You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2021/09/29 01:32:27 UTC
[GitHub] [ozone] smengcl opened a new pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
smengcl opened a new pull request #2692:
URL: https://github.com/apache/ozone/pull/2692
https://issues.apache.org/jira/browse/HDDS-5754
- [!] Moved `ozone s3 tenant` subcommands under `ozone tenant`.
- Implemented GetUserInfo
## Demo with `compose/ozonesecure`
```bash
$ kinit -kt /etc/security/keytabs/om.keytab om/om@EXAMPLE.COM
$ curl -k https://ranger:6182/
{}
$ ozone tenant user info bob@EXAMPLE.COM
'bob@EXAMPLE.COM' is not assigned to any tenant.
$ ozone tenant create finance
Created tenant 'finance'.
$ ozone tenant user assign bob@EXAMPLE.COM --tenant=finance
Assigned 'bob@EXAMPLE.COM' to 'finance' under accessId 'finance$bob@EXAMPLE.COM'.
export AWS_ACCESS_KEY_ID='finance$bob@EXAMPLE.COM'
export AWS_SECRET_ACCESS_KEY='...'
$ ozone tenant create dev
Created tenant 'dev'.
$ ozone tenant user assign bob@EXAMPLE.COM --tenant=dev
Assigned 'bob@EXAMPLE.COM' to 'dev' under accessId 'dev$bob@EXAMPLE.COM'.
export AWS_ACCESS_KEY_ID='dev$bob@EXAMPLE.COM'
export AWS_SECRET_ACCESS_KEY='...'
$ ozone tenant user info bob@EXAMPLE.COM
User 'bob@EXAMPLE.COM' is assigned to:
- Tenant 'finance' under accessId 'finance$bob@EXAMPLE.COM'
- Tenant 'dev' under accessId 'dev$bob@EXAMPLE.COM'
```
## How was this patch tested?
- [x] Added new robot test
- [x] Added new integration test.
Still needs some polishing and cleanups. Filing as a draft PR for the moment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] prashantpogde commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
prashantpogde commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718983086
##########
File path: hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/tenant/GetUserInfoHandler.java
##########
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.shell.tenant;
+
+import org.apache.hadoop.hdds.cli.GenericCli;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantAccessIdInfo;
+import org.apache.hadoop.ozone.shell.OzoneAddress;
+import picocli.CommandLine;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * ozone tenant user info.
+ */
+@CommandLine.Command(name = "info",
+ description = "Get tenant related information of a user")
+public class GetUserInfoHandler extends TenantHandler {
+
+ @CommandLine.Spec
+ private CommandLine.Model.CommandSpec spec;
+
+ @CommandLine.Parameters(description = "List of user principal(s)")
Review comment:
Do we want this CLI to work on multiple users in one shot ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] prashantpogde commented on pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
prashantpogde commented on pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#issuecomment-930661870
please also update the description to include additional changes that are part of this PR e.g. revokeTenantAccess.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] smengcl commented on pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
smengcl commented on pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#issuecomment-933743536
Thanks @prashantpogde for the review!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] smengcl commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
smengcl commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718987029
##########
File path: hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/tenant/RevokeUserAccessToTenantHandler.java
##########
@@ -15,18 +15,18 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.hadoop.ozone.shell.s3;
+package org.apache.hadoop.ozone.shell.tenant;
import org.apache.hadoop.ozone.client.OzoneClient;
import org.apache.hadoop.ozone.shell.OzoneAddress;
import picocli.CommandLine;
/**
- * ozone s3 user modify.
+ * ozone tenant user revoke.
*/
-@CommandLine.Command(name = "modify",
- description = "Modify a tenant user")
-public class TenantUserModifyHandler extends S3Handler {
+@CommandLine.Command(name = "revoke",
+ description = "Revoke user access to tenant")
+public class RevokeUserAccessToTenantHandler extends TenantHandler {
Review comment:
Yeah. Besides admins, I think one can also remove him/herself from a tenant?
I'm not implementing `RevokeUserAccessToTenantHandler` in this jira. Just fixing some framework stuff that **remained** in the prototype code for now so it's easier for me to work on it later.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] prashantpogde commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
prashantpogde commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718984303
##########
File path: hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/tenant/RevokeUserAccessToTenantHandler.java
##########
@@ -15,18 +15,18 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.hadoop.ozone.shell.s3;
+package org.apache.hadoop.ozone.shell.tenant;
import org.apache.hadoop.ozone.client.OzoneClient;
import org.apache.hadoop.ozone.shell.OzoneAddress;
import picocli.CommandLine;
/**
- * ozone s3 user modify.
+ * ozone tenant user revoke.
*/
-@CommandLine.Command(name = "modify",
- description = "Modify a tenant user")
-public class TenantUserModifyHandler extends S3Handler {
+@CommandLine.Command(name = "revoke",
+ description = "Revoke user access to tenant")
+public class RevokeUserAccessToTenantHandler extends TenantHandler {
Review comment:
this would be a tenant admin command. right ? invoker should have "ALL" access to the tenant volume.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] prashantpogde commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
prashantpogde commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718983769
##########
File path: hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/tenant/GetUserInfoHandler.java
##########
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.shell.tenant;
+
+import org.apache.hadoop.hdds.cli.GenericCli;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantAccessIdInfo;
+import org.apache.hadoop.ozone.shell.OzoneAddress;
+import picocli.CommandLine;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * ozone tenant user info.
+ */
+@CommandLine.Command(name = "info",
+ description = "Get tenant related information of a user")
+public class GetUserInfoHandler extends TenantHandler {
+
+ @CommandLine.Spec
+ private CommandLine.Model.CommandSpec spec;
+
+ @CommandLine.Parameters(description = "List of user principal(s)")
+ private List<String> userPrincipals = new ArrayList<>();
+
+ private boolean isEmptyList(List<String> list) {
+ return list == null || list.size() == 0;
+ }
+
+ @Override
+ protected void execute(OzoneClient client, OzoneAddress address) {
+ final ObjectStore objStore = client.getObjectStore();
+
+ if (isEmptyList(userPrincipals)) {
+ GenericCli.missingSubcommand(spec);
+ return;
+ }
+
+ for (final String userPrincipal : userPrincipals) {
+ try {
+ final TenantUserInfoValue tenantUserInfo =
+ objStore.tenantGetUserInfo(userPrincipal);
+ List<TenantAccessIdInfo> accessIdInfoList =
+ tenantUserInfo.getAccessIdInfoList();
+ if (accessIdInfoList.size() == 0) {
+ out().println("User '" + userPrincipal +
+ "' is not assigned to any tenant.");
+ continue;
+ }
+ out().println("User '" + userPrincipal + "' is assigned to:");
+
+ for (TenantAccessIdInfo accessIdInfo : accessIdInfoList) {
+ out().println("- Tenant '" + accessIdInfo.getTenantName() +
+ "' under accessId '" + accessIdInfo.getAccessId() + "'");
Review comment:
perhaps s/"under"/"with"/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] smengcl commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
smengcl commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718987029
##########
File path: hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/tenant/RevokeUserAccessToTenantHandler.java
##########
@@ -15,18 +15,18 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.hadoop.ozone.shell.s3;
+package org.apache.hadoop.ozone.shell.tenant;
import org.apache.hadoop.ozone.client.OzoneClient;
import org.apache.hadoop.ozone.shell.OzoneAddress;
import picocli.CommandLine;
/**
- * ozone s3 user modify.
+ * ozone tenant user revoke.
*/
-@CommandLine.Command(name = "modify",
- description = "Modify a tenant user")
-public class TenantUserModifyHandler extends S3Handler {
+@CommandLine.Command(name = "revoke",
+ description = "Revoke user access to tenant")
+public class RevokeUserAccessToTenantHandler extends TenantHandler {
Review comment:
Yeah. Besides admins, I think one can also revoke him/herself from a tenant?
I'm not implementing `RevokeUserAccessToTenantHandler` in this jira. Just fixing some framework stuff that **remained** in the prototype code for now so it's easier for me to work on it later.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] smengcl commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
smengcl commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718985288
##########
File path: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/TenantUserInfoValue.java
##########
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.om.helpers;
+
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantAccessIdInfo;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantUserInfo;
+
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Utility class to handle protobuf message TenantUserInfo conversion.
+ */
+public class TenantUserInfoValue {
+
+ // Usually the Kerberos principal of a user.
+ private final String userPrincipal;
+
+ // A map from accessId to tenant name.
+ private final List<TenantAccessIdInfo> accessIdInfoList;
Review comment:
`TenantUserInfoValue` class is a wrapper for the underlying `TenantUserInfo` protobuf message. We can actually transform the list into a map if it's necessary later. e.g. for frequent lookups.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] prashantpogde edited a comment on pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
prashantpogde edited a comment on pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#issuecomment-930661870
Thanks @smengcl for making these changes. Perhaps we can update the description to include additional changes that are part of this PR e.g. revokeTenantAccess.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] prashantpogde commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
prashantpogde commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718981010
##########
File path: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/TenantUserInfoValue.java
##########
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.om.helpers;
+
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantAccessIdInfo;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantUserInfo;
+
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Utility class to handle protobuf message TenantUserInfo conversion.
+ */
+public class TenantUserInfoValue {
+
+ // Usually the Kerberos principal of a user.
+ private final String userPrincipal;
+
+ // A map from accessId to tenant name.
+ private final List<TenantAccessIdInfo> accessIdInfoList;
Review comment:
Looks like thats how it is, please ignore the comment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] smengcl merged pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
smengcl merged pull request #2692:
URL: https://github.com/apache/ozone/pull/2692
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] prashantpogde commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
prashantpogde commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718977362
##########
File path: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java
##########
@@ -304,8 +305,7 @@ public static boolean isReadOnly(
case ModifyTenant:
case DeleteTenant:
case AssignUserToTenant:
- case ModifyTenantUser:
- case DeleteTenantUser:
+ case RevokeUserAccessToTenant:
Review comment:
not related to this PR ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] prashantpogde commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
prashantpogde commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718977362
##########
File path: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java
##########
@@ -304,8 +305,7 @@ public static boolean isReadOnly(
case ModifyTenant:
case DeleteTenant:
case AssignUserToTenant:
- case ModifyTenantUser:
- case DeleteTenantUser:
+ case RevokeUserAccessToTenant:
Review comment:
not related to this PR ?
##########
File path: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/TenantUserInfoValue.java
##########
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.om.helpers;
+
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantAccessIdInfo;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantUserInfo;
+
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Utility class to handle protobuf message TenantUserInfo conversion.
+ */
+public class TenantUserInfoValue {
+
+ // Usually the Kerberos principal of a user.
+ private final String userPrincipal;
+
+ // A map from accessId to tenant name.
+ private final List<TenantAccessIdInfo> accessIdInfoList;
Review comment:
we can return a list of tuple <accessID, tenant name>.
That would be more useful information in order to find out which accessID should one use to access a given tenant-volume.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] smengcl commented on pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
smengcl commented on pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#issuecomment-930664683
> Thanks @smengcl for making these changes. Perhaps we can update the description to include additional changes that are part of this PR e.g. revokeTenantAccess.
done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] smengcl commented on a change in pull request #2692: HDDS-5754. [Multi-Tenant] Implement GetUserInfo
Posted by GitBox <gi...@apache.org>.
smengcl commented on a change in pull request #2692:
URL: https://github.com/apache/ozone/pull/2692#discussion_r718984888
##########
File path: hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/tenant/GetUserInfoHandler.java
##########
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.shell.tenant;
+
+import org.apache.hadoop.hdds.cli.GenericCli;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantAccessIdInfo;
+import org.apache.hadoop.ozone.shell.OzoneAddress;
+import picocli.CommandLine;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * ozone tenant user info.
+ */
+@CommandLine.Command(name = "info",
+ description = "Get tenant related information of a user")
+public class GetUserInfoHandler extends TenantHandler {
+
+ @CommandLine.Spec
+ private CommandLine.Model.CommandSpec spec;
+
+ @CommandLine.Parameters(description = "List of user principal(s)")
Review comment:
yes. the for loop below works just fine.
##########
File path: hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/tenant/GetUserInfoHandler.java
##########
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.shell.tenant;
+
+import org.apache.hadoop.hdds.cli.GenericCli;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantAccessIdInfo;
+import org.apache.hadoop.ozone.shell.OzoneAddress;
+import picocli.CommandLine;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * ozone tenant user info.
+ */
+@CommandLine.Command(name = "info",
+ description = "Get tenant related information of a user")
+public class GetUserInfoHandler extends TenantHandler {
+
+ @CommandLine.Spec
+ private CommandLine.Model.CommandSpec spec;
+
+ @CommandLine.Parameters(description = "List of user principal(s)")
+ private List<String> userPrincipals = new ArrayList<>();
+
+ private boolean isEmptyList(List<String> list) {
+ return list == null || list.size() == 0;
+ }
+
+ @Override
+ protected void execute(OzoneClient client, OzoneAddress address) {
+ final ObjectStore objStore = client.getObjectStore();
+
+ if (isEmptyList(userPrincipals)) {
+ GenericCli.missingSubcommand(spec);
+ return;
+ }
+
+ for (final String userPrincipal : userPrincipals) {
+ try {
+ final TenantUserInfoValue tenantUserInfo =
+ objStore.tenantGetUserInfo(userPrincipal);
+ List<TenantAccessIdInfo> accessIdInfoList =
+ tenantUserInfo.getAccessIdInfoList();
+ if (accessIdInfoList.size() == 0) {
+ out().println("User '" + userPrincipal +
+ "' is not assigned to any tenant.");
+ continue;
+ }
+ out().println("User '" + userPrincipal + "' is assigned to:");
+
+ for (TenantAccessIdInfo accessIdInfo : accessIdInfoList) {
+ out().println("- Tenant '" + accessIdInfo.getTenantName() +
+ "' under accessId '" + accessIdInfo.getAccessId() + "'");
Review comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org