smengcl commented on code in PR #4188:
URL: https://github.com/apache/ozone/pull/4188#discussion_r1558786330
##########
hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java:
##########
@@ -1195,7 +1196,8 @@ public OzoneOutputStream createKey(
.setReplicationConfig(replicationConfig)
.addAllMetadata(metadata)
.setAcls(getAclList())
- .setLatestVersionLocation(getLatestVersionLocation);
+ .setLatestVersionLocation(getLatestVersionLocation)
+ .setOwnerName(ownerName);
Review Comment:
Hi @xichen01 , good to know that the perf isn't visibly degraded by this.
1. Back to the `chown` subcommand, the point of the problem I'm raising is
that the behavior becomes inconsistent **before and after** an upgrade to an
Ozone version with key ownership.
When this key owner addition gets in, and admin `chown` a directory in a
bucket, because `chown` is non-recursive by default, the keys inside that dir
would still have the old owner field set. This can break some existing Ozone
Ranger ACLs that is previously set by admins. e.g. users can be denied access
to some keys while in the previous Ozone version they would be allowed acesss,
given the same Ranger ACL policy with `{owner}` permission set to ALLOW.
There should be a caveat after Ozone upgrade.
This at least deserves a mention in the **Release Notes**. Please add that
to the Apache JIRA accordingly so that the release manager can collect and
publish it.
2. Another relevant questions is: How are existing keys WITHOUT an owner
field set going to behave after Ozone upgrade to one with key ownership
support? Do they inherit parent's owner with the current implementation?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
