[jira] [Commented] (HDDS-1043) Enable token based authentication for S3 api

Bharat Viswanadham (JIRA) Thu, 21 Feb 2019 16:01:11 -0800


    [ 
https://issues.apache.org/jira/browse/HDDS-1043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16774609#comment-16774609
 ]


Bharat Viswanadham commented on HDDS-1043:
------------------------------------------

Hi [~ajayydv]

Few comments I have:
 # 
Can we use already existing Header parsers AuthorizationHeaderV4 and 
AuthorizationHeaderV2.java instead of parsing it again in new class 
AWSV4AuthParser. Same comment for V2 parser. And also can we added reference 
links, so that it will be easy to refer was header documentation.
 # 
And also we have AuthenticationHeaderParser which checks type V2 and V4. And 
then do required. I think we should do similar checks in 
OzoneClientProducer.java and then create token?
 # 
In OzoneDelegationTokenSecretManager.java, we call getS3Secret by 
awsaccesskeyid, but during createS3Secret we pass user login name. I think this 
logic should be modified.
 # 
License Header for new classes is wrongly added, it has some GPL header. This 
needs to be updated.
 # 
Can we add end to end robot test to make sure whether this header parsing and 
validation is happening correctly or not. Already we have tests which configure 
s3 robot tests.(Where we have configured, some random values, now this can be 
set using crateS3secret) Or to have a more robust testing, we can have all S3 
tests run with secure cluster. I think 2nd approach will be good to have.

I am still trying to understand the server side validation, will update if I 
have any more comments.

> Enable token based authentication for S3 api
> --------------------------------------------
>
>                 Key: HDDS-1043
>                 URL: https://issues.apache.org/jira/browse/HDDS-1043
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Ajay Kumar
>            Assignee: Ajay Kumar
>            Priority: Major
>              Labels: security
>             Fix For: 0.4.0
>
>         Attachments: HDDS-1043.00.patch, HDDS-1043.01.patch
>
>
> Ozone has a  S3 api and mechanism to create S3 like secrets for user. This 
> jira proposes hadoop compatible token based authentication for S3 api which 
> utilizes S3 secret stored in OM.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HDDS-1043) Enable token based authentication for S3 api

Reply via email to