org.apache.hadoop.yarn.security

Class ConfiguredYarnAuthorizer

java.lang.Object

org.apache.hadoop.yarn.security.YarnAuthorizationProvider

org.apache.hadoop.yarn.security.ConfiguredYarnAuthorizer

@InterfaceAudience.Private
@InterfaceStability.Unstable
public class ConfiguredYarnAuthorizer
extends YarnAuthorizationProvider

A YarnAuthorizationProvider implementation based on configuration files.

Constructor Summary

Constructors

Constructor and Description
ConfiguredYarnAuthorizer()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	checkPermission(AccessType accessType, PrivilegedEntity target, org.apache.hadoop.security.UserGroupInformation user) Check if user has the permission to access the target object.
org.apache.hadoop.security.authorize.AccessControlList	getAdminAcls()
void	init(org.apache.hadoop.conf.Configuration conf) Initialize the provider.
boolean	isAdmin(org.apache.hadoop.security.UserGroupInformation ugi) Check if the user is an admin.
void	setAdmins(org.apache.hadoop.security.authorize.AccessControlList acls, org.apache.hadoop.security.UserGroupInformation ugi) Set a list of users/groups who have admin access
void	setPermission(PrivilegedEntity target, Map<AccessType,org.apache.hadoop.security.authorize.AccessControlList> acls, org.apache.hadoop.security.UserGroupInformation ugi) Set ACLs for the target object.

Methods inherited from class org.apache.hadoop.yarn.security.YarnAuthorizationProvider

getInstance

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ConfiguredYarnAuthorizer

public ConfiguredYarnAuthorizer()

Method Detail

init

public void init(org.apache.hadoop.conf.Configuration conf)

Description copied from class: YarnAuthorizationProvider

Initialize the provider. Invoked on daemon startup. DefaultYarnAuthorizer is initialized based on configurations.

Specified by:

init in class YarnAuthorizationProvider

setPermission

public void setPermission(PrivilegedEntity target,
                 Map<AccessType,org.apache.hadoop.security.authorize.AccessControlList> acls,
                 org.apache.hadoop.security.UserGroupInformation ugi)

Description copied from class: YarnAuthorizationProvider

Set ACLs for the target object. AccessControlList class encapsulate the users and groups who can access the target.

Specified by:

setPermission in class YarnAuthorizationProvider

Parameters:

target - The target object.

acls - A map from access method to a list of users and/or groups who has permission to do the access.

ugi - User who sets the permissions.

checkPermission

public boolean checkPermission(AccessType accessType,
                      PrivilegedEntity target,
                      org.apache.hadoop.security.UserGroupInformation user)

Description copied from class: YarnAuthorizationProvider

Check if user has the permission to access the target object.

Specified by:

checkPermission in class YarnAuthorizationProvider

Parameters:

accessType - The type of accessing method.

target - The target object being accessed, e.g. app/queue

user - User who access the target

Returns:

true if user can access the object, otherwise false.

setAdmins

public void setAdmins(org.apache.hadoop.security.authorize.AccessControlList acls,
             org.apache.hadoop.security.UserGroupInformation ugi)

Description copied from class: YarnAuthorizationProvider

Set a list of users/groups who have admin access

Specified by:

setAdmins in class YarnAuthorizationProvider

Parameters:

acls - users/groups who have admin access

ugi - User who sets the admin acls.

isAdmin

public boolean isAdmin(org.apache.hadoop.security.UserGroupInformation ugi)

Description copied from class: YarnAuthorizationProvider

Check if the user is an admin.

Specified by:

isAdmin in class YarnAuthorizationProvider

Parameters:

ugi - the user to be determined if it is an admin

Returns:

true if the given user is an admin

getAdminAcls

public org.apache.hadoop.security.authorize.AccessControlList getAdminAcls()