[jira] [Updated] (HDDS-6600) [MultiTenancy] No user validation on assignUser API

Soumitra Sulav (Jira) Tue, 19 Apr 2022 09:15:06 -0700


     [ 
https://issues.apache.org/jira/browse/HDDS-6600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Soumitra Sulav updated HDDS-6600:
---------------------------------
    Description: 
No validation of user while running assignUser API under tenant.

Non-existent User
{code:java}
bash-4.2$ ozone tenant user assign user -t tenantone
Assigned 'user' to 'tenantone' with accessId 'tenantone$user'.
export AWS_ACCESS_KEY_ID='tenantone$user'
export 
AWS_SECRET_ACCESS_KEY='b58a64f66e6091cd22cdd1666e226c82e8138ba7a86804a3086d108ef6036961'{code}
Invalid user (tried regex)
{code:java}
bash-4.2$ ozone tenant user assign "*" -t tenantone
Assigned '*' to 'tenantone' with accessId 'tenantone$*'.
export AWS_ACCESS_KEY_ID='tenantone$*'
export 
AWS_SECRET_ACCESS_KEY='27f9420833b1433774660654a8cc054e76d630e0d5d2ee3d0e3a1c327ecc5ac8'
bash-4.2$ ozone tenant user assign "user*" -t tenantone
Assigned 'user*' to 'tenantone' with accessId 'tenantone$user*'.
export AWS_ACCESS_KEY_ID='tenantone$user*'
export 
AWS_SECRET_ACCESS_KEY='99c4652cc90a4f5b46396432b00c3422f0ba481528cdc968b91ee6cedaa2f649'{code}

User of length greater than 100
{code:java}
bash-4.2$ ozone tenant user assign --tenant=tenantone 
'testuser-f27b137a62cd8b021239527c725d6a9d56e0cdce8ca7db6a4b923c941452df00sfdadfdadfsddfaddsajjdakfisfiaidhikakdkjdkasjkdas'
Assigned 
'testuser-f27b137a62cd8b021239527c725d6a9d56e0cdce8ca7db6a4b923c941452df00sfdadfdadfsddfaddsajjdakfisfiaidhikakdkjdkasjkdas'
 to 'tenantone' with accessId 
'tenantone$testuser-f27b137a62cd8b021239527c725d6a9d56e0cdce8ca7db6a4b923c941452df00sfdadfdadfsddfaddsajjdakfisfiaidhikakdkjdkasjkdas'.
export 
AWS_ACCESS_KEY_ID='tenantone$testuser-f27b137a62cd8b021239527c725d6a9d56e0cdce8ca7db6a4b923c941452df00sfdadfdadfsddfaddsajjdakfisfiaidhikakdkjdkasjkdas'
export 
AWS_SECRET_ACCESS_KEY='b9e5ad69c39561446b571419dba3e39b0b90936040c63b2a70ba5b94a7fb9f85'
{code}


  was:
No validation of user while running assignUser API under tenant.

Non-existent User
{code:java}
bash-4.2$ ozone tenant user assign user -t tenantone
Assigned 'user' to 'tenantone' with accessId 'tenantone$user'.
export AWS_ACCESS_KEY_ID='tenantone$user'
export 
AWS_SECRET_ACCESS_KEY='b58a64f66e6091cd22cdd1666e226c82e8138ba7a86804a3086d108ef6036961'{code}
Invalid user (tried regex)
{code:java}
bash-4.2$ ozone tenant user assign "*" -t tenantone
Assigned '*' to 'tenantone' with accessId 'tenantone$*'.
export AWS_ACCESS_KEY_ID='tenantone$*'
export 
AWS_SECRET_ACCESS_KEY='27f9420833b1433774660654a8cc054e76d630e0d5d2ee3d0e3a1c327ecc5ac8'
bash-4.2$ ozone tenant user assign "user*" -t tenantone
Assigned 'user*' to 'tenantone' with accessId 'tenantone$user*'.
export AWS_ACCESS_KEY_ID='tenantone$user*'
export 
AWS_SECRET_ACCESS_KEY='99c4652cc90a4f5b46396432b00c3422f0ba481528cdc968b91ee6cedaa2f649'{code}


> [MultiTenancy] No user validation on assignUser API
> ---------------------------------------------------
>
>                 Key: HDDS-6600
>                 URL: https://issues.apache.org/jira/browse/HDDS-6600
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: Ozone Manager
>    Affects Versions: 1.3.0
>            Reporter: Soumitra Sulav
>            Priority: Major
>              Labels: ozone-multitenancy
>
> No validation of user while running assignUser API under tenant.
> Non-existent User
> {code:java}
> bash-4.2$ ozone tenant user assign user -t tenantone
> Assigned 'user' to 'tenantone' with accessId 'tenantone$user'.
> export AWS_ACCESS_KEY_ID='tenantone$user'
> export 
> AWS_SECRET_ACCESS_KEY='b58a64f66e6091cd22cdd1666e226c82e8138ba7a86804a3086d108ef6036961'{code}
> Invalid user (tried regex)
> {code:java}
> bash-4.2$ ozone tenant user assign "*" -t tenantone
> Assigned '*' to 'tenantone' with accessId 'tenantone$*'.
> export AWS_ACCESS_KEY_ID='tenantone$*'
> export 
> AWS_SECRET_ACCESS_KEY='27f9420833b1433774660654a8cc054e76d630e0d5d2ee3d0e3a1c327ecc5ac8'
> bash-4.2$ ozone tenant user assign "user*" -t tenantone
> Assigned 'user*' to 'tenantone' with accessId 'tenantone$user*'.
> export AWS_ACCESS_KEY_ID='tenantone$user*'
> export 
> AWS_SECRET_ACCESS_KEY='99c4652cc90a4f5b46396432b00c3422f0ba481528cdc968b91ee6cedaa2f649'{code}
> User of length greater than 100
> {code:java}
> bash-4.2$ ozone tenant user assign --tenant=tenantone 
> 'testuser-f27b137a62cd8b021239527c725d6a9d56e0cdce8ca7db6a4b923c941452df00sfdadfdadfsddfaddsajjdakfisfiaidhikakdkjdkasjkdas'
> Assigned 
> 'testuser-f27b137a62cd8b021239527c725d6a9d56e0cdce8ca7db6a4b923c941452df00sfdadfdadfsddfaddsajjdakfisfiaidhikakdkjdkasjkdas'
>  to 'tenantone' with accessId 
> 'tenantone$testuser-f27b137a62cd8b021239527c725d6a9d56e0cdce8ca7db6a4b923c941452df00sfdadfdadfsddfaddsajjdakfisfiaidhikakdkjdkasjkdas'.
> export 
> AWS_ACCESS_KEY_ID='tenantone$testuser-f27b137a62cd8b021239527c725d6a9d56e0cdce8ca7db6a4b923c941452df00sfdadfdadfsddfaddsajjdakfisfiaidhikakdkjdkasjkdas'
> export 
> AWS_SECRET_ACCESS_KEY='b9e5ad69c39561446b571419dba3e39b0b90936040c63b2a70ba5b94a7fb9f85'
> {code}



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (HDDS-6600) [MultiTenancy] No user validation on assignUser API

Reply via email to