You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2022/06/27 21:21:24 UTC

[GitHub] [ozone] kerneltime commented on pull request #3553: HDDS-6942. Ozone Vols/Buckets/Objects created via S3 should not allow group access

kerneltime commented on PR #3553:
URL: https://github.com/apache/ozone/pull/3553#issuecomment-1167915092

   > It may be better to set this config from `OzoneClientCache` before any client is instantiated.
   > 
   > https://github.com/apache/ozone/blob/a8808d1c3781627c40e0ed25d0bb4ec1e74e3de2/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientCache.java#L58-L92
   
   I think decision for what the ACL config should be for entities created should reside closer to the request process. The Client and it's cache should avoid deciding defaults. It is much easier to evaluate all the outcomes of an API call if the choices in defaults are where the processing of the API is done. I would prefer to leave it here. I makes sense to evaluate connection level setting in the Client Cache (TLS etc) but should should a bucket have read access to all in the same group is really a S3 API level decision and `BaseEndpoint` is a good place to store that logic.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org