Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-4944

Multi-Tenant Support in Ozone

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      This Jira will be used to track a new feature for Multi-Tenant support in Ozone. Initially Multi-Tenant feature would be limited to ozone-users accessing Ozone over S3 interface.

      Attachments

        1.
        Initial ProtoTyping for Ozone Multi-Tenant Feature Sub-task Resolved Prashant Pogde Actions
        2.
        Support Ozone s3 authentication with arbitrary accessId that is not same as the kerberos ID. Sub-task Resolved Aravindan Vijayan Actions
        3.
        Support revoking S3 secret Sub-task Resolved Siyao Meng Actions
        4.
        Add new OM DB tables for AssignUserToTenant Sub-task Resolved Siyao Meng Actions
        5.
        Chroot S3 requests for a tenant to their corresponding volume Sub-task Resolved Ethan Rose Actions
        6.
        [Multi-Tenant] Implement AssignUserToTenant Sub-task Resolved Siyao Meng Actions
        7.
        [Multi-Tenant] GetS3Secret should retrieve secret from new tables as well Sub-task Resolved Siyao Meng Actions
        8.
        [Multi-Tenant] Implement GetUserInfo Sub-task Resolved Siyao Meng Actions
        9.
        [Multi-Tenant] Implement AssignTenantAdmin, RevokeTenantAdmin, ListTenant, RevokeAccessID Sub-task Resolved Siyao Meng Actions
        10.
        [Multi-Tenant] Implement ListUsersInTenant Sub-task Resolved Aravindan Vijayan Actions
        11.
        [Multi-Tenant] Implement `ozone tenant user getsecret` that does not generate secret when accessId does not exist Sub-task Resolved Siyao Meng Actions
        12.
        Move Ranger REST API interactions under same interface as Ranger client Sub-task Resolved Ethan Rose Actions
        13.
        [Multi-Tenant] Implement SetSecret: `ozone tenant user setsecret` and `ozone s3 setsecret` Sub-task Resolved Siyao Meng Actions
        14.
        Use changes from HDDS-5881 for volume chroot Sub-task Resolved Ethan Rose Actions
        15.
        [Multi-Tenant] Implement DeleteTenant: `ozone tenant delete` Sub-task Resolved Siyao Meng Actions
        16.
        [Multi-Tenant] Implement Cross-Tenant Bucket Sharing Sub-task Resolved Siyao Meng Actions
        17.
        [Multi-Tenant] Intermittent failure in TestOzoneTenantShell#testOzoneTenantBasicOperations Sub-task Resolved Unassigned Actions
        18.
        S3SecretManagerImpl#getS3Secret should (prefer to) use TenantAccessIdTable Sub-task Resolved Unassigned Actions
        19.
        [Multi-Tenant] Bucket owner should be set to the user principal when creating bucket through aws s3api Sub-task Resolved Siyao Meng Actions
        20.
        [Multi-Tenant] Use VOLUME_LOCK in read and write requests, and some minor refactoring Sub-task Resolved Siyao Meng Actions
        21.
        [Multi-Tenant] Properly iterate cache and table in OzoneManager#listTenant Sub-task Resolved Siyao Meng Actions
        22.
        [Multi-Tenant] Handle upgrades to version supporting S3 multi-tenancy Sub-task Resolved Siyao Meng Actions
        23.
        [Multi-Tenant] Fix KMS Encryption/Decryption Sub-task Resolved Siyao Meng Actions
        24.
        [Multi-Tenant] Add feature documentation and CLI quick start guide Sub-task Resolved Siyao Meng Actions
        25.
        [Multi-Tenant] Disallow specifying custom accessId in OzoneManager Sub-task Resolved Siyao Meng Actions
        26.
        [Multi-Tenant] Implement tenant request metrics Sub-task Resolved Siyao Meng Actions
        27.
        [Multi-Tenant] Refactor OMMultitenantManager and OMTenantRequestHelper Sub-task Resolved Aswin Shakil Balasubramanian Actions
        28.
        [Multi-Tenant] Merge and cleanup tenant group/role/policy tables, refactor protobuf messages and `isTenantAdmin` Sub-task Resolved Siyao Meng Actions
        29.
        [Multi-Tenant] Clean up unused tenantDefaultPolicyName field in CreateTenantRequest protobuf message Sub-task Resolved Siyao Meng Actions
        30.
        [Multi-Tenant] Fix a permission check bug that prevents non-delegated admins from assigning/revoking users to/from the tenant Sub-task Resolved Siyao Meng Actions
        31.
        [Multi-Tenant] Update documentation around Ranger policy creation on bucket sharing Sub-task Resolved Siyao Meng Actions
        32.
        [Multi-Tenant] Provide OM DB to Apache Ranger Sync mechanism Sub-task Resolved Prashant Pogde Actions
        33.
        [Multi-Tenant] Add proper locking between Ranger background sync service and tenant requests; bug fixes Sub-task Resolved Siyao Meng Actions
        34.
        [Multi-Tenant] Use Ranger Java client Sub-task Resolved Ethan Rose Actions
        35.
        [Multi-Tenant] Add tenant CLI option to print results in JSON Sub-task Resolved Siyao Meng Actions
        36.
        [Multi-Tenant] Add a config key to enable or disable S3 Multi-Tenancy feature Sub-task Resolved Siyao Meng Actions
        37.
        [Multi-Tenant] Follow-up: Set owner of buckets created via S3 Gateway to actual user Sub-task Resolved Siyao Meng Actions
        38.
        [MultiTenancy] User get-secret throws USER_MISMATCH Sub-task Resolved Siyao Meng Actions
        39.
        [MultiTenancy] No user validation on assignUser API Sub-task Resolved Siyao Meng Actions
        40.
        [MultiTenancy] Tenant being created on existing volume Sub-task Resolved Siyao Meng Actions
        41.
        [MultiTenancy] Preferred list output for userList/userInfo APIs Sub-task Resolved Unassigned Actions
        42.
        [MultiTenancy] Create uniform output for AWS secrets across APIs Sub-task Resolved Siyao Meng Actions
        43.
        [MultiTenancy] Kerberos principal should be replaced with actual user Sub-task Resolved Siyao Meng Actions
        44.
        [MultiTenancy] Assign admin should not default to delegated admin Sub-task Resolved Siyao Meng Actions
        45.
        [MultiTenancy] User List and Tenant List to have --json output Sub-task Resolved Unassigned Actions
        46.
        [MultiTenancy] DBinfo message on console on missing accessId Sub-task Resolved Siyao Meng Actions
        47.
        [Multi-Tenant] Add CLI Documentation Sub-task Open Unassigned Actions
        48.
        [Multi-Tenant] Allow tenant creation with volume name different than tenant name. Sub-task Open Unassigned Actions
        49.
        [Multi-Tenant] Add a mock Ranger server to test Ranger HTTP endpoint calls Sub-task Open Unassigned Actions
        50.
        [Multi-Tenant] Add a Kerberized version of TestOzoneTenantShell Sub-task Open Unassigned Actions
        51.
        [Multi-Tenant] Work around Ranger client not supporting service version call Sub-task Resolved Aswin Shakil Balasubramanian Actions
        52.
        [MultiTenancy] User info should have limited access except for admin Sub-task Open Unassigned Actions
        53.
        [MultiTenancy] Failed to assign user to tenant Sub-task Open Unassigned Actions
        54.
        [MultiTenancy] User list should have admin information Sub-task Open Unassigned Actions
        55.
        [Multi-Tenant] Use RangerClient for Ranger operations Sub-task In Progress Siyao Meng Actions
        56.
        [Multi-Tenant] Move Ranger plugin version to a separate tag Sub-task Patch Available Siyao Meng Actions

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ppogde Prashant Pogde
            ppogde Prashant Pogde

            Dates

              Created:
              Updated:

              Slack

                Issue deployment