Github user mridulm commented on the issue:
https://github.com/apache/spark/pull/17723
@vanzin:
> @mridulm the main argument for just dealing with Hadoop security is that
it's been sufficient since the inception of Spark. I have never seen anyone ask
for integration with any other type of system.
Support for long running applications (which require token renewal, etc)
was added much later in spark - in 1.4 IIRC :
https://issues.apache.org/jira/browse/SPARK-5342
> Would it make you more comfortable if the new API were kept
private[spark]? It would limit extensibility in the case of Mesos (would be
restricted to built-in providers), but would free us from this discussion and
allow progress to happen.
If we are not exposing an api for spark core, while maintaining backward
compatibility - I am fine with the change. (Please see [1] below too)
Either we move implementations from yarn to core - or a new module which
yarn and mesos depends on (if that helps).
@mgummelt:
> @mridulm You keep mentioning hadoop-security as if it's a library. It's
not. UserGroupInformation and Credentials, for example, are are security
classes in hadoop-commons, which core already depends on. So this coupling
already exists. Is your concern that we're increasing this coupling?
When I refer to hadoop-security, I do not mean a maven package - but use of
`org.apache.hadoop.security` for handling authentication/authorization.
hadoop-common contains a collection of libraries & utilities, bundled together
for convenience; `security` package implements classes in context of security
design of hadoop.
[1] If we want to base security in spark on hadoop-security, and think it
is sufficient for our current & anticipated needs - we should be explicit
about the (design) dependency.
We should solicit opinion about it in dev@ and proceed based on feedback
from from the list (this PR discussion might not be followed by many interested
parties).
As @vanzin mentioned above, there have not integration requests for other
systems - so perhaps it is sufficient for our needs and I might be being overly
paranoid (due to my past experiences with api design).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
