Set permissions for the target object.
>    *
>    * @param permissions
>    *        A list of permissions on the target object.
>    * @param ugi User who sets the permissions.
>    */
>   public abstract void setPermission(List<Permission> permissions,
>       UserGroupInformation ugi);
> {code}
> But the RangerYarnAuthorizer extends YarnAuthorizationProvider impletement 
> the old method.
> {code:title=RangerYarnAuthorizer.java|borderStyle=solid}
>       @Override
>       public void setPermission(PrivilegedEntity entity, Map<AccessType, 
> AccessControlList> permission, UserGroupInformation ugi) {
>        ...
>       @Override
>       public boolean checkPermission(AccessType accessType, PrivilegedEntity 
> entity, UserGroupInformation ugi) {
> {code}
> I think yarn plugin should also impletement the new method. I will add a 
> patch for it.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to