len548 opened a new pull request, #8794: URL: https://github.com/apache/ozone/pull/8794
## What changes were proposed in this pull request? This pull request introduces a new S3 compatible API called Security Token Service (STS). STS allows privileged users to generate temporary S3 credentials with: - Limited duration - Restricted to specific bucket/prefix paths - Restricted to specific S3 operations - Issuing credentials either to self or another identity As this introduction of this API is too big to be in one ticket and PR, it is divided into sub-tasks. This PR covers only the first sub-task which is creating the API skeleton. So this PR addresses: - A new STS API endpoint has been added to the S3 Gateway, available on port 9878. - When a client calls STS API with `assume-role` action, it will return a mock response with: aws credentials and session token - Other operations are handled as 'not implemented' and it throws an error in those cases. - All the rest of incomplete parts of the API are listed as TODOs including actual credential generation, expired token management and other verifications. They will be covered in other subsequent PRs. ## What is the link to the Apache JIRA [HDDS-13345](https://issues.apache.org/jira/browse/HDDS-13345) ## How was this patch tested? The patch was tested by adding a new unit test for the STS API. Manual testing was also performed to verify that the STS API works as expected with S3 clients. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org For additional commands, e-mail: issues-h...@ozone.apache.org
