[
https://issues.apache.org/jira/browse/YARN-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14302606#comment-14302606
]
Zhijie Shen commented on YARN-3100:
-----------------------------------
IMHO, the problem we want to solve in the scope of this Jira is to refactor
*YARN* ACL code, such that we can make *YARN* use third-party authorization
provider, such as Ranger and Sentry.
We appreciate your input, but would you please be more specific what common ACL
you refer to. It would be more helpful if you can provide the details about
what the exact piece YARN can reuse and the approach how YARN can reuse it.
Anyway, I'm afraid uniforming common and YARN authorization is out of the scope
of this Jira, such that we can take care of it separately. And while doing
this, we also need to take HDFS authorization into account, don't we?
> Make YARN authorization pluggable
> ---------------------------------
>
> Key: YARN-3100
> URL: https://issues.apache.org/jira/browse/YARN-3100
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Jian He
> Assignee: Jian He
> Attachments: YARN-3100.1.patch, YARN-3100.2.patch
>
>
> The goal is to have YARN acl model pluggable so as to integrate other
> authorization tool such as Apache Ranger, Sentry.
> Currently, we have
> - admin ACL
> - queue ACL
> - application ACL
> - time line domain ACL
> - service ACL
> The proposal is to create a YarnAuthorizationProvider interface. Current
> implementation will be the default implementation. Ranger or Sentry plug-in
> can implement this interface.
> Benefit:
> - Unify the code base. With the default implementation, we can get rid of
> each specific ACL manager such as AdminAclManager, ApplicationACLsManager,
> QueueAclsManager etc.
> - Enable Ranger, Sentry to do authorization for YARN.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
