[
https://issues.apache.org/jira/browse/MAPREDUCE-1664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12907107#action_12907107
]
Vinod K V commented on MAPREDUCE-1664:
--------------------------------------
Minor comments:
- mapred-default.xml: "For enabling this flag, this is to be set to true on
JobTracker's configuration file and in all TaskTracker's configuration files."
can better be "For enabling this flag, this is to be set to true on the
configuration files of JobTracker and all the TaskTrackers"
- QueueConfigurationParser: aclsEnabled isn't really deprecated as we ignore
it completely. May be we should simply say that in the message.
- QueueInfo.toFullPropertyName(): QueueInfo is public API. Let's not put this
method in there. You can let it be in QueueManager by making QueueManager
public but with private visibility classification. Java public scope identifier
doesn't really promise the public nature of a class/api anymore at all. You
should definitely also put java comments as to where all this method can be
used.
- ClusterMapReduceTestCase.startCluster() with the added parameter argument
seems like a very weird API to have, it isn't even generic enough to accept
other information. We can just have this in TestWebUIAuthorization.
- QueueManagerTestUtils.createQueuesConfigFile() doesn't need to return a
configuration. Adding the mapred-queues.xml as a resource to a configuration
object is also useless.
- TestJobHistory.testJobHistory(). Do we need a call to createQueuesConfigFile
here? It is configuring default queue again, yet the file isn't being put in
the classpath. Same in TestRecoveryManager.
- TestQueueAclsForCurrentUser.setupConfForNoAccess() : The admin acls
configured are different now. Earlier they were u1 for qu1 and " g2" for qu2.
> Job Acls affect Queue Acls
> --------------------------
>
> Key: MAPREDUCE-1664
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1664
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security
> Affects Versions: 0.22.0
> Reporter: Ravi Gummadi
> Assignee: Ravi Gummadi
> Fix For: 0.22.0
>
> Attachments: 1664.20S.3.4.patch, 1664.patch,
> 1664.qAdminsJobView.20S.v1.6.patch, 1664.v1.patch, M1664y20s-testfix.patch,
> mr-1664-20-bugfix.patch
>
>
> MAPREDUCE-1307 introduced job ACLs for securing job level operations. So in
> current trunk, queue ACLs and job ACLs are checked(with AND for both acls)
> for allowing job level operations. So for doing operations like killJob,
> killTask and setJobPriority user should be part of both
> mapred.queue.{queuename}.acl-administer-jobs and in
> mapreduce.job.acl-modify-job. This needs to change so that users who are part
> of mapred.queue.{queuename}.acl-administer-jobs will be able to do
> killJob,killTask,setJobPriority and users part of
> mapreduce.job.acl-modify-job will be able to do
> killJob,killTask,setJobPriority.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
