hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (HADOOP-3698) Implement access control for submitting jobs to queues in the JobTracker
Date Mon, 18 Aug 2008 16:41:44 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-3698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12623400#action_12623400
] 

owen.omalley edited comment on HADOOP-3698 at 8/18/08 9:40 AM:
----------------------------------------------------------------

I'd suggest keeping the implementation concrete until we have a more complete story for security.
I'd suggest:
  * Make the class concrete rather than abstract & pluggable, until we have a better handle
on what we'd need from a plugin.
  * Make it Configured, rather than recoding it.
  * Drop initialize. It can be done in a configure method, if necessary.
  * I think that verifyAccess should take a UGI, since it is a security check.
  * I assume this is only being used in the JobTracker, rather than in the client.

{code}
class QueueAccessVerifier extends Configured {

  enum QueueOperation {
    SUBMIT_JOB,
     ADMINISTER_JOBS
    // TODO Add LIST_JOBS when we have a http security story
  }

  // verify if the specified operation is allowed on the specified queue
  public boolean verifyAccess(QueueOperation operation, 
                                               String queue,
                                               UserGroupInformation user) throws IOException
{..}
}
{code}

      was (Author: owen.omalley):
    I'd suggest keeping the implementation concrete until we have a more complete story for
security. I'd suggest:
  * Make the class concrete rather than abstract & pluggable, until we have a better handle
on what we'd need from a plugin.
  * Make it Configured, rather than recoding it.
  * Drop initialize. It can be done in a configure method, if necessary.
  * I think that verifyAccess should take a UGI, since it is a security check.
  * I assume this is only being used in the JobTracker, rather than in the client.

{code}
class QueueAccessVerifier extends Configured {

  enum QueueOperation {
    SUBMIT_JOB,
     ADMINISTER_JOBS
    // TODO Add LIST_JOBS when we have a http security story
  }

  // verify if the specified operation is allowed on the specified queue
  public boolean verifyAccess(QueueOperation operation, 
                                               String queue,
                                               UserGroupInformation user) throws IOException
{..}
}
  
> Implement access control for submitting jobs to queues in the JobTracker
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-3698
>                 URL: https://issues.apache.org/jira/browse/HADOOP-3698
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: mapred
>            Reporter: Hemanth Yamijala
>            Assignee: Hemanth Yamijala
>             Fix For: 0.19.0
>
>
> HADOOP-3445 implements multiple queues in the JobTracker as part of the new resource
manager for Hadoop (HADOOP-3421). There needs to be a mechanism to control who can submit
jobs to a specified queue. This JIRA is for tracking the requirements, approach and implementation
for the same.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message