[jira] [Comment Edited] (HDFS-12147) Ozone: KSM: Add checkBucketAccess

[Weiwei Yang (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HDFS-12147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091091#comment-16091091
 ] 

Weiwei Yang edited comment on HDFS-12147 at 7/18/17 4:34 AM:
-------------------------------------------------------------

Hi [~nandakumar131], [~vagarychen]

I am a bit confused with this patch.

1. Why the checkBucketAccess is exposed as a RPC call in KSM? Is it something 
that should be done internally in KSM while read/write/delete keys in a bucket? 
I am not sure why this is necessary to be exposed via 
{{KeySpaceManagerProtocol}}.

2. {{OzoneMetadataManager#checkBucketAccess}} loads the acls of a bucket from 
KSM db and compare that to the value passing by argument {{OzoneAcl}}, why we 
are comparing OzoneAcl ? I thought OzoneAcl was used to verify if a given 
user/group have a particular permission, e.g we could have OzoneAcl like 
following

{{user:bilbo:rw}}

which means user {{bilbo}} has read as well as write permission to the bucket. 
So it's pretty nature to check against user and group name. I don't understand 
the check in line 843 - 853, can you elaborate please ?

Thank you.


was (Author: cheersyang):
Hi [~nandakumar131], [~vagarychen]

I am a bit confused with this patch.

1. Why the checkBucketAccess is exposed as a RPC call in KSM? Is it something 
that should be done internally in KSM while read/write/delete keys in a bucket? 
I am not sure why this is necessary to be exposed via 
{{KeySpaceManagerProtocol}}.

2. {{OzoneMetadataManager#checkBucketAccess}} loads the acls of a bucket from 
KSM db and compare that to the value passing by argument {{OzoneAcl}}, why we 
are comparing OzoneAcl ? I thought OzoneAcl was used to verify if a given 
user/group have a particular permission, e.g we could have OzoneAcl like 
following

  user:bilbo:rw

which means user {{bilbo}} has read as well as write permission to the bucket. 
So it's pretty nature to check against user and group name. I don't understand 
the check in line 843 - 853, can you elaborate please ?

Thank you.

> Ozone: KSM: Add checkBucketAccess
> ---------------------------------
>
>                 Key: HDFS-12147
>                 URL: https://issues.apache.org/jira/browse/HDFS-12147
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: ozone
>            Reporter: Nandakumar
>            Assignee: Nandakumar
>         Attachments: HDFS-12147-HDFS-7240.000.patch, 
> HDFS-12147-HDFS-7240.001.patch
>
>
> Checks if the caller has access to a given bucket.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org