[HDDS-3402] Use proper acls for sub directories created during CreateDirectory operation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: Ozone Manager
Labels:
- TriagePending

Target Version/s:

1.4.0

Description

Use proper ACLS for subdirectories created during create directory operation.

All subdirectories/missing directories should inherit the ACLS from the bucket if ancestors are not present in key table. If present should inherit the ACLS from its ancestor.

Additionally, keys and dirs directly under a bucket should inherit ACLs from their parent bucket by default. e.g. Ranger allow policy on a bucket should grant access to keys and dirs in it as well (when not explicitly denied by other policies). Currently this is not the case: in Ranger an additional key-level policy has to be added, for example, for clients to create new keys in the bucket, even when there are allow policies on the parent bucket and volume. (LEGACY/OBS buckets doesn't require this extra key-level policy. And this deviation leads to different ACL behavior between FSO and LEGACY/OBS buckets.)

Attachments

Issue Links

Discovered while testing

HDDS-7496 Make default bucket layout FSO in a backwards compatible way

Resolved

duplicates

HDDS-8653 Let directory inherit parent default ACLs

Resolved

is related to

HDDS-2939 Ozone FS namespace

Resolved

Activity

People

Assignee:: Ashish Kumar

Reporter:: Bharat Viswanadham

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 16/Apr/20 05:40

Updated:: 23/May/23 16:40

Resolved:: 23/May/23 16:40