ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1738) RangerYarnAuthorizer not compatible with Hadoop-3.0.0
Date Thu, 16 Nov 2017 12:08:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16255203#comment-16255203
] 

Colm O hEigeartaigh commented on RANGER-1738:
---------------------------------------------

The problem with switching Ranger to Hadoop 3.0.0, is that a lot of the components rely on
Hadoop 2.7.x, and it ends up breaking a lot of the tests (HBase, Hive, etc.), as we end up
having different Hadoop versions on the classpath. Perhaps we should wait to update to Hadoop
3.0.0 until more of the components release new major versions depending on Hadoop 3.0.0? Until
then I could just add a new plugin for Yarn 3.0.0 so we can claim to support Hadoop 3.0.0.
WDYT?



> RangerYarnAuthorizer not compatible with Hadoop-3.0.0
> -----------------------------------------------------
>
>                 Key: RANGER-1738
>                 URL: https://issues.apache.org/jira/browse/RANGER-1738
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 0.7.1
>            Reporter: Hong Shen
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.0.0
>
>         Attachments: 0001-RANGER-1738-RangerYarnAuthorizer-not-compatible-with.patch
>
>
> In the newest hadoop version 3.0.0, YarnAuthorizationProvider has changed.
> The new YarnAuthorizationProvider.java has change the methods checkPermission and setPermission,

> {code:title=YarnAuthorizationProvider.java|borderStyle=solid}
>   /**
>    * Check if user has the permission to access the target object.
>    * 
>    * @param accessRequest
>    *          the request object which contains all the access context info.
>    * @return true if user can access the object, otherwise false.
>    */
>   public abstract boolean checkPermission(AccessRequest accessRequest);
>   /**
>    * Set permissions for the target object.
>    *
>    * @param permissions
>    *        A list of permissions on the target object.
>    * @param ugi User who sets the permissions.
>    */
>   public abstract void setPermission(List<Permission> permissions,
>       UserGroupInformation ugi);
> {code}
> But the RangerYarnAuthorizer extends YarnAuthorizationProvider impletement the old method.
> {code:title=RangerYarnAuthorizer.java|borderStyle=solid}
> 	@Override
> 	public void setPermission(PrivilegedEntity entity, Map<AccessType, AccessControlList>
permission, UserGroupInformation ugi) {
>        ...
> 	@Override
> 	public boolean checkPermission(AccessType accessType, PrivilegedEntity entity, UserGroupInformation
ugi) {
> {code}
> I think yarn plugin should also impletement the new method. I will add a patch for it.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message