vtutrinov opened a new pull request, #5590: URL: https://github.com/apache/ozone/pull/5590
## What changes were proposed in this pull request? A lot of code pieces in OM proto method handlers use OMClientRequest.preExecute method to define/detect userInfo for consequent ACLs checks. But if the provided client hostname is null (in case of GRPC transport) the user will be replaced by an 'om' one and the consequent ACLs check through a custom authorizer (e.g. Ranger) will fail due to non-existent permission policies for the 'om' user. So, the PR introduces a new client&server interceptor to send/receive header with the client IP and hostname and uses it in GrpcOmTransport ## What is the link to the Apache JIRA https://issues.apache.org/jira/browse/HDDS-9663 ## How was this patch tested? 1 unit test to check that userInfo has hostname and IP in case of GRPC transport (ozone-manager) 2 unit tests to check that client and server interceptors set and read client IP and hostname to/from the GRPC request header Manual test of the expected behavior (the ACLs will be checked for the current user, not for 'om' on committing the key) on cluster with Ranger -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
