[ozone] branch master updated: HDDS-8654. Support dynamic change of ozone.readonly.administrators in OM (#4737)

adoroszlai Sun, 21 May 2023 12:28:09 -0700

This is an automated email from the ASF dual-hosted git repository.

adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git



The following commit(s) were added to refs/heads/master by this push:
     new e401150f6a HDDS-8654. Support dynamic change of 
ozone.readonly.administrators in OM (#4737)
e401150f6a is described below

commit e401150f6ad042219dd97587289310a1980c5cf9
Author: z-bb <[email protected]>
AuthorDate: Mon May 22 03:27:55 2023 +0800

    HDDS-8654. Support dynamic change of ozone.readonly.administrators in OM 
(#4737)
---
 .../hadoop/ozone/reconfig/TestOmReconfigure.java   | 20 ++++++++++++
 .../apache/hadoop/ozone/om/OmMetadataReader.java   | 15 +--------
 .../org/apache/hadoop/ozone/om/OzoneManager.java   | 36 +++++++++++++++++++++-
 3 files changed, 56 insertions(+), 15 deletions(-)

diff --git 
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestOmReconfigure.java
 
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestOmReconfigure.java
index 3ce6cab55b..2488f309fa 100644
--- 
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestOmReconfigure.java
+++ 
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestOmReconfigure.java
@@ -19,6 +19,7 @@ package org.apache.hadoop.ozone.reconfig;
  */
 
 import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static 
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import java.util.UUID;
@@ -97,4 +98,23 @@ public class TestOmReconfigure {
         ozoneManager.getOmAdminUsernames().contains(userB));
   }
 
+  /**
+   * Test reconfigure om "ozone.readonly.administrators".
+   */
+  @Test
+  public void testOmReadOnlyUsersReconfigure() throws Exception {
+    String userA = "mockUserA";
+    String userB = "mockUserB";
+    conf.set(OZONE_READONLY_ADMINISTRATORS, userA);
+    ozoneManager.reconfigurePropertyImpl(OZONE_READONLY_ADMINISTRATORS, userA);
+    assertTrue(userA + " should be a readOnly admin user",
+        ozoneManager.getOmReadOnlyAdminUsernames().contains(userA));
+
+    conf.set(OZONE_READONLY_ADMINISTRATORS, userB);
+    ozoneManager.reconfigurePropertyImpl(OZONE_READONLY_ADMINISTRATORS, userB);
+    assertFalse(userA + " should NOT be a admin user",
+        ozoneManager.getOmReadOnlyAdminUsernames().contains(userA));
+    assertTrue(userB + " should be a admin user",
+        ozoneManager.getOmReadOnlyAdminUsernames().contains(userB));
+  }
 }
diff --git 
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OmMetadataReader.java
 
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OmMetadataReader.java
index 5818b64da2..b21dab2522 100644
--- 
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OmMetadataReader.java
+++ 
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OmMetadataReader.java
@@ -20,7 +20,6 @@ package org.apache.hadoop.ozone.om;
 import java.io.IOException;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.hadoop.hdds.conf.OzoneConfiguration;
-import org.apache.hadoop.hdds.server.OzoneAdmins;
 import org.apache.hadoop.ipc.ProtobufRpcEngine;
 import org.apache.hadoop.ipc.Server;
 import org.apache.hadoop.ozone.OzoneAcl;
@@ -44,7 +43,6 @@ import org.apache.hadoop.util.ReflectionUtils;
 import org.apache.hadoop.util.Time;
 import org.slf4j.Logger;
 import java.net.InetAddress;
-import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
@@ -116,7 +114,7 @@ public class OmMetadataReader implements IOmMetadataReader, 
Auditor {
         authorizer.setKeyManager(keyManager);
         authorizer.setPrefixManager(prefixManager);
         authorizer.setOzoneAdmins(ozoneManager.getOmAdmins());
-        authorizer.setOzoneReadOnlyAdmins(getOmReadOnlyAdmins(configuration));
+        authorizer.setOzoneReadOnlyAdmins(ozoneManager.getReadOnlyAdmins());
         authorizer.setAllowListAllVolumes(allowListAllVolumes);
       } else {
         isNativeAuthorizerEnabled = false;
@@ -581,15 +579,4 @@ public class OmMetadataReader implements 
IOmMetadataReader, Auditor {
     return ResourceType.KEY;
   }
 
-  private OzoneAdmins getOmReadOnlyAdmins(OzoneConfiguration configuration) {
-    // Get read only admin list
-    Collection<String> omReadOnlyAdmins =
-        OzoneConfigUtil.getOzoneReadOnlyAdminsFromConfig(
-            configuration);
-    Collection<String> omReadOnlyAdminsGroups =
-        OzoneConfigUtil.getOzoneReadOnlyAdminsGroupsFromConfig(
-            configuration);
-    return new OzoneAdmins(omReadOnlyAdmins,
-        omReadOnlyAdminsGroups);
-  }
 }
diff --git 
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
 
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
index 23afb24e67..fc1337dd38 100644
--- 
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++ 
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -239,6 +239,7 @@ import static 
org.apache.hadoop.ozone.OzoneConfigKeys.DFS_CONTAINER_RATIS_ENABLE
 import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
 import static 
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED_DEFAULT;
 import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static 
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS;
 import static 
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_FLEXIBLE_FQDN_RESOLUTION_ENABLED;
 import static 
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_FLEXIBLE_FQDN_RESOLUTION_ENABLED_DEFAULT;
 import static 
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_KEY_PREALLOCATION_BLOCKS_MAX;
@@ -357,6 +358,7 @@ public final class OzoneManager extends 
ServiceRuntimeInfoImpl
    */
   private final String omStarterUser;
   private final OzoneAdmins omAdmins;
+  private final OzoneAdmins readOnlyAdmins;
   private final OzoneAdmins s3OzoneAdmins;
 
   private final OMMetrics metrics;
@@ -471,7 +473,8 @@ public final class OzoneManager extends 
ServiceRuntimeInfoImpl
   /** A list of property that are reconfigurable at runtime. */
   private final SortedSet<String> reconfigurableProperties =
       ImmutableSortedSet.of(
-          OZONE_ADMINISTRATORS
+          OZONE_ADMINISTRATORS,
+          OZONE_READONLY_ADMINISTRATORS
       );
 
   @SuppressWarnings("methodlength")
@@ -645,6 +648,17 @@ public final class OzoneManager extends 
ServiceRuntimeInfoImpl
     LOG.info("OM start with adminUsers: {}", omAdminUsernames);
     omAdmins = new OzoneAdmins(omAdminUsernames, omAdminGroups);
 
+    // Get read only admin list
+    Collection<String> omReadOnlyAdmins =
+        OzoneConfigUtil.getOzoneReadOnlyAdminsFromConfig(
+            configuration);
+    Collection<String> omReadOnlyAdminsGroups =
+        OzoneConfigUtil.getOzoneReadOnlyAdminsGroupsFromConfig(
+            configuration);
+
+    readOnlyAdmins = new OzoneAdmins(omReadOnlyAdmins,
+        omReadOnlyAdminsGroups);
+
     Collection<String> s3AdminUsernames =
             OzoneConfigUtil.getS3AdminsFromConfig(configuration);
     Collection<String> s3AdminGroups =
@@ -4070,6 +4084,10 @@ public final class OzoneManager extends 
ServiceRuntimeInfoImpl
     return omAdmins.getAdminUsernames();
   }
 
+  public Collection<String> getOmReadOnlyAdminUsernames() {
+    return readOnlyAdmins.getAdminUsernames();
+  }
+
   public Collection<String> getOmAdminGroups() {
     return omAdmins.getAdminGroups();
   }
@@ -4081,6 +4099,10 @@ public final class OzoneManager extends 
ServiceRuntimeInfoImpl
     return omAdmins;
   }
 
+  public OzoneAdmins getReadOnlyAdmins() {
+    return readOnlyAdmins;
+  }
+
   /**
    * Return true if a UserGroupInformation is OM admin, false otherwise.
    * @param callerUgi Caller UserGroupInformation
@@ -4615,6 +4637,8 @@ public final class OzoneManager extends 
ServiceRuntimeInfoImpl
       throws ReconfigurationException {
     if (property.equals(OZONE_ADMINISTRATORS)) {
       return reconfOzoneAdmins(newVal);
+    } else if (property.equals(OZONE_READONLY_ADMINISTRATORS)) {
+      return reconfOzoneReadOnlyAdmins(newVal);
     } else {
       throw new ReconfigurationException(property, newVal,
           getConfiguration().get(property));
@@ -4632,6 +4656,16 @@ public final class OzoneManager extends 
ServiceRuntimeInfoImpl
     return String.valueOf(newVal);
   }
 
+  private String reconfOzoneReadOnlyAdmins(String newVal) {
+    getConfiguration().set(OZONE_READONLY_ADMINISTRATORS, newVal);
+    Collection<String> pReadOnlyAdmins =
+        OzoneConfigUtil.getOzoneReadOnlyAdminsFromConfig(getConfiguration());
+    readOnlyAdmins.setAdminUsernames(pReadOnlyAdmins);
+    LOG.info("Load conf {} : {}, and now readOnly admins are: {}",
+        OZONE_READONLY_ADMINISTRATORS, newVal, pReadOnlyAdmins);
+    return String.valueOf(newVal);
+  }
+
   public void validateReplicationConfig(ReplicationConfig replicationConfig)
       throws OMException {
     try {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[ozone] branch master updated: HDDS-8654. Support dynamic change of ozone.readonly.administrators in OM (#4737)

Reply via email to