hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weiwei Yang (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HDFS-12147) Ozone: KSM: Add checkBucketAccess
Date Tue, 18 Jul 2017 04:35:01 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091091#comment-16091091
] 

Weiwei Yang edited comment on HDFS-12147 at 7/18/17 4:34 AM:
-------------------------------------------------------------

Hi [~nandakumar131], [~vagarychen]

I am a bit confused with this patch.

1. Why the checkBucketAccess is exposed as a RPC call in KSM? Is it something that should
be done internally in KSM while read/write/delete keys in a bucket? I am not sure why this
is necessary to be exposed via {{KeySpaceManagerProtocol}}.

2. {{OzoneMetadataManager#checkBucketAccess}} loads the acls of a bucket from KSM db and compare
that to the value passing by argument {{OzoneAcl}}, why we are comparing OzoneAcl ? I thought
OzoneAcl was used to verify if a given user/group have a particular permission, e.g we could
have OzoneAcl like following

{{user:bilbo:rw}}

which means user {{bilbo}} has read as well as write permission to the bucket. So it's pretty
nature to check against user and group name. I don't understand the check in line 843 - 853,
can you elaborate please ?

Thank you.


was (Author: cheersyang):
Hi [~nandakumar131], [~vagarychen]

I am a bit confused with this patch.

1. Why the checkBucketAccess is exposed as a RPC call in KSM? Is it something that should
be done internally in KSM while read/write/delete keys in a bucket? I am not sure why this
is necessary to be exposed via {{KeySpaceManagerProtocol}}.

2. {{OzoneMetadataManager#checkBucketAccess}} loads the acls of a bucket from KSM db and compare
that to the value passing by argument {{OzoneAcl}}, why we are comparing OzoneAcl ? I thought
OzoneAcl was used to verify if a given user/group have a particular permission, e.g we could
have OzoneAcl like following

  user:bilbo:rw

which means user {{bilbo}} has read as well as write permission to the bucket. So it's pretty
nature to check against user and group name. I don't understand the check in line 843 - 853,
can you elaborate please ?

Thank you.

> Ozone: KSM: Add checkBucketAccess
> ---------------------------------
>
>                 Key: HDFS-12147
>                 URL: https://issues.apache.org/jira/browse/HDFS-12147
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: ozone
>            Reporter: Nandakumar
>            Assignee: Nandakumar
>         Attachments: HDFS-12147-HDFS-7240.000.patch, HDFS-12147-HDFS-7240.001.patch
>
>
> Checks if the caller has access to a given bucket.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message