HDDS-8895. Support dynamic changes ozone.readonly.administrators(SCM).

hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java

@@ -196,6 +196,7 @@
 import static org.apache.hadoop.hdds.security.x509.certificate.authority.CertificateStore.CertType.VALID_CERTS;
 import static org.apache.hadoop.hdds.utils.HddsServerUtil.getRemoteUser;
 import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS;
 import static org.apache.hadoop.ozone.OzoneConsts.CRL_SEQUENCE_ID_KEY;
 import static org.apache.hadoop.ozone.OzoneConsts.SCM_SUB_CA_PREFIX;
 import static org.apache.hadoop.ozone.OzoneConsts.SCM_ROOT_CA_COMPONENT_NAME;
@@ -266,7 +267,7 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl
    */
   private final String scmStarterUser;
   private final OzoneAdmins scmAdmins;
-  private OzoneAdmins scmReadOnlyAdmins;
+  private final OzoneAdmins scmReadOnlyAdmins;
 
   /**
    * SCM mxbean.
@@ -389,7 +390,9 @@ private StorageContainerManager(OzoneConfiguration conf,
     serviceManager = new SCMServiceManager();
     reconfigurationHandler =
         new ReconfigurationHandler("SCM", conf, this::checkAdminAccess)
-            .register(OZONE_ADMINISTRATORS, this::reconfOzoneAdmins);
+            .register(OZONE_ADMINISTRATORS, this::reconfOzoneAdmins)
+            .register(OZONE_READONLY_ADMINISTRATORS,
+                this::reconfOzoneReadOnlyAdmins);
 
     initializeSystemManagers(conf, configurator);
 
@@ -2100,6 +2103,10 @@ public Collection<String> getScmAdminUsernames() {
     return scmAdmins.getAdminUsernames();
   }
 
+  public Collection<String> getScmReadOnlyAdminUsernames() {
+    return scmReadOnlyAdmins.getAdminUsernames();
+  }
+
   private String reconfOzoneAdmins(String newVal) {
     getConfiguration().set(OZONE_ADMINISTRATORS, newVal);
     Collection<String> admins = OzoneAdmins.getOzoneAdminsFromConfig(
@@ -2110,6 +2117,17 @@ private String reconfOzoneAdmins(String newVal) {
     return String.valueOf(newVal);
   }
 
+  private String reconfOzoneReadOnlyAdmins(String newVal) {
+    getConfiguration().set(OZONE_READONLY_ADMINISTRATORS, newVal);
+    Collection<String> admins = OzoneAdmins.getOzoneReadOnlyAdminsFromConfig(
+        getConfiguration());
+    scmReadOnlyAdmins.setAdminUsernames(admins);
+    LOG.info("Load conf {} : {}, and now read only admins are: {}",
+        OZONE_READONLY_ADMINISTRATORS,
+        newVal, admins);
+    return String.valueOf(newVal);
+  }
+
   /**
    * This will remove the given SCM node from HA Ring by removing it from
    * Ratis Ring.

hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/reconfig/TestScmReconfiguration.java

@@ -29,6 +29,7 @@
 
 import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
 import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 /**
@@ -46,6 +47,7 @@ ReconfigurationHandler getSubject() {
   void reconfigurableProperties() {
     Set<String> expected = ImmutableSet.<String>builder()
         .add(OZONE_ADMINISTRATORS)
+        .add(OZONE_READONLY_ADMINISTRATORS)
         .addAll(new ReplicationManagerConfiguration()
             .reconfigurableProperties())
         .build();
@@ -64,6 +66,19 @@ void adminUsernames() throws ReconfigurationException {
         getCluster().getStorageContainerManager().getScmAdminUsernames());
   }
 
+  @Test
+  void readOnlyAdminUsernames() throws ReconfigurationException {
+    final String newValue = randomAlphabetic(10);
+
+    getSubject().reconfigurePropertyImpl(OZONE_READONLY_ADMINISTRATORS,
+        newValue);
+
+    assertEquals(
+        ImmutableSet.of(newValue),
+        getCluster().getStorageContainerManager()
+            .getScmReadOnlyAdminUsernames());
+  }
+
   @Test
   void replicationInterval() throws ReconfigurationException {
     ReplicationManagerConfiguration config = replicationManagerConfig();