[
https://issues.apache.org/jira/browse/HDDS-8793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17812430#comment-17812430
]
Hemant Kumar commented on HDDS-8793:
------------------------------------
Tested it o docker and prefix ACLs work.
{code:java}
bash-4.2$ echo k1 > k1.orig
bash-4.2$ kinit -kt /etc/security/keytabs/om.keytab om/[email protected]
bash-4.2$ ozone sh volume create vol1
bash-4.2$ ozone sh bucket create -l OBJECT_STORE vol1/buck1
bash-4.2$ ozone sh volume addacl vol1 -a user:testuser2:a
ACL user:testuser2:a[ACCESS] added successfully.
bash-4.2$ ozone sh bucket addacl vol1/buck1 -a user:testuser2:a
ACL user:testuser2:a[ACCESS] added successfully.
bash-4.2$ ozone sh prefix addacl vol1/buck1/dir1/ -a user:testuser2:a[DEFAULT]
ACL user:testuser2:a[DEFAULT] added successfully.
bash-4.2$ ozone sh key put vol1/buck1/k1 k1.orig
bash-4.2$ ozone sh key put vol1/buck1/dir1/k1 k1.orig
bash-4.2$ ozone sh key put vol1/buck1/dir2/k1 k1.orig
bash-4.2$ ozone sh key put vol1/buck1/dir1/dir2/k1 k1.orig
bash-4.2$ kdestroy
bash-4.2$ kinit -kt /etc/security/keytabs/testuser2.keytab
testuser2/[email protected]
bash-4.2$ ozone sh key cat vol1/buck1/k1
PERMISSION_DENIED User testuser2 doesn't have READ permission to access key
Volume:vol1 Bucket:buck1 Key:k1
bash-4.2$ ozone sh key cat vol1/buck1/dir1/k1
k1
bash-4.2$ ozone sh key cat vol1/buck1/dir2/k1
PERMISSION_DENIED User testuser2 doesn't have READ permission to access key
Volume:vol1 Bucket:buck1 Key:dir2/k1
bash-4.2$ ozone sh key cat vol1/buck1/dir1/dir2/k1
k1
bash-4.2$ kdestroy
bash-4.2$ kinit -kt /etc/security/keytabs/om.keytab om/[email protected]
bash-4.2$ ozone sh snapshot create vol1/buck1 snap1
bash-4.2$ ozone sh key cat vol1/buck1/.snapshot/snap1/k1
k1
bash-4.2$ ozone sh key cat vol1/buck1/.snapshot/snap1/dir1/k1
k1
bash-4.2$ ozone sh key cat vol1/buck1/.snapshot/snap1/dir2/k1
k1
bash-4.2$ ozone sh key cat vol1/buck1/.snapshot/snap1/dir1/dir2/k1
k1
bash-4.2$ kdestroy
bash-4.2$ kinit -kt /etc/security/keytabs/testuser2.keytab
testuser2/[email protected]
bash-4.2$ ozone sh key cat vol1/buck1/.snapshot/snap1/k1
PERMISSION_DENIED User testuser2 doesn't have READ permission to access key
Volume:vol1 Bucket:buck1 Key:k1
bash-4.2$ ozone sh key cat vol1/buck1/.snapshot/snap1/dir1/k1
k1
bash-4.2$ ozone sh key cat vol1/buck1/.snapshot/snap1/dir1/dir2/k1
k1
bash-4.2$ ozone sh key cat vol1/buck1/.snapshot/snap1/dir2/k1
PERMISSION_DENIED User testuser2 doesn't have READ permission to access key
Volume:vol1 Bucket:buck1 Key:dir2/k1 {code}
Added integration tests in https://github.com/apache/ozone/pull/6128
> Confirm Prefix Acl's work properly with snapshots
> -------------------------------------------------
>
> Key: HDDS-8793
> URL: https://issues.apache.org/jira/browse/HDDS-8793
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: George Jahad
> Assignee: Swaminathan Balachandran
> Priority: Major
> Labels: pull-request-available
>
> When I implemented native acl's for snapshots, I didn't test prefix acls with
> snapshots because I didn't understand how they worked on the active fs and
> created this ticket: https://issues.apache.org/jira/browse/HDDS-7933
>
> Now that ticket shows how to use them and so we should confirm that prefix
> acls work with snpashots, (and fix them if they don't,) and add some unit
> tests.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
