Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-4944 Multi-Tenant Support in Ozone
  3. HDDS-6909

[Multi-Tenant] Use RangerClient for Ranger operations

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.3.0
    • None

    Description

      HDDS-5836 is merged. But we have yet to switch the actual logic to RangerClient.

      1. Use RangerClientMultiTenantAccessController instead of RangerRestMultiTenantAccessController.
      2. Get rid of MultiTenantAccessAuthorizer and MultiTenantAccessAuthorizerRangerPlugin – use MultiTenantAccessController instead.
      3. work around RangerClient's missing getServiceVersion() API Use rangerClient.getService(serviceName).getPolicyVersion() to implement RangerClientMultiTenantAccessController#getRangerServiceVersion()

      RangerClient allows the use of Kerberos principal and ticket as login credential (preferred than username and password).

      Attachments

        Issue Links

          Dependent

          Sub-task - The sub-task of the issue HDDS-5836 [Multi-Tenant] Use Ranger Java client

          • Major - Major loss of function.
          • Resolved
          incorporates

          Sub-task - The sub-task of the issue HDDS-6755 [Multi-Tenant] Work around Ranger client not supporting service version call

          • Major - Major loss of function.
          • Resolved
          relates to

          Sub-task - The sub-task of the issue HDDS-10274 Remove unused AccessPolicy

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #3576

          Activity

            People

              smeng Siyao Meng
              smeng Siyao Meng
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: