You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2021/09/15 23:35:55 UTC

[GitHub] [ozone] errose28 commented on a change in pull request #2635: HDDS-5476. [Multi-Tenant] Support Ozone s3 authentication with arbitrary accessId that is not same as the kerberos ID

errose28 commented on a change in pull request #2635:
URL: https://github.com/apache/ozone/pull/2635#discussion_r709639875



##########
File path: hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
##########
@@ -157,11 +161,23 @@ public Builder setOmServiceId(String serviceId) {
       this.omServiceId = serviceId;
       return this;
     }
+
+    public Builder setOMMultiTenantManager(OMMultiTenantManager
+                                               multiTenantManager) {
+      this.omMultiTenantManager = multiTenantManager;
+      return this;
+    }
+
   }
 
   @Override
   public OzoneTokenIdentifier createIdentifier() {
-    return OzoneTokenIdentifier.newInstance();
+    OzoneTokenIdentifier tokenId = OzoneTokenIdentifier.newInstance();
+    if (multiTenantManager != null) {
+      tokenId.setGetUserForAccessId(
+          multiTenantManager::getUserNameGivenAccessId);

Review comment:
       It looks like the `OzoneTokenIdentifier` takes an operation returning the user name so it does not need to depend on the entire `OMMultiTenantManager` for this small part. Should we do the same thing for the `OzoneDelegationTokenSecretManager`, where it only depends on the operator and not the whole `OMMultiTenantManager` class, since the field's only use seems to be for retrieving this method? Or will there be more uses of `OMMultiTenantManager` here such that it's better to contain the entire class?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org