diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java index 2a791171a7ef..3b182e757d92 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java @@ -196,6 +196,7 @@ import static org.apache.hadoop.hdds.security.x509.certificate.authority.CertificateStore.CertType.VALID_CERTS; import static org.apache.hadoop.hdds.utils.HddsServerUtil.getRemoteUser; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS; +import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS; import static org.apache.hadoop.ozone.OzoneConsts.CRL_SEQUENCE_ID_KEY; import static org.apache.hadoop.ozone.OzoneConsts.SCM_SUB_CA_PREFIX; import static org.apache.hadoop.ozone.OzoneConsts.SCM_ROOT_CA_COMPONENT_NAME; @@ -266,7 +267,7 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl */ private final String scmStarterUser; private final OzoneAdmins scmAdmins; - private OzoneAdmins scmReadOnlyAdmins; + private final OzoneAdmins scmReadOnlyAdmins; /** * SCM mxbean. @@ -389,7 +390,9 @@ private StorageContainerManager(OzoneConfiguration conf, serviceManager = new SCMServiceManager(); reconfigurationHandler = new ReconfigurationHandler("SCM", conf, this::checkAdminAccess) - .register(OZONE_ADMINISTRATORS, this::reconfOzoneAdmins); + .register(OZONE_ADMINISTRATORS, this::reconfOzoneAdmins) + .register(OZONE_READONLY_ADMINISTRATORS, + this::reconfOzoneReadOnlyAdmins); initializeSystemManagers(conf, configurator); @@ -2100,6 +2103,10 @@ public Collection getScmAdminUsernames() { return scmAdmins.getAdminUsernames(); } + public Collection getScmReadOnlyAdminUsernames() { + return scmReadOnlyAdmins.getAdminUsernames(); + } + private String reconfOzoneAdmins(String newVal) { getConfiguration().set(OZONE_ADMINISTRATORS, newVal); Collection admins = OzoneAdmins.getOzoneAdminsFromConfig( @@ -2110,6 +2117,17 @@ private String reconfOzoneAdmins(String newVal) { return String.valueOf(newVal); } + private String reconfOzoneReadOnlyAdmins(String newVal) { + getConfiguration().set(OZONE_READONLY_ADMINISTRATORS, newVal); + Collection admins = OzoneAdmins.getOzoneReadOnlyAdminsFromConfig( + getConfiguration()); + scmReadOnlyAdmins.setAdminUsernames(admins); + LOG.info("Load conf {} : {}, and now read only admins are: {}", + OZONE_READONLY_ADMINISTRATORS, + newVal, admins); + return String.valueOf(newVal); + } + /** * This will remove the given SCM node from HA Ring by removing it from * Ratis Ring. diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestScmReconfiguration.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestScmReconfiguration.java index 21eb93a2c657..2b13986276f6 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestScmReconfiguration.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestScmReconfiguration.java @@ -29,6 +29,7 @@ import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS; +import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS; import static org.junit.jupiter.api.Assertions.assertEquals; /** @@ -46,6 +47,7 @@ ReconfigurationHandler getSubject() { void reconfigurableProperties() { Set expected = ImmutableSet.builder() .add(OZONE_ADMINISTRATORS) + .add(OZONE_READONLY_ADMINISTRATORS) .addAll(new ReplicationManagerConfiguration() .reconfigurableProperties()) .build(); @@ -64,6 +66,19 @@ void adminUsernames() throws ReconfigurationException { getCluster().getStorageContainerManager().getScmAdminUsernames()); } + @Test + void readOnlyAdminUsernames() throws ReconfigurationException { + final String newValue = randomAlphabetic(10); + + getSubject().reconfigurePropertyImpl(OZONE_READONLY_ADMINISTRATORS, + newValue); + + assertEquals( + ImmutableSet.of(newValue), + getCluster().getStorageContainerManager() + .getScmReadOnlyAdminUsernames()); + } + @Test void replicationInterval() throws ReconfigurationException { ReplicationManagerConfiguration config = replicationManagerConfig();