errose28 commented on a change in pull request #3177:
URL: https://github.com/apache/ozone/pull/3177#discussion_r834651639
##########
File path:
hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/codec/OmDBTenantInfoCodec.java
##########
@@ -29,27 +30,28 @@
/**
* Codec to encode OmDBTenantInfo as byte array.
*/
-public class OmDBTenantInfoCodec implements Codec<OmDBTenantInfo> {
+public class OmDBTenantInfoCodec implements Codec<OmDBTenantState> {
Review comment:
We should update the name here to be `OmDBTenantStateCodec`
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/tenant/OMTenantRequestHelper.java
##########
@@ -182,8 +184,10 @@ public static boolean isUserAccessIdPrincipalOrTenantAdmin(
return true;
}
- // Check if ugi is an admin of this tenant
- if (ozoneManager.isTenantAdmin(ugi, tenantId, true)) {
+ // Check if ugi is a tenant admin (or an Ozone cluster admin)
+ final OMMultiTenantManager multiTenantManager =
+ ozoneManager.getMultiTenantManager();
+ if (multiTenantManager.isTenantAdmin(ugi, tenantId, true)) {
Review comment:
Why is delegate admin required?
##########
File path: hadoop-ozone/interface-client/src/main/proto/OmClientProtocol.proto
##########
@@ -1409,19 +1409,39 @@ message SetS3SecretResponse {
message TenantInfo {
optional string tenantId = 1;
optional string bucketNamespaceName = 2;
- optional string accountNamespaceName = 3;
- optional string userPolicyGroupName = 4;
- optional string bucketPolicyGroupName = 5;
+ repeated string policyNames = 3;
Review comment:
Should we track the roles associated with each tenant here?
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManager.java
##########
@@ -216,6 +221,24 @@ TenantUserList listUsersInTenant(String tenantID, String
prefix)
*/
Optional<String> getTenantForAccessID(String accessID) throws IOException;
+ /**
+ * Get user role name given tenant name.
+ * @param tenantId tenant name
+ * @return user role name. e.g. tenant1-UserRole
+ */
+ static String getUserRoleId(String tenantId) {
Review comment:
This should be `getUserRoleName` right?
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/tenant/OMTenantCreateRequest.java
##########
@@ -289,36 +292,27 @@ public OMClientResponse validateAndUpdateCache(
// Create tenant
// Add to tenantStateTable. Redundant assignment for clarity
final String bucketNamespaceName = volumeName;
- final String accountNamespaceName = tenantId; // TODO: Double check
- final String userPolicyGroupName =
- tenantId + OzoneConsts.DEFAULT_TENANT_USER_POLICY_SUFFIX;
+ final List<String> policyIdsList = new ArrayList<>();
+ // Populate policy ID list
+ // TODO: Check if both policies are actually used. Remove if not
+ policyIdsList.add(tenantDefaultPolicies);
final String bucketPolicyGroupName =
tenantId + OzoneConsts.DEFAULT_TENANT_BUCKET_POLICY_SUFFIX;
- final OmDBTenantInfo omDBTenantInfo = new OmDBTenantInfo(
- tenantId, bucketNamespaceName, accountNamespaceName,
- userPolicyGroupName, bucketPolicyGroupName);
+ final String bucketPolicyId =
+ bucketPolicyGroupName + OzoneConsts.DEFAULT_TENANT_POLICY_ID_SUFFIX;
+ policyIdsList.add(bucketPolicyId);
+
+ final OmDBTenantState omDBTenantInfo = new OmDBTenantState(
+ tenantId, bucketNamespaceName, policyIdsList);
Review comment:
Shouldn't we track which roles are associated with a tenant?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
