whbing commented on code in PR #4559: URL: https://github.com/apache/ozone/pull/4559#discussion_r1168447639
########## hadoop-hdds/docs/content/design/volume-management.md: ########## @@ -125,10 +125,11 @@ Note: Sanjay is added to the authors as the original proposal of this approach. * `bucket link` operation creates a link bucket. Links are like regular buckets, stored in DB the same way, but with two new, optional pieces of information: source volume and bucket. (The bucket being referenced by the link is called "source", not "target", to follow symlink terminology.) * Link buckets share the namespace with regular buckets. If a bucket or link with the same name already exists, a `BUCKET_ALREADY_EXISTS` result is returned. * Link buckets are not inherently specific to a user, access is restricted only by ACL. + * Link buckets themselves do not store ACLs. All ACLs operations (eg. addacl/getacl/setacl/removeacl) and checks on the link bucket will be applied to the source bucket. * Links are persistent, ie. they can be used until they are deleted. * Existing bucket operations (info, delete, ACL) work on the link object in the same way as they do on regular buckets. No new link-specific RPC is required. * Links are followed for key operations (list, get, put, etc.). Read permission on the link is required for this. - * Checks for existence of the source bucket, as well as ACL, are performed only when following the link (similar to symlinks). Source bucket is not checked when operating on the link bucket itself (eg. deleting it). This avoids the need for reverse checks for each bucket delete or ACL change. + * Checks for existence of the source bucket are performed only when following the link (similar to symlinks). Source bucket ACL is checked when deleting operating on the link bucket itself (Source bucket is not deleted). Review Comment: > a. default ACL on volume. Currently bucket will inherit default ACL of volume during creation. If we don't store any ACL on link bucket, then shall the source bucket inherit all these ACLs? Sorry for my mis-description and ignoring this case. Inherit vol default ACL behavior does not change when creating bucket, so the link bucket also has default ACLs and store them. It's just that src ACLs are always obtained instead of link bucket ACLs when calling `getacl` op or checking access. > b. it's allowed to create a link bucket to an non-existed source bucket. After the link bucket is created, setACL will fail now because source bucket is not there, right? I think this is the expected behavior. Yes. Also same in Unix. > One idea is a. link bucket keep its owner ACL, which is inherited from its volume. b. When delete a link bucket, it self ACL is verified. c. all add/set/remove proxy to the source bucket. d. getacl operation of link bucket, we can add a option, whether show source bucket or link bucket ACL, default show source bucket ACL. @ChenSammi Good idea. I wonder, when deleting a link bucket, is the delete ACL of the link itself checked, or only the w ACL of the volume? (Maybe it seems appropriate and neat to check the w ACL of the volume so that no need to set ACL for the link bucket either) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
