Review Request 31332: RANGER-248: Ranger plugin for YARN authorization

Mon, 23 Feb 2015 16:39:57 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31332/
-----------------------------------------------------------

Review request for ranger.


Bugs: RANGER-248
    https://issues.apache.org/jira/browse/RANGER-248


Repository: ranger


Description
-------

RANGER-248: Ranger plugin for YARN authorization (revision 2)


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
 a7ad7b1 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java
 b40ea18 
  agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json 
PRE-CREATION 
  plugin-yarn/.gitignore PRE-CREATION 
  plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
  plugin-yarn/conf/ranger-policymgr-ssl.xml PRE-CREATION 
  plugin-yarn/conf/ranger-yarn-audit-changes.cfg PRE-CREATION 
  plugin-yarn/conf/ranger-yarn-audit.xml PRE-CREATION 
  plugin-yarn/conf/ranger-yarn-security-changes.cfg PRE-CREATION 
  plugin-yarn/conf/ranger-yarn-security.xml PRE-CREATION 
  plugin-yarn/conf/yarn-site-changes.cfg PRE-CREATION 
  plugin-yarn/pom.xml PRE-CREATION 
  plugin-yarn/scripts/install.properties PRE-CREATION 
  plugin-yarn/scripts/yarn-plugin-install.properties PRE-CREATION 
  
plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
 PRE-CREATION 
  pom.xml 0c39eb8 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
ca9790e 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 8608054 
  
security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
 0a6046b 
  src/main/assembly/plugin-yarn.xml PRE-CREATION 

Diff: https://reviews.apache.org/r/31332/diff/


Testing
-------

- Verified that YARN authorization methods checkPermission(), setPermission(), 
setAdmin(), isAdmin() work with Ranger as the authorizer
- Updated grant to support isRecursive flag, as this is needed for YARN 
semantics of allowing a queue permission to be applicable to all its children 
as well
- Removed logged-in user check from ServiceDBStore to enable policy update 
during grant/revoke. Necessary checks should be done at a higher layer than the 
storage (like ServiceREST)


Thanks,

Madhan Neethiraj

Reply via email to