ChenSammi commented on code in PR #4559: URL: https://github.com/apache/ozone/pull/4559#discussion_r1168313971
########## hadoop-hdds/docs/content/design/volume-management.md: ########## @@ -125,10 +125,11 @@ Note: Sanjay is added to the authors as the original proposal of this approach. * `bucket link` operation creates a link bucket. Links are like regular buckets, stored in DB the same way, but with two new, optional pieces of information: source volume and bucket. (The bucket being referenced by the link is called "source", not "target", to follow symlink terminology.) * Link buckets share the namespace with regular buckets. If a bucket or link with the same name already exists, a `BUCKET_ALREADY_EXISTS` result is returned. * Link buckets are not inherently specific to a user, access is restricted only by ACL. + * Link buckets themselves do not store ACLs. All ACLs operations (eg. addacl/getacl/setacl/removeacl) and checks on the link bucket will be applied to the source bucket. * Links are persistent, ie. they can be used until they are deleted. * Existing bucket operations (info, delete, ACL) work on the link object in the same way as they do on regular buckets. No new link-specific RPC is required. * Links are followed for key operations (list, get, put, etc.). Read permission on the link is required for this. - * Checks for existence of the source bucket, as well as ACL, are performed only when following the link (similar to symlinks). Source bucket is not checked when operating on the link bucket itself (eg. deleting it). This avoids the need for reverse checks for each bucket delete or ACL change. + * Checks for existence of the source bucket are performed only when following the link (similar to symlinks). Source bucket ACL is checked when deleting operating on the link bucket itself (Source bucket is not deleted). Review Comment: @whbing , I think create and delete of a link bucket are two special cases. Currently User can create a link bucket to a source bucket as long as the user have the write privilege of target volume. In this case, this User should allowed to delete this link bucket even he/she doesn't have the delete privilege of source bucket. For the ACL on link bucket, there are two more special cases. a. default ACL on volume. Currently bucket will inherit default ACL of volume during creation. If we don't store any ACL on link bucket, then shall the source bucket inherit all these ACLs? b. it's allowed to create a link bucket to an non-existed source bucket. After the link bucket is created, setACL will fail now because source bucket is not there, right? I think this is the expected behavior. One idea is a. link bucket keep its owner ACL, which is inherited from its volume. b. When delete a link bucket, it self ACL is verified. c. all add/set/remove proxy to the source bucket. d. getacl operation of link bucket, we can add a option, whether show source bucket or link bucket ACL, default show source bucket ACL. What do you think? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
