ChenSammi commented on code in PR #9654:
URL: https://github.com/apache/ozone/pull/9654#discussion_r2720582093
##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3sts/S3STSEndpoint.java:
##########
@@ -222,78 +246,75 @@ private boolean isValidRoleSessionName(String
roleSessionName) {
return roleSessionName.matches("[a-zA-Z0-9+=,.@\\-]+");
}
- // TODO: replace mock implementation with actual logic to generate new
credentials
- private String generateAssumeRoleResponse(String roleArn, String
roleSessionName, int duration) {
- // Generate realistic-looking temporary credentials
- String accessKeyId = "ASIA" + generateRandomAlphanumeric(16); // AWS temp
keys start with ASIA
- String secretAccessKey = generateRandomBase64(40);
- String sessionToken = generateSessionToken();
- String expiration = getExpirationTime(duration);
-
- // Generate AssumedRoleId (format: AROLEID:RoleSessionName)
- String roleId = "AROA" + generateRandomAlphanumeric(16);
- String assumedRoleId = roleId + ":" + roleSessionName;
-
- String requestId = UUID.randomUUID().toString();
-
- return String.format(
- "<?xml version=\"1.0\" encoding=\"UTF-8\"?>%n" +
- "<AssumeRoleResponse
xmlns=\"https://sts.amazonaws.com/doc/2011-06-15/\";>%n" +
- " <AssumeRoleResult>%n" +
- " <Credentials>%n" +
- " <AccessKeyId>%s</AccessKeyId>%n" +
- " <SecretAccessKey>%s</SecretAccessKey>%n" +
- " <SessionToken>%s</SessionToken>%n" +
- " <Expiration>%s</Expiration>%n" +
- " </Credentials>%n" +
- " <AssumedRoleUser>%n" +
- " <AssumedRoleId>%s</AssumedRoleId>%n" +
- " <Arn>%s</Arn>%n" +
- " </AssumedRoleUser>%n" +
- " </AssumeRoleResult>%n" +
- " <ResponseMetadata>%n" +
- " <RequestId>%s</RequestId>%n" +
- " </ResponseMetadata>%n" +
- "</AssumeRoleResponse>",
- accessKeyId, secretAccessKey, sessionToken, expiration,
- assumedRoleId, roleArn, requestId);
- }
+ private String generateAssumeRoleResponse(String assumedRoleUserArn,
AssumeRoleResponseInfo responseInfo)
+ throws IOException {
+ final String accessKeyId = responseInfo.getAccessKeyId();
+ final String secretAccessKey = responseInfo.getSecretAccessKey();
+ final String sessionToken = responseInfo.getSessionToken();
+ final String assumedRoleId = responseInfo.getAssumedRoleId();
+
+ final String expiration = DateTimeFormatter.ISO_INSTANT.format(
+
Instant.ofEpochSecond(responseInfo.getExpirationEpochSeconds()).atOffset(ZoneOffset.UTC).toInstant());
- // TODO: this method should be removed once actual credential response from
OM is implemented and used in the endpoint
- private String generateRandomAlphanumeric(int length) {
- String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- StringBuilder sb = new StringBuilder();
- Random random = new Random();
- for (int i = 0; i < length; i++) {
- sb.append(chars.charAt(random.nextInt(chars.length())));
+ final String requestId = UUID.randomUUID().toString();
Review Comment:
Shall we return the requestId from OM, and add the requestId in assumeRole
audit log?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
