New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HDDS-5645. Chroot S3 requests for a tenant to their corresponding volume. #2697
Conversation
Tenant's bucket is still created in the s3v volume incorrectly.
* HDDS-4944: (81 commits) HDDS-5750. [Multi-Tenant] GetS3Secret should retrieve secret from new tables as well (apache#2649) HDDS-5476. [Multi-Tenant] Support Ozone s3 authentication with arbitrary accessId that is not same as the kerberos ID (apache#2635) HDDS-5770. Silent failures of k3s install are difficult to debug (apache#2667) HDDS-5759. Bump aspectj version (apache#2658) HDDS-5773. Avoid code duplication for mini cluster without datanodes (apache#2669) HDDS-5691. Restrict Recon NSSummaryEndpoint and ContainerEndpoint to admins. (apache#2638) HDDS-5771. Speed up TestDatanodeHddsVolumeFailureToleration by reducing dead interval (apache#2668) HDDS-5767. Unit check may timeout (apache#2664) HDDS-5765. Test cluster provider possibly returns null (apache#2663) HDDS-5768. Skip safemode check in TestOzoneManagerRocksDBLogging (apache#2665) HDDS-5766. Speed up some OM tests by skipping SCM safemode check (apache#2662) HDDS-5761. should not shutdown om when setting a bigger bucket quota than volume quota (apache#2659) HDDS-5758. Speed up TestKeyInputStream and TestChunkInputStream by combining some tests (apache#2656) HDDS-5607. remove container manager v1 code (apache#2525) HDDS-5753. Split parts of misc suite (apache#2654) HDDS-5751. Use Mini Cluster Provider to speed up TestHDDSUpgrade (apache#2650) HDDS-5728. ContainerBalancer should use remaining space to calculate utilization. (apache#2625) HDDS-5402 Support list node based on NodeOperationalState and NodeState options in printTopology CLI (apache#2645) HDDS-5749. Reuse mini-clusters in TestOzoneFsHAURLs (apache#2647) HDDS-5717. Refactor TestOzoneManagerListVolumes to reuse mini-ozone clusters (apache#2615) ...
Still need to fix access ID having the tenant added to the beginning.
* HDDS-5645-refactor-principal: Refactor to remove principal and pass in access ID
* HDDS-4944: HDDS-5754. [Multi-Tenant] Implement GetUserInfo (apache#2692)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@errose28 Can you take a look at the failing Unit tests? The failures seem related. |
Yes failing cases need some mocks updated since I changed the internals a bit. Will get them fixed soon. |
All tests s3gateway module passing locally now. |
Change-Id: Idb3db398ce74b2685943e8bda15402d7bf5b0e0f
Thanks for reviews @avijayanhwx @prashantpogde |
What changes were proposed in this pull request?
OMMultitenantPrincipal
class has been removed.BasicUserPrincipal
instance.OzoneTenantGroupPrincipal
class.OzoneTenantAdminGroup
represents the admins of a tenant.OzoneTenantUserGroup
represents the users in a tenant.What is the link to the Apache JIRA
HDDS-5645
How was this patch tested?
TODO
Determine best way to retrieve access ID from s3 gateway.
ObjectStore
is aware of the access ID and passes it to the OM when querying which volume to direct S3 requests to.Fix integration issues observed when manually testing in ozonesecure docker cluster.