[jira] [Commented] (HDDS-1043) Enable token based authentication for S3 api

Thu, 28 Feb 2019 10:02:17 -0800 


    [ 
https://issues.apache.org/jira/browse/HDDS-1043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16780792#comment-16780792
 ] 

Elek, Marton commented on HDDS-1043:
------------------------------------

Thanks [~ajayydv] to work in this. I am very exciting to get this. I just 
started to test it and I have some initial comments:

1.) I am big +1 about the s/ozoneManager/om/ rename in the docker files. But it 
would be easier to do in a separate jira IMHO (and this patch could be smaller 
to review). I would immediately commit that one...

2.) Until now it was possible to execute the s3g robot tests with using real 
AWS endpoint url. We used it to prove that our tests are valid (they should 
work in the same way with s3 or with ozone). It's not clear how can we do it 
the the future after this patch. I think the kinit part should be moved out 
from the aws test or should be made optional.

3.) NIT: sudo yum install -y krb5-user --> fix me If I am wrong but I think the 
name of the package is krb5-workstation. But thanks to [~xyao] it is not 
required any more as it's added to the base image.

4.) NIT2: There are a few strange names (strange for me):  
  * OZONE_S3_TOKEN_MAX_DATE_DEFAULT (I think it's not a date but a time period, 
and it seems to be some ttl or expiry not a maximum) 
  * TIME_FORMATTER_FORMATTER: I think it's an RFC???_TIME_FORMATTER (don't know 
the name of the exact pattern)


> Enable token based authentication for S3 api
> --------------------------------------------
>
>                 Key: HDDS-1043
>                 URL: https://issues.apache.org/jira/browse/HDDS-1043
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Ajay Kumar
>            Assignee: Ajay Kumar
>            Priority: Major
>              Labels: security
>             Fix For: 0.4.0
>
>         Attachments: HDDS-1043.00.patch, HDDS-1043.01.patch, 
> HDDS-1043.02.patch, HDDS-1043.03.patch, HDDS-1043.04.patch, HDDS-1043.05.patch
>
>
> Ozone has a  S3 api and mechanism to create S3 like secrets for user. This 
> jira proposes hadoop compatible token based authentication for S3 api which 
> utilizes S3 secret stored in OM.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to