yandrey321 commented on code in PR #9344:
URL: https://github.com/apache/ozone/pull/9344#discussion_r2561324630
##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/security/STSTokenIdentifier.java:
##########
@@ -161,12 +161,64 @@ public void fromProtoBuf(OMTokenProto token) throws
IOException {
"Invalid secretKeyId format in STS token: " +
token.getSecretKeyId(), e);
}
}
+ // Note: secretKeyId must be set before attempting to decrypt
secretAccessKey
+ if (token.hasSecretAccessKey()) {
+ this.secretAccessKey = decryptSensitiveField(token.getSecretAccessKey());
+ }
if (token.hasSessionPolicy()) {
this.sessionPolicy = token.getSessionPolicy();
}
}
+ /**
+ * Encrypt a sensitive field using the configured encryption key.
+ */
+ private String encryptSensitiveField(String value) {
+ if (value == null || value.isEmpty()) {
Review Comment:
should it be a part of STSTokenEncryption.encrypt() contract?
in this case we dont need this logic in all the client calls
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
