HDDS-4020. ACL commands like getacl and setacl should return a response only when Native Authorizer is enabled. #1271
Conversation
…se only when Native Authorizer is enabled.
xiaoyuyao
left a comment
xiaoyuyao
left a comment
There was a problem hiding this comment.
Thanks @bharatviswa504 for reporting the issue and the fix. It looks good to me overall. I have a few comments inline.
| String authorizerClass = configuration.get(OZONE_ACL_AUTHORIZER_CLASS); | ||
| if (authorizerClass != null && | ||
| !authorizerClass.equals(OZONE_ACL_AUTHORIZER_CLASS_DEFAULT)) { | ||
| System.out.print(String.format("When External Authorizer %s is " + |
There was a problem hiding this comment.
Can we move System.out.print to AclHandler#execute based on the checkExternalAuthorizer return?
There was a problem hiding this comment.
This configuration seem like a server side configuration and should come from authoritative source such as OM discovery.
What if the client does know what is configured on OM but OM is actually using native authorizer? If check based on client, we will not be able to do acl operations.
|
/pending Review comments are not addressed + no clean build |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
Closing this as HDDS-4089 is trying to fix acl commands when external authorizer is configured. |
3 participants
What changes were proposed in this pull request?
Currently, the getacl and setacl commands return wrong information when an external authorizer such as Ranger is enabled. There should be a check to verify if Native Authorizer is enabled before returning any response for these two commands.
If an external authorizer is enabled, it should show a nice message about managing acls in external authorizer.
What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-4020
How was this patch tested?
Added UT