[
https://issues.apache.org/jira/browse/HDDS-4944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17332594#comment-17332594
]
Marton Elek commented on HDDS-4944:
-----------------------------------
>> I think we couldn't compete with existing secret managers, and I think
>> we shouldn't.
> Weren't you involved in the original design of S3 support? Why wasn't this
> option explored then and why is it being brought up in the context of
> multi-tenancy? Ozone Manager already stores S3 secrets today, so coupling
> secret manager to the multi-tenancy is puzzling to me.
Sorry if it was not clear, but this was mainly about kerberos-free S3
authentication not multi-tenancy. Yes, I think it will be better to discuss the
two questions in a separated way (I think I mentioned it earlier).
Yest, the original S3 design followed this approach: provide something very
basic but use an interface to make it possible to plug any connector to an
external system (similar to ACL vs Ranger question).
Still the question is there: do we need to provide all the functionalities of
Ranger with our ACL implementation? I think the answer is no, for sure. Do we
need to provide as many secret management features as an external product can
provide? I think the answer is no. I think it's not a waster time to clarify
where is the limit: which functions should be included in our simple secret
management and which features should be pluggable and solved with external (or
vendor provided) solutions.
> Multi-Tenant Support in Ozone
> -----------------------------
>
> Key: HDDS-4944
> URL: https://issues.apache.org/jira/browse/HDDS-4944
> Project: Apache Ozone
> Issue Type: New Feature
> Components: Ozone CLI, Ozone Datanode, Ozone Manager, Ozone Recon,
> S3, SCM, Security
> Affects Versions: 1.2.0
> Reporter: Prashant Pogde
> Assignee: Prashant Pogde
> Priority: Major
> Labels: pull-request-available
> Attachments: Apache-S3-compatible-Multi-Tenant-Ozone-short.pdf.gz,
> Ozone MultiTenant Feature _ Requirements and Abstractions-3.pdf, Ozone,
> Multi-tenancy, S3, Kerberos....pdf, UseCaseAWSCompatibility.pdf,
> UseCaseCephCompatibility.pdf, UseCaseConfigureMultiTenancy.png,
> UseCaseCurrentOzoneS3BackwardCompatibility.pdf,
> VariousActorsInteractions.png, uml_multitenant_interface_design.png
>
>
> This Jira will be used to track a new feature for Multi-Tenant support in
> Ozone. Initially Multi-Tenant feature would be limited to ozone-users
> accessing Ozone over S3 interface.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
