adoroszlai opened a new pull request, #3698: URL: https://github.com/apache/ozone/pull/3698
## What changes were proposed in this pull request? Providing wrong signature (authentication) for S3 request should result in access denied (403), but currently it results in server error (500) instead: ``` $ kinit -kt /etc/security/keytabs/scm.keytab scm/[email protected] $ ozone sh bucket create /s3v/bucket $ ozone sh key put /s3v/bucket/passwd /etc/passwd $ curl -i -X GET 'http://s3g:9878/bucket/passwd' -H 'Authorization: AWS scm/[email protected]:asdfqwerty' HTTP/1.1 500 Server Error ... ``` Server-side log: ``` s3g_1 | 2022-08-18 17:58:41,466 [qtp1178587240-20] WARN server.HttpChannelState: unhandled due to prior sendError s3g_1 | javax.servlet.ServletException: javax.servlet.ServletException: org.glassfish.jersey.server.ContainerException: INVALID_TOKEN org.apache.hadoop.ozone.om.exceptions.OMException: User scm/[email protected] request authorization failure: signatures do NOT match ... s3g_1 | Caused by: INVALID_TOKEN org.apache.hadoop.ozone.om.exceptions.OMException: User scm/[email protected] request authorization failure: signatures do NOT match s3g_1 | at org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.handleError(OzoneManagerProtocolClientSideTranslatorPB.java:696) s3g_1 | at org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.getS3VolumeContext(OzoneManagerProtocolClientSideTranslatorPB.java:1205) s3g_1 | at org.apache.hadoop.ozone.client.rpc.RpcClient.getS3VolumeContext(RpcClient.java:510) s3g_1 | at org.apache.hadoop.ozone.client.ObjectStore.getS3Volume(ObjectStore.java:167) s3g_1 | at org.apache.hadoop.ozone.s3.endpoint.EndpointBase.getVolume(EndpointBase.java:133) s3g_1 | at org.apache.hadoop.ozone.s3.endpoint.ObjectEndpoint.get(ObjectEndpoint.java:289) ``` This patch makes S3G handle `INVALID_TOKEN` as permission problem. https://issues.apache.org/jira/browse/HDDS-7139 ## How was this patch tested? Added Robot test case. https://github.com/adoroszlai/hadoop-ozone/actions/runs/2887470108 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
