Copilot commented on code in PR #9596:
URL: https://github.com/apache/ozone/pull/9596#discussion_r2666586382
##########
hadoop-hdds/docs/content/interface/HttpFS.md:
##########
@@ -188,6 +188,67 @@ Set ACL | not implemented in
Ozone FileSystem API
Get ACL Status | not implemented in Ozone FileSystem API
Check access | not implemented in Ozone FileSystem API
+## Proxy User Configuration
+
+HttpFS supports proxy user (user impersonation) functionality, which allows a
user to perform operations on behalf of another user. This is useful when
HttpFS is used as a gateway and you want to allow certain users to impersonate
other users.
+
+To configure proxy users, you need to add the following properties to
`httpfs-site.xml`:
+
+### Configuration Properties
+
+For each user that should be allowed to perform impersonation, you need to
configure two properties:
+
+1. **`httpfs.proxyuser.#USER#.hosts`**: List of hosts from which the user is
allowed to perform impersonation operations.
+2. **`httpfs.proxyuser.#USER#.groups`**: List of groups whose users can be
impersonated by the specified user.
+
+Replace `#USER#` with the actual username of the user who should be allowed to
perform impersonation.
+
+### Example Configuration
+
+```xml
+<property>
+ <name>httpfs.proxyuser.knoxuser.hosts</name>
+ <value>*</value>
+ <description>
+ List of hosts the 'knoxuser' user is allowed to perform 'doAs'
+ operations.
+
+ The value can be the '*' wildcard or a comma-separated list of hostnames.
+
+ For multiple users, copy this property and replace the user name
+ in the property name.
+ </description>
+</property>
+
+<property>
+ <name>httpfs.proxyuser.knoxuser.groups</name>
+ <value>*</value>
+ <description>
+ List of groups the 'knoxuser' user is allowed to impersonate users
+ from to perform 'doAs' operations.
Review Comment:
The phrasing "List of groups the 'knoxuser' user is allowed to impersonate
users from" is grammatically awkward. Consider rephrasing to "List of groups
whose users the 'knoxuser' user is allowed to impersonate" for better clarity.
```suggestion
List of groups whose users the 'knoxuser' user is allowed to impersonate
to perform 'doAs' operations.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
