[jira] [Comment Edited] (YARN-3895) Support ACLs in ATSv2

Fri, 26 Jan 2018 08:48:46 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-3895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16341258#comment-16341258
 ] 

Jason Lowe edited comment on YARN-3895 at 1/26/18 4:47 PM:
-----------------------------------------------------------

After chatting about this with [~jeagles] offline, we think the proposal could 
work well but only if the number of domains remains small.  The only way we see 
that happening is if domains are de-duplicated if they reference an equivalent 
set of ACLs so the total number of domains remains small.  It's not clear yet 
how this de-duplication would occur, especially if the write path can never do 
reads and if domains are allowed to be updated asynchronously (e.g.: admin 
wants to add another user to an existing domain).

Wildcard ACLs could be solved by treating every user as being in the '\*' group 
as well and always adding every de-duplicated domain ID to the '\*' group when 
created.


was (Author: jlowe):
After chatting about this with [~jeagles] offline, we think the proposal could 
work well but only if the number of domains remains small.  The only way we see 
that happening is if domains are de-duplicated if they reference an equivalent 
set of ACLs so the total number of domains remains small.  It's not clear yet 
how this de-duplication would occur, especially if the write path can never do 
reads and if domains are allowed to be updated asynchronously (e.g.: admin 
wants to add another user to an existing domain).

Wildcard ACLs could be solved by treating every user as being in the '*' group 
as well and always adding every de-duplicated domain ID to the '*' group when 
created.

> Support ACLs in ATSv2
> ---------------------
>
>                 Key: YARN-3895
>                 URL: https://issues.apache.org/jira/browse/YARN-3895
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>    Affects Versions: YARN-2928
>            Reporter: Varun Saxena
>            Assignee: Varun Saxena
>            Priority: Major
>              Labels: YARN-5355
>
> This JIRA is to keep track of authorization support design discussions for 
> both readers and collectors. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to