You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2020/02/22 01:15:49 UTC

[GitHub] [hadoop-ozone] smengcl opened a new pull request #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default

smengcl opened a new pull request #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default
URL: https://github.com/apache/hadoop-ozone/pull/582

## What changes were proposed in this pull request?

`ObjectStore#listVolumesByUser` and `CreateVolumeHandler#call` should get user's full principal name instead of login name by default. When Kerberos is enabled, `getUserName()` returns full principal name e.g. `om/om@EXAMPLE.COM`, but `getShortUserName()` will return login name e.g. `hadoop`.

When the user creates a volume with ozone shell (uses `getUserName()` internally) then try to list it with `ObjectStore#listVolumesByUser(null, ...)` (uses `getShortUserName()` by default), the user won't see any volumes listed because of the mismatch.

For more information, see the Apache JIRA description.

## What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-3047

## How was this patch tested?

- Manually tested in `ozonesecure` docker-compose cluster.
- Might add a test case in secure integration test, like `TestSecureOzoneRpcClient`.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl commented on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default

Posted by GitBox <gi...@apache.org>.

smengcl commented on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default
URL: https://github.com/apache/hadoop-ozone/pull/582#issuecomment-605130860
 
 
   Rebased to latest master to include test failure fix HDDS-3284.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl commented on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get principal name by default

Posted by GitBox <gi...@apache.org>.

smengcl commented on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get principal name by default
URL: https://github.com/apache/hadoop-ozone/pull/582#issuecomment-607457359
 
 
   Thanks @xiaoyuyao for the review!

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl edited a comment on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default

Posted by GitBox <gi...@apache.org>.

smengcl edited a comment on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default
URL: https://github.com/apache/hadoop-ozone/pull/582#issuecomment-603239297
 
 
   Added robot test to verify the fix.
   
   So without the change in `CreateVolumeHandler`, `Check volume from ozonefs` step will fail because `admin` field is short user name (mapped by `auth_to_local` from `testuser/scm@EXAMPLE.COM` into `root`):
   ```
   Check volume from ozonefs                                             | FAIL |
   '{
     "metadata" : { },
     "name" : "fstest",
     "admin" : "root",
     "owner" : "testuser/scm@EXAMPLE.COM",
     "creationTime" : "2020-03-24T13:24:58.505Z",
     "acls" : [ {
       "type" : "USER",
       "name" : "testuser/scm@EXAMPLE.COM",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     }, {
       "type" : "GROUP",
       "name" : "root",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     } ],
     "quota" : 109951162777600
   }
   {
     "metadata" : { },
     "name" : "fstest2",
     "admin" : "root",
     "owner" : "testuser/scm@EXAMPLE.COM",
     "creationTime" : "2020-03-24T13:25:02.525Z",
     "acls" : [ {
       "type" : "USER",
       "name" : "testuser/scm@EXAMPLE.COM",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     }, {
       "type" : "GROUP",
       "name" : "root",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     } ],
     "quota" : 109951162777600
   }' does not contain '"admin" : "testuser/scm@EXAMPLE.COM"'
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl merged pull request #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get principal name by default

Posted by GitBox <gi...@apache.org>.

smengcl merged pull request #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get principal name by default
URL: https://github.com/apache/hadoop-ozone/pull/582
 
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl commented on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default

Posted by GitBox <gi...@apache.org>.

smengcl commented on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default
URL: https://github.com/apache/hadoop-ozone/pull/582#issuecomment-603239297
 
 
   Added robot test to verify the fix.
   
   So without the change in `CreateVolumeHandler`, `Check volume from ozonefs` step will fail since the "admin" field is short user name:
   ```
   Check volume from ozonefs                                             | FAIL |
   '{
     "metadata" : { },
     "name" : "fstest",
     "admin" : "root",
     "owner" : "testuser/scm@EXAMPLE.COM",
     "creationTime" : "2020-03-24T13:24:58.505Z",
     "acls" : [ {
       "type" : "USER",
       "name" : "testuser/scm@EXAMPLE.COM",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     }, {
       "type" : "GROUP",
       "name" : "root",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     } ],
     "quota" : 109951162777600
   }
   {
     "metadata" : { },
     "name" : "fstest2",
     "admin" : "root",
     "owner" : "testuser/scm@EXAMPLE.COM",
     "creationTime" : "2020-03-24T13:25:02.525Z",
     "acls" : [ {
       "type" : "USER",
       "name" : "testuser/scm@EXAMPLE.COM",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     }, {
       "type" : "GROUP",
       "name" : "root",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     } ],
     "quota" : 109951162777600
   }' does not contain '"admin" : "testuser/scm@EXAMPLE.COM"'
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl edited a comment on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default

Posted by GitBox <gi...@apache.org>.

smengcl edited a comment on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default
URL: https://github.com/apache/hadoop-ozone/pull/582#issuecomment-605130860
 
 
   Rebased to latest master to include (unrelated) test failure fix HDDS-3284.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl edited a comment on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get principal name by default

Posted by GitBox <gi...@apache.org>.

smengcl edited a comment on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get principal name by default
URL: https://github.com/apache/hadoop-ozone/pull/582#issuecomment-605130860
 
 
   Rebased to latest master to include (unrelated) test failure fix HDDS-3284.
   
   Note: it-freon failure unrelated (`TestRandomKeyGenerator.bigFileThan2GB:147 expected:<1> but was:<0>`).

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl commented on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default

Posted by GitBox <gi...@apache.org>.

smengcl commented on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default
URL: https://github.com/apache/hadoop-ozone/pull/582#issuecomment-603313613
 
 
   The test failure is due to hard-coding the check value for ozonesecure.
   Need to skip it for non-secure.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] smengcl edited a comment on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default

Posted by GitBox <gi...@apache.org>.

smengcl edited a comment on issue #582: HDDS-3047. ObjectStore#listVolumesByUser and CreateVolumeHandler#call should get user's full principal name instead of login name by default
URL: https://github.com/apache/hadoop-ozone/pull/582#issuecomment-603239297
 
 
   Added robot test to verify the fix.
   
   So without the change in `CreateVolumeHandler`, `Check volume from ozonefs` step will fail because `admin` field is short user name (mapped by `auth_to_local` from `testuser/scm@EXAMPLE.COM` into `root` in this case):
   ```
   Check volume from ozonefs                                             | FAIL |
   '{
     "metadata" : { },
     "name" : "fstest",
     "admin" : "root",
     "owner" : "testuser/scm@EXAMPLE.COM",
     "creationTime" : "2020-03-24T13:24:58.505Z",
     "acls" : [ {
       "type" : "USER",
       "name" : "testuser/scm@EXAMPLE.COM",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     }, {
       "type" : "GROUP",
       "name" : "root",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     } ],
     "quota" : 109951162777600
   }
   {
     "metadata" : { },
     "name" : "fstest2",
     "admin" : "root",
     "owner" : "testuser/scm@EXAMPLE.COM",
     "creationTime" : "2020-03-24T13:25:02.525Z",
     "acls" : [ {
       "type" : "USER",
       "name" : "testuser/scm@EXAMPLE.COM",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     }, {
       "type" : "GROUP",
       "name" : "root",
       "aclScope" : "ACCESS",
       "aclList" : [ "ALL" ]
     } ],
     "quota" : 109951162777600
   }' does not contain '"admin" : "testuser/scm@EXAMPLE.COM"'
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org