This is an automated email from the ASF dual-hosted git repository.
yuqi4733 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 6e0bd0d26 [#6055] feat(core): extend OSS credential provider to
support OSS fileset operations (#6029)
6e0bd0d26 is described below
commit 6e0bd0d267b60fa8dcb2f9edb4bf5d69d1071489
Author: FANNG <[email protected]>
AuthorDate: Thu Jan 2 14:35:43 2025 +0800
[#6055] feat(core): extend OSS credential provider to support OSS fileset
operations (#6029)
### What changes were proposed in this pull request?
1. correct `ListBucket` to `ListObjects`
2. add `oss:GetBucketInfo` action
### Why are the changes needed?
Fix: #6055
### Does this PR introduce _any_ user-facing change?
no
### How was this patch tested?
1. run pass fileset oss test
---
.../apache/gravitino/oss/credential/OSSTokenProvider.java | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git
a/bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java
b/bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java
index 04ef0022a..79d7f51f7 100644
---
a/bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java
+++
b/bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java
@@ -138,9 +138,10 @@ public class OSSTokenProvider implements
CredentialProvider {
.effect(Effect.ALLOW)
.addAction("oss:GetObject")
.addAction("oss:GetObjectVersion");
+
// Add support for bucket-level policies
Map<String, Statement.Builder> bucketListStatementBuilder = new
HashMap<>();
- Map<String, Statement.Builder> bucketGetLocationStatementBuilder = new
HashMap<>();
+ Map<String, Statement.Builder> bucketMetadataStatementBuilder = new
HashMap<>();
String arnPrefix = getArnPrefix();
Stream.concat(readLocations.stream(), writeLocations.stream())
@@ -150,22 +151,24 @@ public class OSSTokenProvider implements
CredentialProvider {
URI uri = URI.create(location);
allowGetObjectStatementBuilder.addResource(getOssUriWithArn(arnPrefix, uri));
String bucketArn = arnPrefix + getBucketName(uri);
- // ListBucket
+ // OSS use 'oss:ListObjects' to list objects in a bucket while
s3 use 's3:ListBucket'
bucketListStatementBuilder.computeIfAbsent(
bucketArn,
key ->
Statement.builder()
.effect(Effect.ALLOW)
- .addAction("oss:ListBucket")
+ .addAction("oss:ListObjects")
.addResource(key)
.condition(getCondition(uri)));
- // GetBucketLocation
- bucketGetLocationStatementBuilder.computeIfAbsent(
+ // Add get bucket location and bucket info action.
+ bucketMetadataStatementBuilder.computeIfAbsent(
bucketArn,
key ->
Statement.builder()
.effect(Effect.ALLOW)
.addAction("oss:GetBucketLocation")
+ // Required for OSS Hadoop connector to get bucket
information
+ .addAction("oss:GetBucketInfo")
.addResource(key));
});
@@ -192,7 +195,7 @@ public class OSSTokenProvider implements CredentialProvider
{
policyBuilder.addStatement(
Statement.builder().effect(Effect.ALLOW).addAction("oss:ListBucket").build());
}
- bucketGetLocationStatementBuilder
+ bucketMetadataStatementBuilder
.values()
.forEach(statementBuilder ->
policyBuilder.addStatement(statementBuilder.build()));
