org.apache.hadoop.yarn.security

Class ConfiguredYarnAuthorizer

java.lang.Object

org.apache.hadoop.yarn.security.YarnAuthorizationProvider

org.apache.hadoop.yarn.security.ConfiguredYarnAuthorizer

@InterfaceAudience.Private
 @InterfaceStability.Unstable
public class ConfiguredYarnAuthorizer
extends YarnAuthorizationProvider

A YarnAuthorizationProvider implementation based on configuration files.

Constructor Summary

Constructors

Constructor and Description
ConfiguredYarnAuthorizer()

Method Summary

Modifier and Type	Method and Description
boolean	checkPermission(AccessRequest accessRequest) Check if user has the permission to access the target object.
org.apache.hadoop.security.authorize.AccessControlList	getAdminAcls()
void	init(org.apache.hadoop.conf.Configuration conf) Initialize the provider.
boolean	isAdmin(org.apache.hadoop.security.UserGroupInformation ugi) Check if the user is an admin.
void	setAdmins(org.apache.hadoop.security.authorize.AccessControlList acls, org.apache.hadoop.security.UserGroupInformation ugi) Set a list of users/groups who have admin access
void	setPermission(List<Permission> permissions, org.apache.hadoop.security.UserGroupInformation user) Set permissions for the target object.

Methods inherited from class org.apache.hadoop.yarn.security.YarnAuthorizationProvider

destroy, getInstance

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ConfiguredYarnAuthorizer

public ConfiguredYarnAuthorizer()

Method Detail

init

public void init(org.apache.hadoop.conf.Configuration conf)

Description copied from class: YarnAuthorizationProvider

Initialize the provider. Invoked on daemon startup. DefaultYarnAuthorizer is initialized based on configurations.

Specified by:

init in class YarnAuthorizationProvider

Parameters:

conf - configuration.

setPermission

public void setPermission(List<Permission> permissions,
                          org.apache.hadoop.security.UserGroupInformation user)

Description copied from class: YarnAuthorizationProvider

Set permissions for the target object.

Specified by:

setPermission in class YarnAuthorizationProvider

Parameters:

permissions - A list of permissions on the target object.

user - User who sets the permissions.

checkPermission

public boolean checkPermission(AccessRequest accessRequest)

Description copied from class: YarnAuthorizationProvider

Check if user has the permission to access the target object.

Specified by:

checkPermission in class YarnAuthorizationProvider

Parameters:

accessRequest - the request object which contains all the access context info.

Returns:

true if user can access the object, otherwise false.

setAdmins

public void setAdmins(org.apache.hadoop.security.authorize.AccessControlList acls,
                      org.apache.hadoop.security.UserGroupInformation ugi)

Description copied from class: YarnAuthorizationProvider

Set a list of users/groups who have admin access

Specified by:

setAdmins in class YarnAuthorizationProvider

Parameters:

acls - users/groups who have admin access

ugi - User who sets the admin acls.

isAdmin

public boolean isAdmin(org.apache.hadoop.security.UserGroupInformation ugi)

Description copied from class: YarnAuthorizationProvider

Check if the user is an admin.

Specified by:

isAdmin in class YarnAuthorizationProvider

Parameters:

ugi - the user to be determined if it is an admin

Returns:

true if the given user is an admin

getAdminAcls

public org.apache.hadoop.security.authorize.AccessControlList getAdminAcls()