[
https://issues.apache.org/jira/browse/HDDS-13540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth resolved HDDS-13540.
---------------------------------
Resolution: Duplicate
Closing this one, as items in this JIRA is tracked elsewhere in the parent
task, and mainly done already.
> Implement STS Endpoint Functionality
> ------------------------------------
>
> Key: HDDS-13540
> URL: https://issues.apache.org/jira/browse/HDDS-13540
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: s3gateway
> Reporter: Ren Koike
> Assignee: Ren Koike
> Priority: Major
>
> This sub-task focuses on developing the essential logic for the newly created
> STS endpoint. The following key areas will be addressed:
> * *Signature-based AWS Credential Extraction:* Implement a filter to
> securely extract AWS ID and password from the incoming request's signature.
> This will involve validating the signature and parsing the necessary
> credentials for subsequent operations. This validation has to happen before
> the request reaches to the API endpoint.
> * *ACL Subset Checking:* Develop logic to verify that the requested Access
> Control Lists (ACLs) by the user are a valid subset of the user's existing
> resource permissions.
> * *OM Integration for Temporary Credential Generation:* Modify the Ozone
> Manager (OM) to facilitate the generation and secure storage of temporary AWS
> credentials. This includes defining the data structure for these credentials
> and implementing the necessary API calls to OM.
> * *Token Expiration Management:* Implement mechanisms to manage the
> lifecycle of the generated temporary tokens, including setting provided
> expiration times by the request and handling their invalidation after the
> expiration. No refresh of tokens is supported.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
