[jira] [Commented] (HDDS-4944) Multi-Tenant Support in Ozone

Sun, 02 May 2021 11:59:22 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-4944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17338101#comment-17338101
 ] 

Marton Elek commented on HDDS-4944:
-----------------------------------

bq. The OM manages secrets even today. I don't see how kerberos-free S3 changes 
anything. So I have the same question - why have the secrets managements 
discussion here?

I am not sure if I understood the question. I suggested multiple times to 
separate the two questions and create two separated Jira. We need some very 
minimal changes (independent of the multi-tenancy) to make it possible to 
create secrets with custom identities. But it has some security implications 
which would be great to discuss anyway. (eg. how to avoid name collision 
between pseudo S3 UGI strings and real kerberos users. How the group mapping 
would work and so on.) 

> Multi-Tenant Support in Ozone
> -----------------------------
>
>                 Key: HDDS-4944
>                 URL: https://issues.apache.org/jira/browse/HDDS-4944
>             Project: Apache Ozone
>          Issue Type: New Feature
>          Components: Ozone CLI, Ozone Datanode, Ozone Manager, Ozone Recon, 
> S3, SCM, Security
>    Affects Versions: 1.2.0
>            Reporter: Prashant Pogde
>            Assignee: Prashant Pogde
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: Apache-S3-compatible-Multi-Tenant-Ozone-short.pdf.gz, 
> Ozone MultiTenant Feature _ Requirements and Abstractions-3.pdf, Ozone, 
> Multi-tenancy, S3, Kerberos....pdf, UseCaseAWSCompatibility.pdf, 
> UseCaseCephCompatibility.pdf, UseCaseConfigureMultiTenancy.png, 
> UseCaseCurrentOzoneS3BackwardCompatibility.pdf, 
> VariousActorsInteractions.png, uml_multitenant_interface_design.png
>
>
> This Jira will be used to track a new feature for Multi-Tenant support in 
> Ozone. Initially Multi-Tenant feature would be limited to ozone-users 
> accessing Ozone over S3 interface.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to