[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #1271: HDDS-4020. ACL commands like getacl and setacl should return a response only when Native Authorizer is enabled.

GitBox Wed, 29 Jul 2020 11:01:45 -0700


xiaoyuyao commented on a change in pull request #1271:
URL: https://github.com/apache/hadoop-ozone/pull/1271#discussion_r462466492




##########
File path: 
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java
##########
@@ -166,4 +170,22 @@ public static long getTimeDurationInMS(ConfigurationSource 
conf, String key,
         .toLong(TimeUnit.MILLISECONDS);
   }
 
+  /**
+   * Return true, when Authorizer class is configured with non-default value.
+   * @param configuration
+   * @return boolean
+   */
+  public static boolean checkExternalAuthorizer(
+      OzoneConfiguration configuration) {
+    String authorizerClass = configuration.get(OZONE_ACL_AUTHORIZER_CLASS);
+    if (authorizerClass != null &&
+        !authorizerClass.equals(OZONE_ACL_AUTHORIZER_CLASS_DEFAULT)) {
+      System.out.print(String.format("When External Authorizer %s is " +

Review comment:
       Can we move System.out.print to AclHandler#execute based on the 
checkExternalAuthorizer return? 

##########
File path: 
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java
##########
@@ -166,4 +170,22 @@ public static long getTimeDurationInMS(ConfigurationSource 
conf, String key,
         .toLong(TimeUnit.MILLISECONDS);
   }
 
+  /**
+   * Return true, when Authorizer class is configured with non-default value.
+   * @param configuration
+   * @return boolean
+   */
+  public static boolean checkExternalAuthorizer(
+      OzoneConfiguration configuration) {
+    String authorizerClass = configuration.get(OZONE_ACL_AUTHORIZER_CLASS);
+    if (authorizerClass != null &&
+        !authorizerClass.equals(OZONE_ACL_AUTHORIZER_CLASS_DEFAULT)) {
+      System.out.print(String.format("When External Authorizer %s is " +

Review comment:
       This configuration seem like a server side configuration and should come 
from authoritative source such as OM discovery. 
   
   What if the client does know what is configured on OM but OM is actually 
using native authorizer? If check based on client, we will not be able to do 
acl operations. 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #1271: HDDS-4020. ACL commands like getacl and setacl should return a response only when Native Authorizer is enabled.

Reply via email to