smengcl opened a new pull request #696: HDDS-3056. Allow all users to list all volumes URL: https://github.com/apache/hadoop-ozone/pull/696 ## What changes were proposed in this pull request? Allow all users (not only admins) to list all volumes. ## What is the link to the Apache JIRA https://issues.apache.org/jira/browse/HDDS-3056 ## How was this patch tested? Tested in ozonesecure docker-compose. ### After the patch (non-admin can list all volumes) ```bash bash-4.2$ kinit -kt /etc/security/keytabs/testuser.keytab testuser/[email protected] bash-4.2$ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: testuser/[email protected] Valid starting Expires Service principal 03/18/20 21:20:25 03/19/20 21:20:25 krbtgt/[email protected] renew until 03/25/20 21:20:25 bash-4.2$ ozone sh volume create vol1 bash-4.2$ ozone sh volume list { "metadata" : { }, "name" : "vol1", "admin" : "root", "owner" : "testuser/[email protected]", ... bash-4.2$ kdestroy bash-4.2$ kinit -kt /etc/security/keytabs/testuser2.keytab testuser2/[email protected] bash-4.2$ ozone sh volume list --all { "metadata" : { }, "name" : "vol1", "admin" : "root", "owner" : "testuser/[email protected]", "creationTime" : "2020-03-18T21:20:35.370Z", ... ``` ### For comparison, before the patch (non-admin can't list all volumes) ```bash # kinit'ed as testuser2 (non-admin) bash-4.2$ ozone sh volume list --all PERMISSION_DENIED org.apache.hadoop.ozone.om.exceptions.OMException: Only admin users are authorized to create or list Ozone volumes. bash-4.2$ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: testuser2/[email protected] Valid starting Expires Service principal 03/18/20 21:15:34 03/19/20 21:15:34 krbtgt/[email protected] renew until 03/25/20 21:15:34 ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
