adoroszlai commented on code in PR #3531:
URL: https://github.com/apache/ozone/pull/3531#discussion_r920954407
##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/signature/AWSSignatureProcessor.java:
##########
@@ -67,7 +78,13 @@ public SignatureInfo parseSignature() throws OS3Exception {
SignatureInfo signatureInfo = null;
for (SignatureParser parser : signatureParsers) {
- signatureInfo = parser.parseSignature();
+ try {
+ signatureInfo = parser.parseSignature();
+ } catch (MalformedResourceException e) {
+ AuditMessage message = buildAuthFailureMessage(e);
+ AUDIT.logAuthFailure(message);
+ throw S3ErrorTable.newError(MALFORMED_HEADER, e.getResource());
+ }
if (signatureInfo != null) {
break;
}
Review Comment:
I see this exception in the
[log](https://github.com/apache/ozone/suites/7311716169/artifacts/295519364):
```
s3g_1 | Jul 11, 2022 10:46:07 PM org.glassfish.jersey.internal.Errors
logErrors
s3g_1 | WARNING: The following warnings have been detected: WARNING:
Unknown HK2 failure detected:
s3g_1 | MultiException stack 1 of 1
s3g_1 | javax.ws.rs.WebApplicationException: The authorization header
you provided is invalid.
s3g_1 | at
org.apache.hadoop.ozone.s3.OzoneClientProducer.wrapOS3Exception(OzoneClientProducer.java:141)
s3g_1 | at
org.apache.hadoop.ozone.s3.OzoneClientProducer.getSignature(OzoneClientProducer.java:102)
...
s3g_1 | Caused by: org.apache.hadoop.ozone.s3.exception.OS3Exception
s3g_1 | at
org.apache.hadoop.ozone.s3.exception.S3ErrorTable.newError(S3ErrorTable.java:139)
s3g_1 | at
org.apache.hadoop.ozone.s3.exception.S3ErrorTable.newError(S3ErrorTable.java:126)
s3g_1 | at
org.apache.hadoop.ozone.s3.signature.AWSSignatureProcessor.parseSignature(AWSSignatureProcessor.java:86)
```
instead of the `AUTH` failure in audit.
Triggered by:
https://github.com/apache/ozone/blob/843fac2fb646eecfc33103fdb16eaf77a66ca062/hadoop-ozone/dist/src/main/smoketest/s3/bucketlist.robot#L43-L46
I'm not sure the exception belongs to HDDS-6905, since it is not an
unhandled `OMException`, rather an S3-specific one thrown by S3 Gateway. But
the main problem is that it is missing from audit.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
