From 7e5663805edb583a28c314898e17001e1bf7a03f Mon Sep 17 00:00:00 2001 From: captainzmc Date: Thu, 19 Nov 2020 11:25:46 +0800 Subject: [PATCH 1/7] Modification of the operating introduction of ozone ranger. --- .../content/security/SecurityWithRanger.md | 21 +++++++++++++++++-- .../content/security/SecurityWithRanger.zh.md | 18 +++++++++++++++- 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/hadoop-hdds/docs/content/security/SecurityWithRanger.md b/hadoop-hdds/docs/content/security/SecurityWithRanger.md index 7daaf8199e18..cafe4df1f058 100644 --- a/hadoop-hdds/docs/content/security/SecurityWithRanger.md +++ b/hadoop-hdds/docs/content/security/SecurityWithRanger.md @@ -27,8 +27,9 @@ icon: user Apache Ranger™ is a framework to enable, monitor and manage comprehensive data -security across the Hadoop platform. Any version of Apache Ranger which is greater -than 1.20 is aware of Ozone, and can manage an Ozone cluster. +security across the Hadoop platform. Apache Ranger has supported Ozone authentication +since version 2.0. However, due to some bugs in 2.0, we prefer to use Apache Ranger +2.1 and later version. To use Apache Ranger, you must have Apache Ranger installed in your Hadoop @@ -44,3 +45,19 @@ Property|Value --------|------------------------------------------------------------ ozone.acl.enabled | true ozone.acl.authorizer.class| org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer + +The ranger permissions corresponding to Ozone operation are as follows: + + | Volume permission | Bucket permission | Key permission +---- | -------------------| ------------------| -------------- +Create volume | CREATE | | +List volume | LIST | | +Get volume Info | READ | | +Delete volume | DELETE | | +Create bucket | READ | CREATE | +List bucket | LIST, READ | | +Get bucket info | READ | READ | +Delete bucket | READ | DELETE | +List key | READ | LIST, READ | +Write key | READ | READ | CREATE, WRITE +Read key | READ | READ | READ \ No newline at end of file diff --git a/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md b/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md index 4d40a17d0188..c7a2d5039e38 100644 --- a/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md +++ b/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md @@ -26,7 +26,7 @@ icon: user --> -Apache Ranger™ 是一个用于管理和监控 Hadoop 平台复杂数据权限的框架。版本大于 1.20 的 Apache Ranger 都可以用于管理 Ozone 集群。 +Apache Ranger™ 是一个用于管理和监控 Hadoop 平台复杂数据权限的框架。Apache Ranger 从2.0版本开始支持ozone鉴权。但由于在2.0中存在一些bug,因此我们更推荐使用Apache Ranger 2.1及以后版本。 你需要先在你的 Hadoop 集群上安装 Apache Ranger,安装指南可以参考 [Apache Ranger 官网](https://ranger.apache.org/index.html). @@ -36,3 +36,19 @@ Apache Ranger™ 是一个用于管理和监控 Hadoop 平台复杂数据权限 --------|------------------------------------------------------------ ozone.acl.enabled | true ozone.acl.authorizer.class| org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer + +Ozone各类操作对应ranger权限如下: + + | Volume permission | Bucket permission | Key permission +---- | -------------------| ------------------| -------------- +Create volume | CREATE | | +List volume | LIST | | +Get volume Info | READ | | +Delete volume | DELETE | | +Create bucket | READ | CREATE | +List bucket | LIST, READ | | +Get bucket info | READ | READ | +Delete bucket | READ | DELETE | +List key | READ | LIST, READ | +Write key | READ | READ | CREATE, WRITE +Read key | READ | READ | READ \ No newline at end of file From 4e9ae26a38fc723b765104fbf1345a99ce9fbdcb Mon Sep 17 00:00:00 2001 From: captainzmc Date: Thu, 19 Nov 2020 14:12:25 +0800 Subject: [PATCH 2/7] fix style --- .../content/security/SecurityWithRanger.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/hadoop-hdds/docs/content/security/SecurityWithRanger.md b/hadoop-hdds/docs/content/security/SecurityWithRanger.md index cafe4df1f058..a77267daa43a 100644 --- a/hadoop-hdds/docs/content/security/SecurityWithRanger.md +++ b/hadoop-hdds/docs/content/security/SecurityWithRanger.md @@ -48,16 +48,16 @@ ozone.acl.authorizer.class| org.apache.ranger.authorization.ozone.authorizer.Ran The ranger permissions corresponding to Ozone operation are as follows: - | Volume permission | Bucket permission | Key permission ----- | -------------------| ------------------| -------------- -Create volume | CREATE | | -List volume | LIST | | -Get volume Info | READ | | -Delete volume | DELETE | | -Create bucket | READ | CREATE | -List bucket | LIST, READ | | -Get bucket info | READ | READ | -Delete bucket | READ | DELETE | -List key | READ | LIST, READ | -Write key | READ | READ | CREATE, WRITE -Read key | READ | READ | READ \ No newline at end of file +| operation&permission | Volume permission | Bucket permission | Key permission | +| :--- | :--- | :--- | :--- | +| Create volume | CREATE | | | +| List volume | LIST | | | +| Get volume Info | READ | | | +| Delete volume | DELETE | | | +| Create bucket | READ | CREATE | | +| List bucket | LIST, READ | | | +| Get bucket info | READ | READ | | +| Delete bucket | READ | DELETE | | +| List key | READ | LIST, READ | | +| Write key | READ | READ | CREATE, WRITE | +| Read key | READ | READ | READ | \ No newline at end of file From f460df7cd9467385742b85b89147d6f03cb6c0fd Mon Sep 17 00:00:00 2001 From: captainzmc Date: Thu, 19 Nov 2020 14:15:27 +0800 Subject: [PATCH 3/7] fix style --- .../content/security/SecurityWithRanger.zh.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md b/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md index c7a2d5039e38..ab1473a5ef7f 100644 --- a/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md +++ b/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md @@ -39,16 +39,16 @@ ozone.acl.authorizer.class| org.apache.ranger.authorization.ozone.authorizer.Ran Ozone各类操作对应ranger权限如下: - | Volume permission | Bucket permission | Key permission ----- | -------------------| ------------------| -------------- -Create volume | CREATE | | -List volume | LIST | | -Get volume Info | READ | | -Delete volume | DELETE | | -Create bucket | READ | CREATE | -List bucket | LIST, READ | | -Get bucket info | READ | READ | -Delete bucket | READ | DELETE | -List key | READ | LIST, READ | -Write key | READ | READ | CREATE, WRITE -Read key | READ | READ | READ \ No newline at end of file +| operation&permission | Volume permission | Bucket permission | Key permission | +| :--- | :--- | :--- | :--- | +| Create volume | CREATE | | | +| List volume | LIST | | | +| Get volume Info | READ | | | +| Delete volume | DELETE | | | +| Create bucket | READ | CREATE | | +| List bucket | LIST, READ | | | +| Get bucket info | READ | READ | | +| Delete bucket | READ | DELETE | | +| List key | READ | LIST, READ | | +| Write key | READ | READ | CREATE, WRITE | +| Read key | READ | READ | READ | \ No newline at end of file From 826429ecb9c8c2cb5fcc10ca44f65bc6545cd4aa Mon Sep 17 00:00:00 2001 From: micah zhao <1020358092@qq.com> Date: Thu, 19 Nov 2020 16:23:09 +0800 Subject: [PATCH 4/7] Update hadoop-hdds/docs/content/security/SecurityWithRanger.md Co-authored-by: Vivek Ratnavel Subramanian --- hadoop-hdds/docs/content/security/SecurityWithRanger.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hadoop-hdds/docs/content/security/SecurityWithRanger.md b/hadoop-hdds/docs/content/security/SecurityWithRanger.md index a77267daa43a..abd5dc29188e 100644 --- a/hadoop-hdds/docs/content/security/SecurityWithRanger.md +++ b/hadoop-hdds/docs/content/security/SecurityWithRanger.md @@ -28,8 +28,8 @@ icon: user Apache Ranger™ is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. Apache Ranger has supported Ozone authentication -since version 2.0. However, due to some bugs in 2.0, we prefer to use Apache Ranger -2.1 and later version. +since version 2.0. However, due to some bugs in 2.0, Apache Ranger +2.1 and later versions are recommended. To use Apache Ranger, you must have Apache Ranger installed in your Hadoop @@ -60,4 +60,4 @@ The ranger permissions corresponding to Ozone operation are as follows: | Delete bucket | READ | DELETE | | | List key | READ | LIST, READ | | | Write key | READ | READ | CREATE, WRITE | -| Read key | READ | READ | READ | \ No newline at end of file +| Read key | READ | READ | READ | From a61a3b9e1dc502144e857c84acfc0cda867aae51 Mon Sep 17 00:00:00 2001 From: micah zhao <1020358092@qq.com> Date: Thu, 19 Nov 2020 16:23:27 +0800 Subject: [PATCH 5/7] Update hadoop-hdds/docs/content/security/SecurityWithRanger.md Co-authored-by: Vivek Ratnavel Subramanian --- hadoop-hdds/docs/content/security/SecurityWithRanger.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hadoop-hdds/docs/content/security/SecurityWithRanger.md b/hadoop-hdds/docs/content/security/SecurityWithRanger.md index abd5dc29188e..4a0ca128c7c5 100644 --- a/hadoop-hdds/docs/content/security/SecurityWithRanger.md +++ b/hadoop-hdds/docs/content/security/SecurityWithRanger.md @@ -46,7 +46,7 @@ Property|Value ozone.acl.enabled | true ozone.acl.authorizer.class| org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer -The ranger permissions corresponding to Ozone operation are as follows: +The ranger permissions corresponding to the Ozone operations are as follows: | operation&permission | Volume permission | Bucket permission | Key permission | | :--- | :--- | :--- | :--- | From 652a566456ab802eaf1fc244df3dc95eb0c7149e Mon Sep 17 00:00:00 2001 From: captainzmc Date: Mon, 23 Nov 2020 10:22:43 +0800 Subject: [PATCH 6/7] fix review issues. --- hadoop-hdds/docs/content/security/SecurityWithRanger.md | 2 +- hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hadoop-hdds/docs/content/security/SecurityWithRanger.md b/hadoop-hdds/docs/content/security/SecurityWithRanger.md index 4a0ca128c7c5..ee86a115930b 100644 --- a/hadoop-hdds/docs/content/security/SecurityWithRanger.md +++ b/hadoop-hdds/docs/content/security/SecurityWithRanger.md @@ -46,7 +46,7 @@ Property|Value ozone.acl.enabled | true ozone.acl.authorizer.class| org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer -The ranger permissions corresponding to the Ozone operations are as follows: +The Ranger permissions corresponding to the Ozone operations are as follows: | operation&permission | Volume permission | Bucket permission | Key permission | | :--- | :--- | :--- | :--- | diff --git a/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md b/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md index ab1473a5ef7f..e7ff33e9268f 100644 --- a/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md +++ b/hadoop-hdds/docs/content/security/SecurityWithRanger.zh.md @@ -26,7 +26,7 @@ icon: user --> -Apache Ranger™ 是一个用于管理和监控 Hadoop 平台复杂数据权限的框架。Apache Ranger 从2.0版本开始支持ozone鉴权。但由于在2.0中存在一些bug,因此我们更推荐使用Apache Ranger 2.1及以后版本。 +Apache Ranger™ 是一个用于管理和监控 Hadoop 平台复杂数据权限的框架。Apache Ranger 从2.0版本开始支持Ozone鉴权。但由于在2.0中存在一些bug,因此我们更推荐使用Apache Ranger 2.1及以后版本。 你需要先在你的 Hadoop 集群上安装 Apache Ranger,安装指南可以参考 [Apache Ranger 官网](https://ranger.apache.org/index.html). @@ -37,11 +37,11 @@ Apache Ranger™ 是一个用于管理和监控 Hadoop 平台复杂数据权限 ozone.acl.enabled | true ozone.acl.authorizer.class| org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer -Ozone各类操作对应ranger权限如下: +Ozone各类操作对应Ranger权限如下: | operation&permission | Volume permission | Bucket permission | Key permission | | :--- | :--- | :--- | :--- | -| Create volume | CREATE | | | +| Create volume | CREATE | | | | List volume | LIST | | | | Get volume Info | READ | | | | Delete volume | DELETE | | | From c310d729a9ab2ab1fbdecfb9b4da37940ab28f0c Mon Sep 17 00:00:00 2001 From: captainzmc Date: Mon, 23 Nov 2020 12:26:30 +0800 Subject: [PATCH 7/7] trigger new CI check