(gravitino) branch main updated: [#6031] extend S3 credential provider to support S3 fileset operations (#6033)

Wed, 01 Jan 2025 22:23:39 -0800 

This is an automated email from the ASF dual-hosted git repository.

yuqi4733 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git


The following commit(s) were added to refs/heads/main by this push:
     new c158b754a [#6031]  extend S3 credential provider to support S3 fileset 
operations (#6033)
c158b754a is described below

commit c158b754a850365e8fa6749dd97bbd2c50a40dbe
Author: FANNG <[email protected]>
AuthorDate: Thu Jan 2 14:23:30 2025 +0800

    [#6031]  extend S3 credential provider to support S3 fileset operations 
(#6033)
    
    ### What changes were proposed in this pull request?
    
    add get file meta permission for fileset operation
    
    ### Why are the changes needed?
    
    Fix: #6031
    
    ### Does this PR introduce _any_ user-facing change?
    no
    
    ### How was this patch tested?
    pass fileset tests
---
 .../org/apache/gravitino/s3/credential/S3TokenProvider.java   | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git 
a/bundles/aws/src/main/java/org/apache/gravitino/s3/credential/S3TokenProvider.java
 
b/bundles/aws/src/main/java/org/apache/gravitino/s3/credential/S3TokenProvider.java
index 24b88875d..56d293d04 100644
--- 
a/bundles/aws/src/main/java/org/apache/gravitino/s3/credential/S3TokenProvider.java
+++ 
b/bundles/aws/src/main/java/org/apache/gravitino/s3/credential/S3TokenProvider.java
@@ -20,6 +20,7 @@
 package org.apache.gravitino.s3.credential;
 
 import java.net.URI;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -49,6 +50,7 @@ import software.amazon.awssdk.services.sts.model.Credentials;
 
 /** Generates S3 token to access S3 data. */
 public class S3TokenProvider implements CredentialProvider {
+
   private StsClient stsClient;
   private String roleArn;
   private String externalID;
@@ -134,6 +136,7 @@ public class S3TokenProvider implements CredentialProvider {
               allowGetObjectStatementBuilder.addResource(
                   IamResource.create(getS3UriWithArn(arnPrefix, uri)));
               String bucketArn = arnPrefix + getBucketName(uri);
+              String rawPath = trimLeadingSlash(uri.getPath());
               bucketListStatmentBuilder
                   .computeIfAbsent(
                       bucketArn,
@@ -142,10 +145,14 @@ public class S3TokenProvider implements 
CredentialProvider {
                               .effect(IamEffect.ALLOW)
                               .addAction("s3:ListBucket")
                               .addResource(key))
-                  .addCondition(
+                  .addConditions(
                       IamConditionOperator.STRING_LIKE,
                       "s3:prefix",
-                      concatPathWithSep(trimLeadingSlash(uri.getPath()), "*", 
"/"));
+                      Arrays.asList(
+                          // Get raw path metadata information for AWS hadoop 
connector
+                          rawPath,
+                          // Listing objects in raw path
+                          concatPathWithSep(rawPath, "*", "/")));
               bucketGetLocationStatmentBuilder.computeIfAbsent(
                   bucketArn,
                   key ->

Reply via email to