Package org.apache.hadoop.yarn.security

Class YarnAuthorizationProvider

java.lang.Object

org.apache.hadoop.yarn.security.YarnAuthorizationProvider

Direct Known Subclasses:

ConfiguredYarnAuthorizer

@Private
@Unstable
public abstract class YarnAuthorizationProvider
extends Object

An implementation of the interface will provide authorization related information and enforce permission check. It is excepted that any of the methods defined in this interface should be non-blocking call and should not involve expensive computation as these method could be invoked in RPC.

Constructor Summary

Constructors

Constructor	Description
YarnAuthorizationProvider()

Method Summary

Modifier and Type	Method	Description
abstract boolean	checkPermission(AccessRequest accessRequest)	Check if user has the permission to access the target object.
static void	destroy()	Destroy the YarnAuthorizationProvider instance.
static YarnAuthorizationProvider	getInstance(org.apache.hadoop.conf.Configuration conf)
abstract void	init(org.apache.hadoop.conf.Configuration conf)	Initialize the provider.
abstract boolean	isAdmin(org.apache.hadoop.security.UserGroupInformation ugi)	Check if the user is an admin.
abstract void	setAdmins(org.apache.hadoop.security.authorize.AccessControlList acls, org.apache.hadoop.security.UserGroupInformation ugi)	Set a list of users/groups who have admin access
abstract void	setPermission(List<Permission> permissions, org.apache.hadoop.security.UserGroupInformation ugi)	Set permissions for the target object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

YarnAuthorizationProvider

public YarnAuthorizationProvider()

Method Details

getInstance

public static YarnAuthorizationProvider getInstance(org.apache.hadoop.conf.Configuration conf)

destroy

@VisibleForTesting
public static void destroy()

Destroy the YarnAuthorizationProvider instance. This method is called only in Tests.

init

public abstract void init(org.apache.hadoop.conf.Configuration conf)

Initialize the provider. Invoked on daemon startup. DefaultYarnAuthorizer is initialized based on configurations.

Parameters:

conf - configuration.

checkPermission

public abstract boolean checkPermission(AccessRequest accessRequest)

Check if user has the permission to access the target object.

Parameters:

accessRequest - the request object which contains all the access context info.

Returns:

true if user can access the object, otherwise false.

setPermission

public abstract void setPermission(List<Permission> permissions,
 org.apache.hadoop.security.UserGroupInformation ugi)

Set permissions for the target object.

Parameters:

permissions - A list of permissions on the target object.

ugi - User who sets the permissions.

setAdmins

public abstract void setAdmins(org.apache.hadoop.security.authorize.AccessControlList acls,
 org.apache.hadoop.security.UserGroupInformation ugi)

Set a list of users/groups who have admin access

Parameters:

acls - users/groups who have admin access

ugi - User who sets the admin acls.

isAdmin

public abstract boolean isAdmin(org.apache.hadoop.security.UserGroupInformation ugi)

Check if the user is an admin.

Parameters:

ugi - the user to be determined if it is an admin

Returns:

true if the given user is an admin