hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhijie Shen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-1937) Access control of per-framework data
Date Wed, 14 May 2014 18:15:19 GMT

     [ https://issues.apache.org/jira/browse/YARN-1937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Zhijie Shen updated YARN-1937:

    Attachment: YARN-1937.1.patch

I created a patch to make a TimlineACLsManager, which will check whether the query user is
going to be the owner of then timeline entity; if he is, he's going to retrieve the entity
or the events of this entity; otherwise, he can not access the corresponding timeline data.

To support the ACLs, I need to record the owner information of the timeline data when it is
posted. I leverage the primary filter to store the owner information by reserving the timeline
system filter key. Of course the system information will be masked before returning the timeline
data back to the user.

I upload the preliminary  patch to demonstrate the idea, and will work on the test cases and
complete local test.

It is worth mentioning that:

1. I do access control at the granularity of timeline entity. We can definitely explore more
fine-grained control, but I prefer keeping the thing simple initially.

2. Initially, I'm going to support access control that only the owner can access his timeline
data. In the future, we can extend it to allow admin and configured user/group list. Will
file a separate ticket for the follow-up work.

> Access control of per-framework data
> ------------------------------------
>                 Key: YARN-1937
>                 URL: https://issues.apache.org/jira/browse/YARN-1937
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-1937.1.patch

This message was sent by Atlassian JIRA

View raw message