[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14101978#comment-14101978 ] Johannes Zillmann commented on TEZ-671: --- Hey guys, i think that broke compilation with hadoop-2.2! Groups#parseStaticMapping() uses now StringUtils.getStringCollection(str, delim) which has been introduced as part of [HADOOP-10142|https://issues.apache.org/jira/browse/HADOOP-10142] in hadoop-2.3. Getting: {code} 2014-08-19 09:29:07,325 INFO [main] org.apache.tez.dag.app.DAGAppMaster: Created DAGAppMaster for application appattempt_140849532_0001_01 2014-08-19 09:29:07,798 WARN [main] org.apache.hadoop.util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable 2014-08-19 09:29:08,046 FATAL [main] org.apache.tez.dag.app.DAGAppMaster: Error starting DAGAppMaster java.lang.NoSuchMethodError: org.apache.hadoop.util.StringUtils.getStringCollection(Ljava/lang/String;Ljava/lang/String;)Ljava/util/Collection; at org.apache.tez.common.security.Groups.parseStaticMapping(Groups.java:102) at org.apache.tez.common.security.Groups.init(Groups.java:78) at org.apache.tez.dag.app.DAGAppMaster.serviceInit(DAGAppMaster.java:313) at org.apache.hadoop.service.AbstractService.init(AbstractService.java:163) at org.apache.tez.dag.app.DAGAppMaster$5.run(DAGAppMaster.java:1914) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:394) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491) at org.apache.tez.dag.app.DAGAppMaster.initAndStartAppMaster(DAGAppMaster.java:1911) at org.apache.tez.dag.app.DAGAppMaster.main(DAGAppMaster.java:1727) 2014-08-19 09:29:08,051 INFO [Thread-2] org.apache.tez.dag.app.DAGAppMaster: DAGAppMasterShutdownHook invoked {code} Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Fix For: 0.5.0 Attachments: TEZ-671.2.patch, TEZ-671.3.patch, TEZ-671.4.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14096721#comment-14096721 ] Siddharth Seth commented on TEZ-671: Mostly looks good. - Why is the configuration==null check required in ACLManager ? {code} +} else { + aclsEnabled = true; +} {code} TEZ_DAG_VIEW_ACLS, TEZ_DAG_MODIFY_ACLS are private. Do we want users setting these via tez-site.xml ? If not, ideally, these could be sent via their own proto field, and then just sent into the ACLManager/Parser as strings. This is OK, but we should mark them private. DAGAccessControls. I'm guessing this is designed to be used as DAG.setAccessControls(new DAGAccessCOntrols().setUsersWithViewAcls(conf.getStrings(conf_property_name) ? Would be helpful to have some defaults like - ALLLOW_ALL, ALLOW_NONE. Also, a constructor which just accepts the standard MR ACLs may be useful, since we support that format for the AM ACLs in any case. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch, TEZ-671.3.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14097616#comment-14097616 ] ASF GitHub Bot commented on TEZ-671: Github user hiteshs closed the pull request at: https://github.com/apache/tez/pull/2 Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch, TEZ-671.3.patch, TEZ-671.4.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14097617#comment-14097617 ] ASF GitHub Bot commented on TEZ-671: Github user hiteshs commented on the pull request: https://github.com/apache/tez/pull/2#issuecomment-52241445 Closing this out and using std patch on apache jira instead. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch, TEZ-671.3.patch, TEZ-671.4.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14096328#comment-14096328 ] Hitesh Shah commented on TEZ-671: - API introductions involved. [~bikassaha] [~sseth] please review. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch, TEZ-671.3.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14091373#comment-14091373 ] Hitesh Shah commented on TEZ-671: - bq. getACLManager should make use of getDAG - instead of replicating it - being addressed. bq, Oleg had a comment about getting the ugi being repeated everywhere - already addressed. bq. Are any changes required on the creation of the ApplicationSubmissionContext to set the AM ACLs for YARN - being addressed. bq. How to DAGs supply ACLs. Do we need a method on the DAG API for this. In, which case, the DAG specific config parameters are likely not required. - I was under the assumption that we had support for a separate additional dag conf as a pass through for dag specific params. This seems no longer the case so I guess a new API is needed. bq. Anything needed in terms of ATS, or will that be a separate patch. - follow-up once timeline acls supports comes into hadoop. Post 2.6 i guess. bq. Ideally, when using the SimpleHistoryLoggingService - we could use HDFS ACLs to give access specific AM logs, but this would be a follow up. - Will file a follow-up for this too. bq. In terms of Group, AclManager etc - Groups was the only one I would have liked to reuse. It still has features being added and is marked private so I ended up creating a copy. - As for AclManager and all the other common functionality, given our need for 2 level checks, I think a separate impl might be better for us. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14091385#comment-14091385 ] Hitesh Shah commented on TEZ-671: - File HADOOP-10951 for Groups in hadoop to be made public. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch -- This message was sent by Atlassian JIRA (v6.2#6252)