[jira] [Commented] (HDDS-1043) Enable token based authentication for S3 api

Ajay Kumar (JIRA) Sat, 23 Feb 2019 22:47:54 -0800


    [ 
https://issues.apache.org/jira/browse/HDDS-1043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16776138#comment-16776138
 ]


Ajay Kumar commented on HDDS-1043:
----------------------------------

[~bharatviswa] thanks for review.
{quote}Can we use already existing Header parsers AuthorizationHeaderV4 and 
AuthorizationHeaderV2.java instead of parsing it again in new class 
AWSV4AuthParser. Same comment for V2 parser. And also can we added reference 
links, so that it will be easy to refer aws header documentation.
 And also we have AuthenticationHeaderParser which checks type V2 and V4. And 
then do required. I think we should do similar checks in 
OzoneClientProducer.java and then create token?
{quote}
Done
{quote}In OzoneDelegationTokenSecretManager.java, we call getS3Secret by 
awsaccesskeyid, but during createS3Secret we pass user login name. I think this 
logic should be modified.
{quote}
client can configure aws access id to whatever id they received during s3 
secret generation.
{code}License Header for new classes is wrongly added, it has some GPL header. 
This needs to be updated.\{code}
{quote}Thanks for catching, done.
 Can we add end to end robot test to make sure whether this header parsing and 
validation is happening correctly or not. Already we have tests which configure 
s3 robot tests.(Where we have configured, some random values, now this can be 
set using crateS3secret) Or to have a more robust testing, we can have all S3 
tests run with secure cluster. I think 2nd approach will be good to have.
{quote}
Done. Adding robot test to secure suite resulted in some overflowing changes to 
other scripts as well.

> Enable token based authentication for S3 api
> --------------------------------------------
>
>                 Key: HDDS-1043
>                 URL: https://issues.apache.org/jira/browse/HDDS-1043
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Ajay Kumar
>            Assignee: Ajay Kumar
>            Priority: Major
>              Labels: security
>             Fix For: 0.4.0
>
>         Attachments: HDDS-1043.00.patch, HDDS-1043.01.patch, 
> HDDS-1043.02.patch
>
>
> Ozone has a  S3 api and mechanism to create S3 like secrets for user. This 
> jira proposes hadoop compatible token based authentication for S3 api which 
> utilizes S3 secret stored in OM.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HDDS-1043) Enable token based authentication for S3 api

Reply via email to