smengcl commented on a change in pull request #3177:
URL: https://github.com/apache/ozone/pull/3177#discussion_r834851726
##########
File path: hadoop-ozone/interface-client/src/main/proto/OmClientProtocol.proto
##########
@@ -1409,19 +1409,39 @@ message SetS3SecretResponse {
message TenantInfo {
optional string tenantId = 1;
optional string bucketNamespaceName = 2;
- optional string accountNamespaceName = 3;
- optional string userPolicyGroupName = 4;
- optional string bucketPolicyGroupName = 5;
+ repeated string policyNames = 3;
Review comment:
We could. Should we do that?
We didn't have tenant -> roleNames mapping before.
Unless:
1. we are intending to store some roleIndex -> roleName mapping in
TenantInfo (TenantState) and use roleIndex in ExtendedAccessIdInfo to reduce
redundancy. e.g. tenant1-UserRole = index 0, tenant1-AdminRole = index 1.
2. it is required to iterate all role names assigned in this tenant quickly
3. the Ranger sync thread would need all the roles created during tenant
creation when deleting the tenant -- but since we don't really allow custom
role names at the moment, I am not sure if we need to add this right now.
(3) might be valid? @prashantpogde
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
