ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1738) RangerYarnAuthorizer not compatible with Hadoop-3.0.0
Date Wed, 05 Sep 2018 08:50:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16604141#comment-16604141
] 

Colm O hEigeartaigh commented on RANGER-1738:
---------------------------------------------

[~rmani], No this patch is out of date (and only related to the yarn authorizer). The complete
Hadoop 3.0.0 patch is attached to RANGER-1935 instead, but best to work with the review request
I made:

https://reviews.apache.org/r/68428/

> RangerYarnAuthorizer not compatible with Hadoop-3.0.0
> -----------------------------------------------------
>
>                 Key: RANGER-1738
>                 URL: https://issues.apache.org/jira/browse/RANGER-1738
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 0.7.1
>            Reporter: Hong Shen
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 2.0.0
>
>         Attachments: 0001-RANGER-1738-RangerYarnAuthorizer-not-compatible-with.patch
>
>
> In the newest hadoop version 3.0.0, YarnAuthorizationProvider has changed.
> The new YarnAuthorizationProvider.java has change the methods checkPermission and setPermission,

> {code:title=YarnAuthorizationProvider.java|borderStyle=solid}
>   /**
>    * Check if user has the permission to access the target object.
>    * 
>    * @param accessRequest
>    *          the request object which contains all the access context info.
>    * @return true if user can access the object, otherwise false.
>    */
>   public abstract boolean checkPermission(AccessRequest accessRequest);
>   /**
>    * Set permissions for the target object.
>    *
>    * @param permissions
>    *        A list of permissions on the target object.
>    * @param ugi User who sets the permissions.
>    */
>   public abstract void setPermission(List<Permission> permissions,
>       UserGroupInformation ugi);
> {code}
> But the RangerYarnAuthorizer extends YarnAuthorizationProvider impletement the old method.
> {code:title=RangerYarnAuthorizer.java|borderStyle=solid}
> 	@Override
> 	public void setPermission(PrivilegedEntity entity, Map<AccessType, AccessControlList>
permission, UserGroupInformation ugi) {
>        ...
> 	@Override
> 	public boolean checkPermission(AccessType accessType, PrivilegedEntity entity, UserGroupInformation
ugi) {
> {code}
> I think yarn plugin should also impletement the new method. I will add a patch for it.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message