HDDS-2016. Add option to enforce GDPR in Bucket Create command

Closes #1458

hadoop-hdds/docs/content/gdpr/GDPR in Ozone.md

@@ -0,0 +1,42 @@
+---
+title: "GDPR in Ozone"
+date: "2019-September-17"
+weight: 5
+summary: GDPR in Ozone
+icon: user
+---
+<!---
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+
+Enabling GDPR compliance in Ozone is very straight forward. During bucket
+creation, you can specify `--enforcegdpr=true` or `-g=true` and this will
+ensure the bucket is GDPR compliant. Thus, any key created under this bucket
+will automatically be GDPR compliant.
+
+GDPR can only be enabled on a new bucket. For existing buckets, you would
+have to create a new GDPR compliant bucket and copy data from old bucket into
+ new bucket to take advantage of GDPR.
+
+Example to create a GDPR compliant bucket:
+
+`ozone sh bucket create --enforcegdpr=true /hive/jan`
+
+`ozone sh bucket create -g=true /hive/jan`
+
+If you want to create an ordinary bucket then you can skip `--enforcegdpr`
+and `-g` flags.

hadoop-hdds/docs/content/gdpr/_index.md

@@ -0,0 +1,38 @@
+---
+title: GDPR
+name: GDPR
+identifier: gdpr
+menu: main
+weight: 5
+---
+<!---
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    -->
+
+{{<jumbotron title="GDPR compliance in Ozone">}}
+          The General Data Protection Regulation (GDPR) is a law that governs how personal data should be handled. This is an European Union law, but due to the nature of software oftentimes spills into other geographies.
+          Ozone supports GDPR's Right to Erasure(Right to be Forgotten).
+{{</jumbotron>}}
+
+<div class="alert alert-warning" role="alert">
+If you would like to understand Ozone's GDPR framework at a greater
+depth, please take a look at <a href="https://issues.apache.org/jira/secure/attachment/12978992/Ozone%20GDPR%20Framework.pdf">Ozone GDPR Framework.</a>
+</div>
+
+Once you create a GDPR compliant bucket, any key created in that bucket will 
+automatically by GDPR compliant.
+
+

hadoop-hdds/docs/content/shell/BucketCommands.md

@@ -35,8 +35,10 @@ The `bucket create` command allows users to create a bucket.
 
 | Arguments                      |  Comment                                |
 |--------------------------------|-----------------------------------------|
+| -g, \-\-enforcegdpr            | Optional, if set to true it creates a GDPR compliant bucket, if not specified or set to false, it creates an ordinary bucket.
 |  Uri                           | The name of the bucket in **/volume/bucket** format.
 
+
 {{< highlight bash >}}
 ozone sh bucket create /hive/jan
 {{< /highlight >}}

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OmBucketArgs.java

@@ -112,6 +112,8 @@ public final class OmBucketArgs extends WithMetadata implements Auditable {
     Map<String, String> auditMap = new LinkedHashMap<>();
     auditMap.put(OzoneConsts.VOLUME, this.volumeName);
     auditMap.put(OzoneConsts.BUCKET, this.bucketName);
+    auditMap.put(OzoneConsts.GDPR_FLAG,
+        this.metadata.get(OzoneConsts.GDPR_FLAG));
     auditMap.put(OzoneConsts.IS_VERSION_ENABLED,
                 String.valueOf(this.isVersionEnabled));
     if(this.storageType != null){

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OmBucketInfo.java

@@ -202,6 +202,8 @@ public final class OmBucketInfo extends WithMetadata implements Auditable {
     Map<String, String> auditMap = new LinkedHashMap<>();
     auditMap.put(OzoneConsts.VOLUME, this.volumeName);
     auditMap.put(OzoneConsts.BUCKET, this.bucketName);
+    auditMap.put(OzoneConsts.GDPR_FLAG,
+        this.metadata.get(OzoneConsts.GDPR_FLAG));
     auditMap.put(OzoneConsts.ACLS,
         (this.acls != null) ? this.acls.toString() : null);
     auditMap.put(OzoneConsts.IS_VERSION_ENABLED,

hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/CreateBucketHandler.java

@@ -18,6 +18,7 @@
 package org.apache.hadoop.ozone.web.ozShell.bucket;
 
 import org.apache.hadoop.hdds.protocol.StorageType;
+import org.apache.hadoop.ozone.OzoneConsts;
 import org.apache.hadoop.ozone.client.BucketArgs;
 import org.apache.hadoop.ozone.client.OzoneBucket;
 import org.apache.hadoop.ozone.client.OzoneClient;
@@ -44,6 +45,11 @@ public class CreateBucketHandler extends Handler {
       description = "bucket encryption key name")
   private String bekName;
 
+  @Option(names = {"--enforcegdpr", "-g"},
+      description = "if true, indicates GDPR enforced bucket, " +
+          "false/unspecified indicates otherwise")
+  private Boolean isGdprEnforced;
+
   /**
    * Executes create bucket.
    */
@@ -61,6 +67,14 @@ public class CreateBucketHandler extends Handler {
         .setStorageType(StorageType.DEFAULT)
         .setVersioning(false);
 
+    if(isGdprEnforced != null) {
+      if(isGdprEnforced) {
+        bb.addMetadata(OzoneConsts.GDPR_FLAG, String.valueOf(Boolean.TRUE));
+      } else {
+        bb.addMetadata(OzoneConsts.GDPR_FLAG, String.valueOf(Boolean.FALSE));
+      }
+    }
+
     if (bekName != null) {
       if (!bekName.isEmpty()) {
         bb.setBucketEncryptionKey(bekName);

hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/InfoKeyHandler.java

@@ -18,6 +18,7 @@
 
 package org.apache.hadoop.ozone.web.ozShell.keys;
 
+import org.apache.hadoop.ozone.OzoneConsts;
 import org.apache.hadoop.ozone.client.OzoneBucket;
 import org.apache.hadoop.ozone.client.OzoneClient;
 import org.apache.hadoop.ozone.client.OzoneKeyDetails;
@@ -62,6 +63,11 @@ public class InfoKeyHandler extends Handler {
     OzoneVolume vol = client.getObjectStore().getVolume(volumeName);
     OzoneBucket bucket = vol.getBucket(bucketName);
     OzoneKeyDetails key = bucket.getKey(keyName);
+    // For compliance/security, GDPR Secret & Algorithm details are removed
+    // from local copy of metadata before printing. This doesn't remove these
+    // from Ozone Manager's actual metadata.
+    key.getMetadata().remove(OzoneConsts.GDPR_SECRET);
+    key.getMetadata().remove(OzoneConsts.GDPR_ALGORITHM);
 
     ObjectPrinter.printObjectAsJson(key);
     return null;