New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HDDS-2770. security/SecurityAcls.md #1190
Conversation
|
||
1. **卷** - 一个 Ozone 卷,比如 _/volume_ | ||
2. **桶** - 一个 Ozone 桶,比如 _/volume/bucket_ | ||
3. **键** - 一个对象键,比如 _/volume/bucket/key_ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According the description in official-site here we should use "一个对象键或一个对象" IMHO.
But I think the translation is fine here.
|
||
_角色_ 可选的值包括: | ||
|
||
1. **用户** - 一个 Kerberos 用户,和 Posix 用户一样,用户可以是已创建的也可以是未创建的。 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
“named and unnamed”-> "命名的和未命名的“
Same suggestion to group statement.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the suggestion. But I am not sure what "命名" actually means in this context.
I am guessing that "named" probably means the user or group is created. And ACL operation can be done before users and groups are actually created
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xiaoyuyao , actually I'm curious about how this unnamed user/group are used in ACL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it means user/group may or may not have been created in OS/LDAP at the time when you assign them to ozone acl.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. Thanks @xiaoyuyao for the explanation. Then Xiang's translation is more accurate.
4. **匿名** - 完全忽略用户字段,这是对 Posix 语义的扩展,使用 S3 协议时会用到,用于表达无法获取用户的身份或者不在乎用户的身份。 | ||
|
||
<div class="alert alert-success" role="alert"> | ||
S3 用户通过 AWS v4 签名协议访问 Ozone 时,OM 会将其转化为对应的用户。 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
“Kerberos” is missing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed, thanks.
limitations under the License. | ||
--> | ||
|
||
Ozone 支持一系列原生 ACL,这些 ACL 可以单独用,也可以和 Ranger 协同使用。如果启用了 Apache Ranger,会先检查 Ranger 中的 ACL,再验证 Ozone 内部的 ACL。 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not correct in EN doc. "这些 ACL 可以单独用,也可以和 Ranger 协同使用。如果启用了 Apache Ranger,会先检查 Ranger 中的 ACL,再验证 Ozone 内部的 ACL。"
"These ACLs can be used independently or
along with Ranger. If Apache Ranger is enabled, then ACL will be checked
first with Ranger and then Ozone's internal ACLs will be evaluated."
=>
"These ACLs can be used independently of ozone ACL plugin such as Ranger. If Apache Ranger plugin for Ozone is enabled, then ACL will be checked with Ranger."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @xiaoyuyao for the correct.
The EN doc is updated in this PR as well as the Chinese doc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall, a few comments added inline...
Hi @iamabug , would you help to upload a new patch to address Xiaoyu's comments? |
Sorry for taking so long, I just uploaded a new patch. |
LGTM +1. |
Thanks @iamabug for the contribution. Thanks @xiaoyuyao and @cxorm for the review. |
What changes were proposed in this pull request?
translation to https://hadoop.apache.org/ozone/docs/0.5.0-beta/security/securityacls.html
What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-2770
How was this patch tested?
hugo server