hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ravi Gummadi (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1542) Deprecate mapred.permissions.supergroup in favor of hadoop.cluster.administrators
Date Sat, 13 Mar 2010 01:51:27 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12844797#action_12844797
] 

Ravi Gummadi commented on MAPREDUCE-1542:
-----------------------------------------

Thanks Hemanth for the review. It is fine to remove HDFS related stuff from this patch.

# I think it makes sense to add checks for queue ACLs refresh, service refresh and user-to-group
mapping refresh also similar to node refresh. I don't see a semantic difference between these
operations and node refresh and they should be implemented in the same way, I think. But I
am OK if these are taken up in a following JIRA, as their addition may not be in the scope
of this JIRA.

Right. Let us do it in a follow-up JIRA.

# Regarding tests, I was expecting to see tests that set up users and groups in the hadoop.cluster.administrators
ACL and then checks that various operations of view and modify succeed with combinations of
both allowed and disallowed users. Exhaustive tests need not be end-to-end I think - i.e.
they need not run real jobs. Since most of the code goes through JobInProgress.checkAccess,
can we just create fake objects and test the checkAccess method ? And maybe have some end-to-end
tests for very important functions like killJob, killTask and view job details in a JSP.

TestWebUIAuthorization code changes of the patch already check
  (a) view-job as admin through almost all JSPs,
  (b) modify-job as admin through almost all JSPs -- includes killJob, killTask, setJobPriority.
TestNodeRefresh checks refreshNodes() as admin.
I guess these are covering tests we want ?


Will incorporate other comments given above and upload new patch.

> Deprecate mapred.permissions.supergroup in favor of hadoop.cluster.administrators
> ---------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-1542
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1542
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security
>            Reporter: Vinod K V
>            Assignee: Ravi Gummadi
>             Fix For: 0.22.0
>
>         Attachments: 1542.20S.patch, 1542.patch, 1542.v1.patch, mapreduce-1542-y20s.patch
>
>
> HADOOP-6568 added the configuration {{hadoop.cluster.administrators}} through which admins
can configure who the superusers/supergroups for the cluster are. MAPREDUCE itself already
has {{mapred.permissions.supergroup}} (which is just a single group). As agreed upon at HADOOP-6568,
this should be deprecated in favor of {{hadoop.cluster.administrators}}.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message