[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #1271: HDDS-4020. ACL commands like getacl and setacl should return a response only when Native Authorizer is enabled.

[GitBox <gi...@apache.org>]

xiaoyuyao commented on a change in pull request #1271:
URL: https://github.com/apache/hadoop-ozone/pull/1271#discussion_r462466492



##########
File path: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java
##########
@@ -166,4 +170,22 @@ public static long getTimeDurationInMS(ConfigurationSource conf, String key,
         .toLong(TimeUnit.MILLISECONDS);
   }
 
+  /**
+   * Return true, when Authorizer class is configured with non-default value.
+   * @param configuration
+   * @return boolean
+   */
+  public static boolean checkExternalAuthorizer(
+      OzoneConfiguration configuration) {
+    String authorizerClass = configuration.get(OZONE_ACL_AUTHORIZER_CLASS);
+    if (authorizerClass != null &&
+        !authorizerClass.equals(OZONE_ACL_AUTHORIZER_CLASS_DEFAULT)) {
+      System.out.print(String.format("When External Authorizer %s is " +

Review comment:
       Can we move System.out.print to AclHandler#execute based on the checkExternalAuthorizer return? 

##########
File path: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java
##########
@@ -166,4 +170,22 @@ public static long getTimeDurationInMS(ConfigurationSource conf, String key,
         .toLong(TimeUnit.MILLISECONDS);
   }
 
+  /**
+   * Return true, when Authorizer class is configured with non-default value.
+   * @param configuration
+   * @return boolean
+   */
+  public static boolean checkExternalAuthorizer(
+      OzoneConfiguration configuration) {
+    String authorizerClass = configuration.get(OZONE_ACL_AUTHORIZER_CLASS);
+    if (authorizerClass != null &&
+        !authorizerClass.equals(OZONE_ACL_AUTHORIZER_CLASS_DEFAULT)) {
+      System.out.print(String.format("When External Authorizer %s is " +

Review comment:
       This configuration seem like a server side configuration and should come from authoritative source such as OM discovery. 
   
   What if the client does know what is configured on OM but OM is actually using native authorizer? If check based on client, we will not be able to do acl operations. 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org