[jira] [Updated] (HDDS-6909) [Multi-Tenant] Use RangerClient for Ranger operations

Mon, 11 Jul 2022 14:01:16 -0700 


     [ 
https://issues.apache.org/jira/browse/HDDS-6909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Siyao Meng updated HDDS-6909:
-----------------------------
    Description: 
HDDS-5836 is merged. But we have yet to switch the actual logic to RangerClient.

1. Use {{RangerClientMultiTenantAccessController}} instead of 
{{RangerRestMultiTenantAccessController}}.
2. Get rid of {{MultiTenantAccessAuthorizer}} and 
{{MultiTenantAccessAuthorizerRangerPlugin}} -- use 
{{MultiTenantAccessController}} instead.
3. -work around RangerClient's missing getServiceVersion() API- Use 
{{rangerClient.getService(serviceName).getPolicyVersion()}} to implement 
{{RangerClientMultiTenantAccessController#getRangerServiceVersion()}}

{{RangerClient}} allows the use of Kerberos principal and ticket as login 
credential (preferred than username and password).

  was:
HDDS-5836 is merged. But we have yet to switch the actual logic to Ranger Java 
Client.
1. use {{RangerClientMultiTenantAccessController}} instead of 
{{RangerRestMultiTenantAccessController}}.
2. get rid of {{MultiTenantAccessAuthorizer}} and 
{{MultiTenantAccessAuthorizerRangerPlugin}} -- should use 
{{MultiTenantAccessController}} instead.
3. -work around RangerClient's missing getServiceVersion() API- Use 
{{rangerClient.getService(serviceName).getPolicyVersion()}} to implement 
{{RangerClientMultiTenantAccessController#getRangerServiceVersion()}}


> [Multi-Tenant] Use RangerClient for Ranger operations
> -----------------------------------------------------
>
>                 Key: HDDS-6909
>                 URL: https://issues.apache.org/jira/browse/HDDS-6909
>             Project: Apache Ozone
>          Issue Type: Sub-task
>            Reporter: Siyao Meng
>            Assignee: Siyao Meng
>            Priority: Major
>              Labels: pull-request-available
>
> HDDS-5836 is merged. But we have yet to switch the actual logic to 
> RangerClient.
> 1. Use {{RangerClientMultiTenantAccessController}} instead of 
> {{RangerRestMultiTenantAccessController}}.
> 2. Get rid of {{MultiTenantAccessAuthorizer}} and 
> {{MultiTenantAccessAuthorizerRangerPlugin}} -- use 
> {{MultiTenantAccessController}} instead.
> 3. -work around RangerClient's missing getServiceVersion() API- Use 
> {{rangerClient.getService(serviceName).getPolicyVersion()}} to implement 
> {{RangerClientMultiTenantAccessController#getRangerServiceVersion()}}
> {{RangerClient}} allows the use of Kerberos principal and ticket as login 
> credential (preferred than username and password).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to