[HDDS-4944] Multi-Tenant Support in Ozone - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.3.0
Fix Version/s: None
Component/s: Ozone CLI, Ozone Datanode, Ozone Manager, S3, SCM, Security
Labels:
- ozone-multitenancy
- pull-request-available

Description

This Jira will be used to track a new feature for Multi-Tenant support in Ozone. Initially Multi-Tenant feature would be limited to ozone-users accessing Ozone over S3 interface.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

VariousActorsInteractions.png
18/Mar/21 20:22
112 kB
Prashant Pogde
UseCaseCurrentOzoneS3BackwardCompatibility.pdf
18/Mar/21 20:28
27 kB
Prashant Pogde
UseCaseConfigureMultiTenancy.png
18/Mar/21 20:17
220 kB
Prashant Pogde
UseCaseCephCompatibility.pdf
18/Mar/21 20:26
61 kB
Prashant Pogde
UseCaseAWSCompatibility.pdf
18/Mar/21 20:25
61 kB
Prashant Pogde
uml_multitenant_interface_design.png
16/Apr/21 22:19
86 kB
Prashant Pogde
Ozone MultiTenant Feature _ Requirements and Abstractions-3.pdf
01/Apr/21 16:41
47 kB
Prashant Pogde
Ozone, Multi-tenancy, S3, Kerberos....pdf
22/Mar/21 08:03
90 kB
Marton Elek
Ozone_S3_Multi-Tenant_Cross-Tenant_Bucket_Sharing_with_Symbolic_Links.pdf
21/Jun/21 04:43
136 kB
Prashant Pogde
Ozone_APIs_for_MultiTenancy.pdf
21/Jun/21 04:43
71 kB
Prashant Pogde
Apache-S3-compatible-Multi-Tenant-Ozone-short.pdf.gz
18/Mar/21 20:03
1020 kB
Prashant Pogde
Apache_Ozone_options_for_Volume_Access_and_User_Management.pdf
21/Jun/21 04:43
77 kB
Prashant Pogde
(v2)_Apache-S3-compatible-Multi-Tenant-Ozone_High_level_Design.pdf
21/Jun/21 04:43
384 kB
Prashant Pogde
(v2)_Apache_Ozone_MultiTenant_Feature__Updated_Requirements_and_Abstractions.pdf
21/Jun/21 04:43
48 kB
Prashant Pogde

Sub-Tasks

1.	Initial ProtoTyping for Ozone Multi-Tenant Feature	Resolved	Prashant Pogde
2.	Support Ozone s3 authentication with arbitrary accessId that is not same as the kerberos ID.	Resolved	Aravindan Vijayan
3.	Support revoking S3 secret	Resolved	Siyao Meng
4.	Add new OM DB tables for AssignUserToTenant	Resolved	Siyao Meng
5.	Chroot S3 requests for a tenant to their corresponding volume	Resolved	Ethan Rose
6.	[Multi-Tenant] Implement AssignUserToTenant	Resolved	Siyao Meng
7.	[Multi-Tenant] GetS3Secret should retrieve secret from new tables as well	Resolved	Siyao Meng
8.	[Multi-Tenant] Implement GetUserInfo	Resolved	Siyao Meng
9.	[Multi-Tenant] Implement AssignTenantAdmin, RevokeTenantAdmin, ListTenant, RevokeAccessID	Resolved	Siyao Meng
10.	[Multi-Tenant] Implement ListUsersInTenant	Resolved	Aravindan Vijayan
11.	[Multi-Tenant] Implement `ozone tenant user getsecret` that does not generate secret when accessId does not exist	Resolved	Siyao Meng
12.	Move Ranger REST API interactions under same interface as Ranger client	Resolved	Ethan Rose
13.	[Multi-Tenant] Implement SetSecret: `ozone tenant user setsecret` and `ozone s3 setsecret`	Resolved	Siyao Meng
14.	Use changes from HDDS-5881 for volume chroot	Resolved	Ethan Rose
15.	[Multi-Tenant] Implement DeleteTenant: `ozone tenant delete`	Resolved	Siyao Meng
16.	[Multi-Tenant] Implement Cross-Tenant Bucket Sharing	Resolved	Siyao Meng
17.	[Multi-Tenant] Intermittent failure in TestOzoneTenantShell#testOzoneTenantBasicOperations	Resolved	Unassigned
18.	S3SecretManagerImpl#getS3Secret should (prefer to) use TenantAccessIdTable	Resolved	Unassigned
19.	[Multi-Tenant] Bucket owner should be set to the user principal when creating bucket through aws s3api	Resolved	Siyao Meng
20.	[Multi-Tenant] Use VOLUME_LOCK in read and write requests, and some minor refactoring	Resolved	Siyao Meng
21.	[Multi-Tenant] Properly iterate cache and table in OzoneManager#listTenant	Resolved	Siyao Meng
22.	[Multi-Tenant] Handle upgrades to version supporting S3 multi-tenancy	Resolved	Siyao Meng
23.	[Multi-Tenant] Fix KMS Encryption/Decryption	Resolved	Siyao Meng
24.	[Multi-Tenant] Add feature documentation and CLI quick start guide	Resolved	Siyao Meng
25.	[Multi-Tenant] Disallow specifying custom accessId in OzoneManager	Resolved	Siyao Meng
26.	[Multi-Tenant] Implement tenant request metrics	Resolved	Siyao Meng
27.	[Multi-Tenant] Refactor OMMultitenantManager and OMTenantRequestHelper	Resolved	Aswin Shakil
28.	[Multi-Tenant] Merge and cleanup tenant group/role/policy tables, refactor protobuf messages and `isTenantAdmin`	Resolved	Siyao Meng
29.	[Multi-Tenant] Clean up unused tenantDefaultPolicyName field in CreateTenantRequest protobuf message	Resolved	Siyao Meng
30.	[Multi-Tenant] Fix a permission check bug that prevents non-delegated admins from assigning/revoking users to/from the tenant	Resolved	Siyao Meng
31.	[Multi-Tenant] Update documentation around Ranger policy creation on bucket sharing	Resolved	Siyao Meng
32.	[Multi-Tenant] Provide OM DB to Apache Ranger Sync mechanism	Resolved	Prashant Pogde
33.	[Multi-Tenant] Add proper locking between Ranger background sync service and tenant requests; bug fixes	Resolved	Siyao Meng
34.	[Multi-Tenant] Use Ranger Java client	Resolved	Ethan Rose
35.	[Multi-Tenant] Add tenant CLI option to print results in JSON	Resolved	Siyao Meng
36.	[Multi-Tenant] Add a config key to enable or disable S3 Multi-Tenancy feature	Resolved	Siyao Meng
37.	[Multi-Tenant] Follow-up: Set owner of buckets created via S3 Gateway to actual user	Resolved	Siyao Meng
38.	[MultiTenancy] User get-secret throws USER_MISMATCH	Resolved	Siyao Meng
39.	[MultiTenancy] No user validation on assignUser API	Resolved	Siyao Meng
40.	[MultiTenancy] Tenant being created on existing volume	Resolved	Siyao Meng
41.	[MultiTenancy] Preferred list output for userList/userInfo APIs	Resolved	Unassigned
42.	[MultiTenancy] Create uniform output for AWS secrets across APIs	Resolved	Siyao Meng
43.	[MultiTenancy] Kerberos principal should be replaced with actual user	Resolved	Siyao Meng
44.	[MultiTenancy] Assign admin should not default to delegated admin	Resolved	Siyao Meng
45.	[MultiTenancy] User List and Tenant List to have --json output	Resolved	Unassigned
46.	[MultiTenancy] DBinfo message on console on missing accessId	Resolved	Siyao Meng
47.	[Multi-Tenant] Work around Ranger client not supporting service version call	Resolved	Aswin Shakil
48.	[Multi-Tenant] Use RangerClient for Ranger operations	Resolved	Siyao Meng
49.	[Multi-Tenant] Move Ranger plugin version to a separate tag	Resolved	Siyao Meng
50.	[Multi-Tenant] Fix USER_MISMATCH error even on correct user	Resolved	Aswin Shakil
51.	[Multi-Tenant] Set QuotaInBytes and QuotaInNamespace during Tenant Create	Resolved	Aswin Shakil
52.	[Multi-Tenant] Fix warning message when OM BG Sync is unable to get Ozone service policy version from Ranger	Resolved	Siyao Meng
53.	Rebuilding tenant cache omits empty tenants	Resolved	Ethan Rose
54.	NPE when Ranger client throws RangerServiceException without Status	Resolved	Ethan Rose
55.	[Multi-Tenant] Allow tenant creation with volume name different than tenant name.	Open	Unassigned
56.	[MultiTenancy] User list should have admin information	Open	Unassigned
57.	[Multi-Tenant] Add a mock Ranger server to test Ranger HTTP endpoint calls	Open	Unassigned
58.	[MultiTenancy] Failed to assign user to tenant	Open	Unassigned
59.	[MultiTenancy] User info should have limited access except for admin	Open	Unassigned
60.	[Multi-Tenant] Add CLI Documentation	Resolved	Unassigned
61.	[Multi-Tenant] Add a Kerberized version of TestOzoneTenantShell	Open	Unassigned
62.	[Multi-Tenant] Use optimistic read in Ranger background sync	Resolved	Ethan Rose
63.	[Multi-Tenant] Add proper error message to TenantAssignAdmin and TenantRevokeAdmin	Resolved	Aswin Shakil
64.	[Multi-Tenant] Add Volume Existence check in preExecute for OMTenantCreateRequest	Resolved	Aswin Shakil
65.	Recon: Add multi-tenancy info display or statistics	Open	Unassigned
66.	[Multi-Tenant] Add CLI option to allow tenant creation on top of existing volumes	Patch Available	Siyao Meng

Activity

People

Assignee:: Prashant Pogde

Reporter:: Prashant Pogde

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: 09/Mar/21 20:01

Updated:: 03/Oct/22 22:13