[GitHub] [ozone] smengcl commented on a change in pull request #2804: [Multi-Tenant] Implement `ozone tenant user getsecret` that does not generate secret when accessId does not exist

Tue, 09 Nov 2021 14:29:45 -0800 


smengcl commented on a change in pull request #2804:
URL: https://github.com/apache/ozone/pull/2804#discussion_r746081313



##########
File path: 
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/security/S3GetSecretRequest.java
##########
@@ -102,16 +92,42 @@ public OMRequest preExecute(OzoneManager ozoneManager) 
throws IOException {
     // client does not need any proto changes.
     OMRequest.Builder omRequest = OMRequest.newBuilder()
         .setUserInfo(getUserInfo())
-        .setUpdateGetS3SecretRequest(updateGetS3SecretRequest)
         .setCmdType(getOmRequest().getCmdType())
         .setClientId(getOmRequest().getClientId());
 
+    // createIfNotExist defaults to true if not specified.
+    boolean createIfNotExist = !s3GetSecretRequest.hasCreateIfNotExist()
+            || s3GetSecretRequest.getCreateIfNotExist();
+
+    // Recompose GetS3SecretRequest just in case createIfNotExist is missing
+    final GetS3SecretRequest newGetS3SecretRequest =
+            GetS3SecretRequest.newBuilder()
+                    .setKerberosID(accessId)
+                    .setCreateIfNotExist(createIfNotExist)
+                    .build();
+    omRequest.setGetS3SecretRequest(newGetS3SecretRequest);
+
+    // When createIfNotExist is true, pass UpdateGetS3SecretRequest;
+    // otherwise, just use GetS3SecretRequest.
+    if (createIfNotExist) {
+      // Generate secret. Used only when doesn't the accessId entry doesn't
+      //  exist in DB, discarded otherwise.

Review comment:
       Hmm this comment is accurate, actually. It might have been a bit 
misleading. I am pushing an update.
   
   Note this `S3GetSecretRequest` is not a new class. This is shared between 
the existing `ozone s3 getsecret`, and the new `ozone tenant s3 getsecret` to 
reduce code duplication. That's why we still have the generate secret logic 
here.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to