hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10652) Refactor Proxyusers to use AccessControlList
Date Mon, 23 Jun 2014 23:15:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14041462#comment-14041462
] 

Benoy Antony commented on HADOOP-10652:
---------------------------------------

Thanks for reviewing , [~arpitagarwal].
Currently(without the patch) _DefaultImpersonationProvider_ keeps two maps  - 
* proxyUsers -  list of users who can be proxied by a superuser. The key used is hadoop.proxyuser.<superuser-name>.users.
This key is  obtained from the property-name in the configuration..
* proxyGroups -  list of users who can be proxied by a superuser. The key used is hadoop.proxyuser.<superuser-name>.groups.
This key is  obtained from the property-name in the configuration..

With this patch, we'll keep only one map - proxyUserAcl . This will be a map of  hadoop.proxyuser.<superuser-name>
 to the AccessControlList instance for a superuser. Since the configuration still uses {{hadoop.proxyuser.<superuser-name>.users}}
 and {{hadoop.proxyuser.<superuser-name>.groups}}  , we use _getAclKey_  to get  {{hadoop.proxyuser.<superuser-name>}}
  from those names. 

> Refactor Proxyusers to use AccessControlList  
> ----------------------------------------------
>
>                 Key: HADOOP-10652
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10652
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HADOOP-10652.patch, HADOOP-10652.patch, HADOOP-10652.patch
>
>
> Currently Proxyuser specification  accepts a list of users and groups including wildcard
values. Same functionality is already encapsulated in _AccessControlList_ . It will be better
to refactor _ProxyUsers_ to use _AccessControlList_ instead of maintaining separate logic.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message