This is an automated email from the ASF dual-hosted git repository. siyao pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ozone.git
commit 0242a823f9f686f90fa449ceaa9909d799f95464 Merge: fad347c3c0 1acaa82f34 Author: Siyao Meng <[email protected]> AuthorDate: Sun May 29 10:24:25 2022 -0700 Merge remote-tracking branch 'asf/HDDS-4944' Change-Id: I0c2e045b8d413e6425f2fd9a254c7524c8dc390b .../hadoop/hdds/scm/client/HddsClientUtils.java | 5 +- .../java/org/apache/hadoop/ozone/OzoneConsts.java | 87 +- .../common/src/main/resources/ozone-default.xml | 31 + .../org/apache/hadoop/ozone/TestOzoneConsts.java | 35 + .../docs/content/feature/Nonrolling-Upgrade.md | 1 + .../feature/S3-Multi-Tenancy-Access-Control.md | 93 ++ .../docs/content/feature/S3-Multi-Tenancy-Setup.md | 93 ++ .../docs/content/feature/S3-Multi-Tenancy.md | 75 ++ .../docs/content/feature/S3-Tenant-Commands.md | 458 ++++++++ .../themes/ozonedoc/layouts/_default/section.html | 3 +- .../hadoop/hdds/utils/DBCheckpointServlet.java | 2 +- .../apache/hadoop/ozone/client/ObjectStore.java | 173 ++- .../apache/hadoop/ozone/client/OzoneVolume.java | 30 + .../org/apache/hadoop/ozone/client/TenantArgs.java | 82 ++ .../org/apache/hadoop/ozone/client/VolumeArgs.java | 2 + .../ozone/client/protocol/ClientProtocol.java | 131 ++- .../apache/hadoop/ozone/client/rpc/RpcClient.java | 196 +++- .../main/java/org/apache/hadoop/ozone/OmUtils.java | 12 + .../org/apache/hadoop/ozone/audit/OMAction.java | 15 +- .../org/apache/hadoop/ozone/om/OMConfigKeys.java | 41 + .../hadoop/ozone/om/exceptions/OMException.java | 16 +- .../hadoop/ozone/om/helpers/DeleteTenantState.java | 91 ++ .../hadoop/ozone/om/helpers/OmDBAccessIdInfo.java | 136 +++ .../hadoop/ozone/om/helpers/OmDBTenantState.java | 205 ++++ .../ozone/om/helpers/OmDBUserPrincipalInfo.java | 93 ++ .../hadoop/ozone/om/helpers/OmRangerSyncArgs.java | 67 ++ .../hadoop/ozone/om/helpers/OmTenantArgs.java | 92 ++ .../hadoop/ozone/om/helpers/OmTenantUserArgs.java} | 39 +- .../hadoop/ozone/om/helpers/OmVolumeArgs.java | 55 +- .../hadoop/ozone/om/helpers/S3SecretValue.java | 1 + .../hadoop/ozone/om/helpers/S3VolumeContext.java | 94 ++ .../hadoop/ozone/om/helpers/TenantStateList.java | 72 ++ .../ozone/om/helpers/TenantUserInfoValue.java | 75 ++ .../hadoop/ozone/om/helpers/TenantUserList.java | 70 ++ .../hadoop/ozone/om/multitenant/AccessPolicy.java | 152 +++ .../ozone/om/multitenant/AccountNameSpace.java | 77 ++ .../ozone/om/multitenant/BucketNameSpace.java | 94 ++ .../ozone/om/multitenant/OzoneOwnerPrincipal.java | 39 + .../hadoop/ozone/om/multitenant/OzoneTenant.java | 96 ++ .../om/multitenant/OzoneTenantRolePrincipal.java | 41 + .../ozone/om/multitenant/RangerAccessPolicy.java | 316 ++++++ .../apache/hadoop/ozone/om/multitenant/Tenant.java | 59 + .../om/multitenant/impl/AccountNameSpaceImpl.java | 53 + .../impl/SingleVolumeTenantNamespace.java | 83 ++ .../ozone/om/multitenant/impl/package-info.java} | 24 +- .../hadoop/ozone/om/multitenant/package-info.java} | 24 +- .../ozone/om/protocol/OzoneManagerProtocol.java | 126 +++ .../apache/hadoop/ozone/om/protocol/S3Auth.java | 18 +- ...OzoneManagerProtocolClientSideTranslatorPB.java | 258 +++++ .../ozone/om/exceptions/TestResultCodes.java | 3 +- .../main/compose/ozonesecure/docker-compose.yaml | 16 +- .../src/main/compose/ozonesecure/docker-config | 13 + .../ozonesecure/mockserverInitialization.json | 98 ++ .../non-rolling-upgrade/1.1.0-1.2.0/callback.sh | 2 +- .../non-rolling-upgrade/1.2.1-1.3.0/callback.sh | 2 +- hadoop-ozone/dist/src/main/license/jar-report.txt | 24 + .../smoketest/security/ozone-secure-tenant.robot | 138 +++ .../smoketest/security/ozone-secure-token.robot | 1 + .../dist/src/main/smoketest/upgrade/generate.robot | 31 +- .../dist/src/main/smoketest/upgrade/validate.robot | 22 + hadoop-ozone/dist/src/shell/ozone/ozone | 5 + .../hadoop/hdds/upgrade/TestHDDSUpgrade.java | 9 +- .../hadoop/ozone/TestOzoneConfigurationFields.java | 12 +- .../hadoop/ozone/TestSecureOzoneCluster.java | 17 +- .../client/rpc/TestOzoneRpcClientAbstract.java | 6 +- ...estMultiTenantAccessAuthorizerRangerPlugin.java | 269 +++++ .../om/multitenant/TestMultiTenantVolume.java | 264 +++++ .../om/multitenant/TestRangerBGSyncService.java | 722 ++++++++++++ .../hadoop/ozone/om/multitenant/package-info.java} | 25 +- .../hadoop/ozone/shell/TestOzoneShellHA.java | 3 + .../hadoop/ozone/shell/TestOzoneTenantShell.java | 1085 ++++++++++++++++++ .../src/main/proto/OmClientProtocol.proto | 233 +++- .../apache/hadoop/ozone/om/OMMetadataManager.java | 9 + .../ozone/om/codec/OmDBAccessIdInfoCodec.java | 57 + .../ozone/om/codec/OmDBTenantStateCodec.java | 57 + .../ozone/om/codec/OmDBUserPrincipalInfoCodec.java | 60 + hadoop-ozone/ozone-manager/pom.xml | 39 + .../org/apache/hadoop/ozone/om/KeyManagerImpl.java | 2 +- .../java/org/apache/hadoop/ozone/om/OMMetrics.java | 174 +++ .../hadoop/ozone/om/OMMultiTenantManager.java | 321 ++++++ .../hadoop/ozone/om/OMMultiTenantManagerImpl.java | 1149 ++++++++++++++++++++ .../hadoop/ozone/om/OmMetadataManagerImpl.java | 74 +- .../org/apache/hadoop/ozone/om/OzoneAclUtils.java | 25 + .../org/apache/hadoop/ozone/om/OzoneManager.java | 350 +++++- .../hadoop/ozone/om/S3SecretManagerImpl.java | 14 +- .../java/org/apache/hadoop/ozone/om/TenantOp.java | 86 ++ .../hadoop/ozone/om/codec/OMDBDefinition.java | 38 +- .../ozone/om/multitenant/AuthorizerLock.java | 87 ++ .../ozone/om/multitenant/AuthorizerLockImpl.java | 186 ++++ .../ozone/om/multitenant/CachedTenantState.java | 88 ++ .../multitenant/MultiTenantAccessAuthorizer.java | 282 +++++ .../MultiTenantAccessAuthorizerDummyPlugin.java | 194 ++++ .../MultiTenantAccessAuthorizerRangerPlugin.java | 850 +++++++++++++++ .../multitenant/MultiTenantAccessController.java | 414 +++++++ .../om/multitenant/OMRangerBGSyncService.java | 844 ++++++++++++++ .../RangerClientMultiTenantAccessController.java | 323 ++++++ .../RangerRestMultiTenantAccessController.java | 670 ++++++++++++ .../package-info.java} | 16 +- .../om/ratis/utils/OzoneManagerRatisUtils.java | 30 + .../hadoop/ozone/om/request/OMClientRequest.java | 20 +- .../om/request/file/OMDirectoryCreateRequest.java | 2 +- .../om/request/s3/security/OMSetSecretRequest.java | 186 ++++ .../om/request/s3/security/S3GetSecretRequest.java | 153 ++- .../request/s3/security/S3RevokeSecretRequest.java | 17 +- .../request/s3/security/S3SecretRequestHelper.java | 107 ++ .../tenant/OMSetRangerServiceVersionRequest.java | 84 ++ .../s3/tenant/OMTenantAssignAdminRequest.java | 253 +++++ .../tenant/OMTenantAssignUserAccessIdRequest.java | 373 +++++++ .../request/s3/tenant/OMTenantCreateRequest.java | 352 ++++++ .../request/s3/tenant/OMTenantDeleteRequest.java | 247 +++++ .../s3/tenant/OMTenantRevokeAdminRequest.java | 242 +++++ .../tenant/OMTenantRevokeUserAccessIdRequest.java | 269 +++++ .../s3/tenant/package-info.java} | 24 +- .../om/request/volume/OMVolumeDeleteRequest.java | 10 + .../ozone/om/request/volume/OMVolumeRequest.java | 4 +- ...ecretResponse.java => OMSetSecretResponse.java} | 36 +- .../response/s3/security/S3GetSecretResponse.java | 6 + .../tenant/OMSetRangerServiceVersionResponse.java | 72 ++ .../s3/tenant/OMTenantAssignAdminResponse.java | 75 ++ .../tenant/OMTenantAssignUserAccessIdResponse.java | 105 ++ .../response/s3/tenant/OMTenantCreateResponse.java | 94 ++ .../response/s3/tenant/OMTenantDeleteResponse.java | 84 ++ .../s3/tenant/OMTenantRevokeAdminResponse.java | 75 ++ .../tenant/OMTenantRevokeUserAccessIdResponse.java | 93 ++ .../s3/tenant/package-info.java} | 24 +- .../om/upgrade/DisallowedUntilLayoutVersion.java | 2 +- .../hadoop/ozone/om/upgrade/OMLayoutFeature.java | 3 +- .../ozone/om/upgrade/OMLayoutFeatureAspect.java | 17 +- ...OzoneManagerProtocolServerSideTranslatorPB.java | 16 +- .../protocolPB/OzoneManagerRequestHandler.java | 85 +- .../ozone/security/acl/OzoneNativeAuthorizer.java | 3 + .../src/main/resources/META-INF/aop.xml | 24 + .../hadoop/ozone/om/TestAuthorizerLockImpl.java | 156 +++ .../hadoop/ozone/om/TestOMMultiTenantManager.java | 175 +++ .../ozone/om/TestOMMultiTenantManagerImpl.java | 159 +++ .../InMemoryMultiTenantAccessController.java | 154 +++ .../TestMultiTenantAccessController.java | 397 +++++++ .../ozone/om/request/OMRequestTestUtils.java | 154 +++ .../s3/security/TestS3GetSecretRequest.java | 450 ++++++++ .../tenant/TestSetRangerServiceVersionRequest.java | 110 ++ .../om/upgrade/TestOMLayoutFeatureAspect.java | 1 + .../hadoop/ozone/s3/OzoneClientProducer.java | 8 +- .../hadoop/ozone/s3/endpoint/EndpointBase.java | 11 +- .../hadoop/ozone/client/ObjectStoreStub.java | 10 +- .../hadoop/ozone/client/OzoneBucketStub.java | 8 +- .../hadoop/ozone/s3/TestS3GatewayAuditLog.java | 6 +- .../s3/endpoint/TestMultipartUploadWithCopy.java | 6 +- .../hadoop/ozone/s3/endpoint/TestObjectHead.java | 6 +- .../ozone/s3/endpoint/TestPermissionCheck.java | 12 +- .../hadoop/ozone/shell/s3/GetS3SecretHandler.java | 13 +- .../org/apache/hadoop/ozone/shell/s3/S3Shell.java | 1 + ...3SecretHandler.java => SetS3SecretHandler.java} | 35 +- .../ozone/shell/tenant/GetUserInfoHandler.java | 110 ++ .../shell/tenant/TenantAssignAdminHandler.java | 68 ++ .../tenant/TenantAssignUserAccessIdHandler.java | 83 ++ .../shell/tenant/TenantBucketLinkHandler.java | 74 ++ .../ozone/shell/tenant/TenantCreateHandler.java | 55 + .../ozone/shell/tenant/TenantDeleteHandler.java | 73 ++ .../ozone/shell/tenant/TenantGetSecretHandler.java | 53 + .../hadoop/ozone/shell/tenant/TenantHandler.java | 54 + .../ozone/shell/tenant/TenantListHandler.java | 72 ++ .../ozone/shell/tenant/TenantListUsersHandler.java | 81 ++ .../shell/tenant/TenantRevokeAdminHandler.java | 61 ++ .../tenant/TenantRevokeUserAccessIdHandler.java | 45 + .../ozone/shell/tenant/TenantSetSecretHandler.java | 55 + .../{s3/S3Shell.java => tenant/TenantShell.java} | 30 +- .../ozone/shell/tenant/TenantUserCommands.java | 76 ++ .../hadoop/ozone/shell/tenant/package-info.java | 21 + 168 files changed, 19255 insertions(+), 355 deletions(-) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
