ivandika3 opened a new pull request, #5582:
URL: https://github.com/apache/ozone/pull/5582
## What changes were proposed in this pull request?
In `OzoneAclUtils` we have this volume check access when the object to
access is not volume
```java
//OzoneNativeAuthorizer differs from Ranger Authorizer as Ranger
requires
// only READ access on parent level access. OzoneNativeAuthorizer has
// different parent level access based on the child level access type
IAccessAuthorizer.ACLType parentAclRight =
IAccessAuthorizer.ACLType.READ;
if (omMetadataReader.isNativeAuthorizerEnabled() && resType == BUCKET)
{
parentAclRight = getParentNativeAcl(aclType, resType);
}
omMetadataReader.checkAcls(OzoneObj.ResourceType.VOLUME, storeType,
parentAclRight, vol, bucket, key, user,
remoteAddress, hostName, true,
volOwner);
```
From my understanding, this volume check should by right done in the
respective authorizers (either OzoneNativeAuthorizer or RangerOzoneAuthorizer)
and should not leak to the general ACL flow (e.g. getParentNativeAcl should be
moved the OzoneNativeAuthorizer instead).
This patch will remove this check and refactor getNativeAcl to the
OzoneNativeAuthorizer.
## What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-9669
## How was this patch tested?
Existing CI.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
