[
https://issues.apache.org/jira/browse/HDDS-1600?focusedWorklogId=253435&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-253435
]
ASF GitHub Bot logged work on HDDS-1600:
----------------------------------------
Author: ASF GitHub Bot
Created on: 03/Jun/19 22:22
Start Date: 03/Jun/19 22:22
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on issue #857: HDDS-1600. Add
userName and IPAddress as part of OMRequest.
URL: https://github.com/apache/hadoop/pull/857#issuecomment-498325870
> @bharatviswa504 thanks for the patch. On a second thought i wonder why
don't we complete authorization on the OM which receives the first request from
client, this will save us the trouble of propagating credentials in rest of the
call and simplify HA design.
We cannot do checkAcls on any OM(which some times might not be leader),
because think of a case like setAcl's is not applied on that OM(as it is a
follower) but we are performing check Acl's.
Discussed offline with @xiaoyuyao and @ajayydv, we cannot take this
approach as OM followers can lag leader OM, so it might not have latest
changes, if we do check on Non-leader OM, we might see some inconsistent
behavior.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 253435)
Time Spent: 3h 40m (was: 3.5h)
> Add userName and IPAddress as part of OMRequest.
> ------------------------------------------------
>
> Key: HDDS-1600
> URL: https://issues.apache.org/jira/browse/HDDS-1600
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Bharat Viswanadham
> Assignee: Bharat Viswanadham
> Priority: Major
> Labels: pull-request-available
> Time Spent: 3h 40m
> Remaining Estimate: 0h
>
> In OM HA, the actual execution of request happens under GRPC context, so UGI
> object which we retrieve from ProtobufRpcEngine.Server.getRemoteUser(); will
> not be available.
> In similar manner ProtobufRpcEngine.Server.getRemoteIp().
>
> So, during preExecute(which happens under RPC context) extract userName and
> IPAddress and add it to the OMRequest, and then send the request to ratis
> server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
