fmorg-git opened a new pull request, #9795: URL: https://github.com/apache/ozone/pull/9795
Please describe your PR in detail: * When testing Polaris with the feature branch, it was discovered that Polaris is sending StringLike as a condition in the IAM session policy, which previously was being rejected as not supported per the design. This ticket adds that support. * Furthermore, throughout the troubleshooting process, it was noticed that certain errors weren't being handled gracefully: 1) Unsupported Condition operator in IAM session policy was returning 500 Internal Server Error (instead of 501 Not Implemented) 2) Malformed JSON in IAM session policy was returning 500 Internal Server (instead of 400 Bad Request) 3) If the STS enabled flag was true, but the OzoneNativeAuthorizer was used instead of Ranger, this returned 500 Internal Server Error (instead of 501 Not Implemented) 4) When using STS Token for S3 API calls, if the assumed role in Ranger didn't have a requisite permission for the S3 API call, an AccessDenied (403) error was returned, which is fine. However, the OM log had a warn message that the user associated with originalAccessKeyId did not have the permission, which was confusing when the user did actually have that permission and it was the assumed role that did not have the permission. These additional 4 issues are also addressed. ## What is the link to the Apache JIRA https://issues.apache.org/jira/browse/HDDS-14681 ## How was this patch tested? unit tests, smoke tests, manual testing and viewing logs -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
