Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-4944

Multi-Tenant Support in Ozone

    XMLWordPrintableJSON

Details

    Description

      This Jira will be used to track a new feature for Multi-Tenant support in Ozone. Initially Multi-Tenant feature would be limited to ozone-users accessing Ozone over S3 interface.

      Attachments

        1. (v2)_Apache_Ozone_MultiTenant_Feature__Updated_Requirements_and_Abstractions.pdf
          48 kB
          Prashant Pogde
        2. (v2)_Apache-S3-compatible-Multi-Tenant-Ozone_High_level_Design.pdf
          384 kB
          Prashant Pogde
        3. Apache_Ozone_options_for_Volume_Access_and_User_Management.pdf
          77 kB
          Prashant Pogde
        4. Apache-S3-compatible-Multi-Tenant-Ozone-short.pdf.gz
          1020 kB
          Prashant Pogde
        5. Ozone_APIs_for_MultiTenancy.pdf
          71 kB
          Prashant Pogde
        6. Ozone_S3_Multi-Tenant_Cross-Tenant_Bucket_Sharing_with_Symbolic_Links.pdf
          136 kB
          Prashant Pogde
        7. Ozone, Multi-tenancy, S3, Kerberos....pdf
          90 kB
          Marton Elek
        8. Ozone MultiTenant Feature _ Requirements and Abstractions-3.pdf
          47 kB
          Prashant Pogde
        9. uml_multitenant_interface_design.png
          86 kB
          Prashant Pogde
        10. UseCaseAWSCompatibility.pdf
          61 kB
          Prashant Pogde
        11. UseCaseCephCompatibility.pdf
          61 kB
          Prashant Pogde
        12. UseCaseConfigureMultiTenancy.png
          220 kB
          Prashant Pogde
        13. UseCaseCurrentOzoneS3BackwardCompatibility.pdf
          27 kB
          Prashant Pogde
        14. VariousActorsInteractions.png
          112 kB
          Prashant Pogde
        1.
        Initial ProtoTyping for Ozone Multi-Tenant Feature Sub-task Resolved Prashant Pogde
        2.
        Support Ozone s3 authentication with arbitrary accessId that is not same as the kerberos ID. Sub-task Resolved Aravindan Vijayan
        3.
        Support revoking S3 secret Sub-task Resolved Siyao Meng
        4.
        Add new OM DB tables for AssignUserToTenant Sub-task Resolved Siyao Meng
        5.
        Chroot S3 requests for a tenant to their corresponding volume Sub-task Resolved Ethan Rose
        6.
        [Multi-Tenant] Implement AssignUserToTenant Sub-task Resolved Siyao Meng
        7.
        [Multi-Tenant] GetS3Secret should retrieve secret from new tables as well Sub-task Resolved Siyao Meng
        8.
        [Multi-Tenant] Implement GetUserInfo Sub-task Resolved Siyao Meng
        9.
        [Multi-Tenant] Implement AssignTenantAdmin, RevokeTenantAdmin, ListTenant, RevokeAccessID Sub-task Resolved Siyao Meng
        10.
        [Multi-Tenant] Implement ListUsersInTenant Sub-task Resolved Aravindan Vijayan
        11.
        [Multi-Tenant] Implement `ozone tenant user getsecret` that does not generate secret when accessId does not exist Sub-task Resolved Siyao Meng
        12.
        Move Ranger REST API interactions under same interface as Ranger client Sub-task Resolved Ethan Rose
        13.
        [Multi-Tenant] Implement SetSecret: `ozone tenant user setsecret` and `ozone s3 setsecret` Sub-task Resolved Siyao Meng
        14.
        Use changes from HDDS-5881 for volume chroot Sub-task Resolved Ethan Rose
        15.
        [Multi-Tenant] Implement DeleteTenant: `ozone tenant delete` Sub-task Resolved Siyao Meng
        16.
        [Multi-Tenant] Implement Cross-Tenant Bucket Sharing Sub-task Resolved Siyao Meng
        17.
        [Multi-Tenant] Intermittent failure in TestOzoneTenantShell#testOzoneTenantBasicOperations Sub-task Resolved Unassigned
        18.
        S3SecretManagerImpl#getS3Secret should (prefer to) use TenantAccessIdTable Sub-task Resolved Unassigned
        19.
        [Multi-Tenant] Bucket owner should be set to the user principal when creating bucket through aws s3api Sub-task Resolved Siyao Meng
        20.
        [Multi-Tenant] Use VOLUME_LOCK in read and write requests, and some minor refactoring Sub-task Resolved Siyao Meng
        21.
        [Multi-Tenant] Properly iterate cache and table in OzoneManager#listTenant Sub-task Resolved Siyao Meng
        22.
        [Multi-Tenant] Handle upgrades to version supporting S3 multi-tenancy Sub-task Resolved Siyao Meng
        23.
        [Multi-Tenant] Fix KMS Encryption/Decryption Sub-task Resolved Siyao Meng
        24.
        [Multi-Tenant] Add feature documentation and CLI quick start guide Sub-task Resolved Siyao Meng
        25.
        [Multi-Tenant] Disallow specifying custom accessId in OzoneManager Sub-task Resolved Siyao Meng
        26.
        [Multi-Tenant] Implement tenant request metrics Sub-task Resolved Siyao Meng
        27.
        [Multi-Tenant] Refactor OMMultitenantManager and OMTenantRequestHelper Sub-task Resolved Aswin Shakil Balasubramanian
        28.
        [Multi-Tenant] Merge and cleanup tenant group/role/policy tables, refactor protobuf messages and `isTenantAdmin` Sub-task Resolved Siyao Meng
        29.
        [Multi-Tenant] Clean up unused tenantDefaultPolicyName field in CreateTenantRequest protobuf message Sub-task Resolved Siyao Meng
        30.
        [Multi-Tenant] Fix a permission check bug that prevents non-delegated admins from assigning/revoking users to/from the tenant Sub-task Resolved Siyao Meng
        31.
        [Multi-Tenant] Update documentation around Ranger policy creation on bucket sharing Sub-task Resolved Siyao Meng
        32.
        [Multi-Tenant] Provide OM DB to Apache Ranger Sync mechanism Sub-task Resolved Prashant Pogde
        33.
        [Multi-Tenant] Add proper locking between Ranger background sync service and tenant requests; bug fixes Sub-task Resolved Siyao Meng
        34.
        [Multi-Tenant] Use Ranger Java client Sub-task Resolved Ethan Rose
        35.
        [Multi-Tenant] Add tenant CLI option to print results in JSON Sub-task Resolved Siyao Meng
        36.
        [Multi-Tenant] Add a config key to enable or disable S3 Multi-Tenancy feature Sub-task Resolved Siyao Meng
        37.
        [Multi-Tenant] Follow-up: Set owner of buckets created via S3 Gateway to actual user Sub-task Resolved Siyao Meng
        38.
        [MultiTenancy] User get-secret throws USER_MISMATCH Sub-task Resolved Siyao Meng
        39.
        [MultiTenancy] No user validation on assignUser API Sub-task Resolved Siyao Meng
        40.
        [MultiTenancy] Tenant being created on existing volume Sub-task Resolved Siyao Meng
        41.
        [MultiTenancy] Preferred list output for userList/userInfo APIs Sub-task Resolved Unassigned
        42.
        [MultiTenancy] Create uniform output for AWS secrets across APIs Sub-task Resolved Siyao Meng
        43.
        [MultiTenancy] Kerberos principal should be replaced with actual user Sub-task Resolved Siyao Meng
        44.
        [MultiTenancy] Assign admin should not default to delegated admin Sub-task Resolved Siyao Meng
        45.
        [MultiTenancy] User List and Tenant List to have --json output Sub-task Resolved Unassigned
        46.
        [MultiTenancy] DBinfo message on console on missing accessId Sub-task Resolved Siyao Meng
        47.
        [Multi-Tenant] Work around Ranger client not supporting service version call Sub-task Resolved Aswin Shakil Balasubramanian
        48.
        [Multi-Tenant] Use RangerClient for Ranger operations Sub-task Resolved Siyao Meng
        49.
        [Multi-Tenant] Move Ranger plugin version to a separate tag Sub-task Resolved Siyao Meng
        50.
        [Multi-Tenant] Fix USER_MISMATCH error even on correct user Sub-task Resolved Aswin Shakil Balasubramanian
        51.
        [Multi-Tenant] Set QuotaInBytes and QuotaInNamespace during Tenant Create Sub-task Resolved Aswin Shakil Balasubramanian
        52.
        [Multi-Tenant] Fix warning message when OM BG Sync is unable to get Ozone service policy version from Ranger Sub-task Resolved Siyao Meng
        53.
        Rebuilding tenant cache omits empty tenants Sub-task Resolved Ethan Rose
        54.
        NPE when Ranger client throws RangerServiceException without Status Sub-task Resolved Ethan Rose
        55.
        [Multi-Tenant] Allow tenant creation with volume name different than tenant name. Sub-task Open Unassigned
        56.
        [MultiTenancy] User list should have admin information Sub-task Open Unassigned
        57.
        [Multi-Tenant] Add a mock Ranger server to test Ranger HTTP endpoint calls Sub-task Open Unassigned
        58.
        [MultiTenancy] Failed to assign user to tenant Sub-task Open Unassigned
        59.
        [MultiTenancy] User info should have limited access except for admin Sub-task Open Unassigned
        60.
        [Multi-Tenant] Add CLI Documentation Sub-task Resolved Unassigned
        61.
        [Multi-Tenant] Add a Kerberized version of TestOzoneTenantShell Sub-task Open Unassigned
        62.
        [Multi-Tenant] Use optimistic read in Ranger background sync Sub-task Open Ethan Rose
        63.
        [Multi-Tenant] Add proper error message to TenantAssignAdmin and TenantRevokeAdmin Sub-task Resolved Aswin Shakil Balasubramanian
        64.
        [Multi-Tenant] Add Volume Existence check in preExecute for OMTenantCreateRequest Sub-task Resolved Aswin Shakil Balasubramanian
        65.
        Recon: Add multi-tenancy info display or statistics Sub-task Open Unassigned

        Activity

          People

            ppogde Prashant Pogde
            ppogde Prashant Pogde
            Votes:
            0 Vote for this issue
            Watchers:
            13 Start watching this issue

            Dates

              Created:
              Updated: