errose28 commented on a change in pull request #3177:
URL: https://github.com/apache/ozone/pull/3177#discussion_r834637526
##########
File path:
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OmDBAccessIdInfo.java
##########
@@ -42,16 +47,23 @@
* Only effective if isAdmin is true.
*/
private final boolean isDelegatedAdmin;
+ /**
+ * Role names of the user (that this access ID is assigned to) in this
tenant.
+ * e.g. OzoneConsts.TENANT_ROLE_USER, OzoneConsts.TENANT_ROLE_ADMIN,
+ * or other custom role names.
+ */
+ private final Set<String> roleIds;
Review comment:
Seems odd that we use name for role and ID for policy. I think we should
standardize and use either IDs for role and policy, or names for role and
policy. When a policy is created, roles can be created in the same operation,
however you will only get the policy ID back. This means we need to track roles
by name, so I think we should track policies by name as well. I think this will
make error handling, retries, and tests for existence easier as well.
I am currently updating the `MultiTenantAccessController` to operate on
names instead of IDs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
