smengcl commented on a change in pull request #2734:
URL: https://github.com/apache/ozone/pull/2734#discussion_r734755543
##########
File path:
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OmDBAccessIdInfo.java
##########
@@ -33,39 +33,60 @@
*/
private final String kerberosPrincipal;
/**
- * Shared secret of the accessId. TODO: Encryption?
+ * Shared secret of the accessId.
*/
private final String sharedSecret;
+ /**
+ * Whether this accessId is an administrator of the tenant.
+ */
+ private final boolean isAdmin;
+ /**
+ * Whether this accessId is a delegated admin of the tenant.
+ * Only effective if isAdmin is true.
+ */
+ private final boolean isDelegatedAdmin;
// This implies above String fields should NOT contain the split key.
public static final String SERIALIZATION_SPLIT_KEY = ";";
public OmDBAccessIdInfo(String tenantId,
- String kerberosPrincipal, String sharedSecret) {
+ String kerberosPrincipal, String sharedSecret,
+ boolean isAdmin, boolean isDelegatedAdmin) {
this.tenantId = tenantId;
this.kerberosPrincipal = kerberosPrincipal;
this.sharedSecret = sharedSecret;
+ this.isAdmin = isAdmin;
+ this.isDelegatedAdmin = isDelegatedAdmin;
}
private OmDBAccessIdInfo(String accessIdInfoString) {
String[] tInfo = accessIdInfoString.split(SERIALIZATION_SPLIT_KEY);
- Preconditions.checkState(tInfo.length == 3,
+ Preconditions.checkState(tInfo.length == 3 || tInfo.length == 5,
"Incorrect accessIdInfoString");
tenantId = tInfo[0];
kerberosPrincipal = tInfo[1];
sharedSecret = tInfo[2];
+ if (tInfo.length == 5) {
+ isAdmin = Boolean.parseBoolean(tInfo[3]);
+ isDelegatedAdmin = Boolean.parseBoolean(tInfo[4]);
+ } else {
+ isAdmin = false;
+ isDelegatedAdmin = false;
+ }
}
public String getTenantId() {
return tenantId;
}
private String serialize() {
- StringBuilder sb = new StringBuilder();
- sb.append(tenantId).append(SERIALIZATION_SPLIT_KEY);
- sb.append(kerberosPrincipal).append(SERIALIZATION_SPLIT_KEY);
- sb.append(sharedSecret);
+ final StringBuilder sb = new StringBuilder();
+ sb.append(tenantId);
+ sb.append(SERIALIZATION_SPLIT_KEY).append(kerberosPrincipal);
+ sb.append(SERIALIZATION_SPLIT_KEY).append(sharedSecret);
+ sb.append(SERIALIZATION_SPLIT_KEY).append(isAdmin);
+ sb.append(SERIALIZATION_SPLIT_KEY).append(isDelegatedAdmin);
Review comment:
The delegated admin flag is added just in case one wants an admin that
can't make new admins.
It's easy enough to implement here. But more difficult to add this later if
we had not implemented it (because of the new field, logic change and so on).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
