[GitHub] [ozone] neils-dev opened a new pull request #2739: HDDS 5781. Enable ACLs and support for all s3 file operations.

Wed, 13 Oct 2021 22:26:13 -0700 


neils-dev opened a new pull request #2739:
URL: https://github.com/apache/ozone/pull/2739


   … error responses to client on error (fixing general 500 response in current 
gateway).
   
   ## What changes were proposed in this pull request?
   
   S3 gateway Gprc support for all ozone s3 supported client requests with 
security and ACLs enabled.  This PR adds s3g Grpc acl support with patches to 
the `OMClientRequest` user thread context and to the `ozone manager`.  
   
   Included in this PR are enhancements to the s3 gateway client to return 
meaningful error responses, http return codes and descriptions, to the caller 
on error.  For example a user accessing a resource **_without_** permission is 
returned `HTTP 403` `AccessDenied`.  Previously all errors on client creation 
return `HTTP 500`.
   
   All secure cluster smoke tests are re-enabled in this PR.  Secure cluster is 
updated to enable s3g Grpc and to enable all s3 gateway acceptance tests.
    
   ## What is the link to the Apache JIRA
   
   https://issues.apache.org/jira/browse/HDDS-5781
   
   ## How was this patch tested?
   Manual Testing with secure ozone cluster:
   s3 request - ozone cluster processing s3 create bucket request with 
permission _and without_ permission.
   
   With secret key:
   `$ cd hadoop-ozone/dist/target/ozone-1.2.0-SNAPSHOT/compose/ozonesecure`
   `$ docker-compose up -d --scale datanode=3`
   `$ docker-compose run scm bash`
   `bash-4.2$ kinit -kt /etc/security/keytabs/testuser.keytab testuser/scm`
   `bash-4.2$ ozone s3 getsecret`
   `$ export AWS_ACCESS_KEY=testuser/[email protected]` `AWS_SECRET_KEY=<key>`
   `$ aws s3api --endpoint http://localhost:9878 create-bucket --bucket=bucket1`
   _{
   "Location": "http://localhost:9878/bucket1";
   }_
   
   Without secret key:
   `$ export AWS_ACCESS_KEY=`
   `$ export AWS_SECRET_KEY=`
   `$ aws s3api --endpoint http://localhost:9878 create-bucket --bucket bucket1`
   
   _An error occurred (AccessDenied) when calling the CreateBucket operation: 
User doesn't have the right to access this resource._
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to