sodonnel commented on code in PR #9658:
URL: https://github.com/apache/ozone/pull/9658#discussion_r2747244949
##########
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/S3STSUtils.java:
##########
@@ -41,4 +56,115 @@ public static void addAssumeRoleAuditParams(Map<String,
String> auditParams, Str
auditParams.put("isPolicyIncluded",
Strings.isNullOrEmpty(awsIamSessionPolicy) ? "N" : "Y");
auditParams.put("requestId", requestId);
}
+
+ /**
+ * Validates the duration in seconds.
+ * @param durationSeconds duration in seconds
+ * @return validated duration
+ * @throws OMException if duration is invalid
+ */
+ public static int validateDuration(Integer durationSeconds) throws
OMException {
+ if (durationSeconds == null) {
+ return DEFAULT_DURATION_SECONDS;
+ }
+
+ if (durationSeconds < MIN_DURATION_SECONDS || durationSeconds >
MAX_DURATION_SECONDS) {
+ throw new OMException(
+ "Invalid Value: DurationSeconds must be between " +
MIN_DURATION_SECONDS + " and " + MAX_DURATION_SECONDS +
+ " seconds", INVALID_REQUEST);
+ }
+
+ return durationSeconds;
+ }
+
+ /**
+ * Validates the role session name.
+ * @param roleSessionName role session name
+ * @throws OMException if role session name is invalid
+ */
+ public static void validateRoleSessionName(String roleSessionName) throws
OMException {
+ if (Strings.isNullOrEmpty(roleSessionName)) {
+ throw new OMException(
+ "Value null at 'roleSessionName' failed to satisfy constraint:
Member must not be null", INVALID_REQUEST);
+ }
+
+ final int roleSessionNameLength = roleSessionName.length();
+ if (roleSessionNameLength < ASSUME_ROLE_SESSION_NAME_MIN_LENGTH ||
+ roleSessionNameLength > ASSUME_ROLE_SESSION_NAME_MAX_LENGTH) {
+ throw new OMException("Invalid RoleSessionName: must be " +
ASSUME_ROLE_SESSION_NAME_MIN_LENGTH + "-" +
+ ASSUME_ROLE_SESSION_NAME_MAX_LENGTH + " characters long and " +
+ "contain only alphanumeric characters, +, =, ,, ., @, -",
INVALID_REQUEST);
+ }
+
+ // AWS allows: alphanumeric, +, =, ,, ., @, -
+ // Pattern: [\w+=,.@-]*
+ // Don't use regex for performance reasons
+ for (int i = 0; i < roleSessionNameLength; i++) {
+ final char c = roleSessionName.charAt(i);
+ if (!isRoleSessionNameChar(c)) {
+ throw new OMException("Invalid RoleSessionName: must be " +
ASSUME_ROLE_SESSION_NAME_MIN_LENGTH + "-" +
Review Comment:
In this error, we have the character which is at fault, so we could add it
to the error message to make it a little bit more helpful `"Invalid character
'" + c + "' in RoleSessionName ..... "`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
