This is an automated email from the ASF dual-hosted git repository. elek pushed a commit to branch HDDS-2181 in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git
commit f926998cc29459b8370cc1f094681e6a9dd30df1 Author: Vivek Ratnavel Subramanian <vivekratnave...@gmail.com> AuthorDate: Tue Oct 8 17:56:48 2019 -0700 Handle acl checks correctly in allocate block request --- .../OzoneManagerProtocolClientSideTranslatorPB.java | 2 +- .../hadoop/ozone/om/request/key/OMAllocateBlockRequest.java | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java index c9dc8ec..ee9e19a 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java @@ -340,7 +340,7 @@ public final class OzoneManagerProtocolClientSideTranslatorPB if (omResponse.hasLeaderOMNodeId() && omFailoverProxyProvider != null) { String leaderOmId = omResponse.getLeaderOMNodeId(); - // Failover to the OM node returned by OMReponse leaderOMNodeId if + // Failover to the OM node returned by OMResponse leaderOMNodeId if // current proxy is not pointing to that node. omFailoverProxyProvider.performFailoverIfRequired(leaderOmId); } diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java index df565de..a6702b3 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java @@ -25,6 +25,8 @@ import java.util.Map; import com.google.common.base.Optional; import com.google.common.base.Preconditions; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.ozone.OmUtils; import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer; import org.apache.hadoop.util.Time; @@ -170,7 +172,15 @@ public class OMAllocateBlockRequest extends OMKeyRequest { OmKeyInfo omKeyInfo = null; try { // check Acl - checkKeyAcls(ozoneManager, volumeName, bucketName, keyName, + // Native authorizer requires client id as part of keyname to check + // write ACL on key. Add client id to key name if ozone native + // authorizer is configured. + Configuration config = ozoneManager.getConfiguration(); + String keyNameForAclCheck = keyName; + if (OmUtils.isNativeAuthorizerEnabled(config)) { + keyNameForAclCheck = keyName + "/" + allocateBlockRequest.getClientID(); + } + checkKeyAcls(ozoneManager, volumeName, bucketName, keyNameForAclCheck, IAccessAuthorizer.ACLType.WRITE); OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager(); --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-commits-h...@hadoop.apache.org