This is an automated email from the ASF dual-hosted git repository.
sodonnell pushed a commit to branch HDDS-13323-sts
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/HDDS-13323-sts by this push:
new 8f7ec1011a4 HDDS-14066. [STS] Database updates for revoked STS tokens
(#9420)
8f7ec1011a4 is described below
commit 8f7ec1011a49622afb60dd6e225b1bde1837b7de
Author: fmorg-git <[email protected]>
AuthorDate: Fri Dec 5 04:49:18 2025 -0800
HDDS-14066. [STS] Database updates for revoked STS tokens (#9420)
---
.../apache/hadoop/ozone/om/OMMetadataManager.java | 8 ++++++
.../hadoop/ozone/om/OmMetadataManagerImpl.java | 10 ++++++++
.../hadoop/ozone/om/codec/OMDBDefinition.java | 23 ++++++++++++-----
.../hadoop/ozone/om/TestOmMetadataManager.java | 30 +++++++++++++++++++++-
4 files changed, 63 insertions(+), 8 deletions(-)
diff --git
a/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/OMMetadataManager.java
b/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/OMMetadataManager.java
index baac362da74..7afe2c6249a 100644
---
a/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/OMMetadataManager.java
+++
b/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/OMMetadataManager.java
@@ -484,6 +484,14 @@ String getMultipartKeyFSO(String volume, String bucket,
String key, String
*/
Table<String, String> getMetaTable();
+ /**
+ * Gets the S3RevokedStsTokenTable.
+ *
+ * @return Table.
+ */
+ Table<String, String> getS3RevokedStsTokenTable();
+
+
/**
* Returns number of rows in a table. This should not be used for very
* large tables.
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OmMetadataManagerImpl.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OmMetadataManagerImpl.java
index e7826708b89..b28f8bcb9d6 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OmMetadataManagerImpl.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OmMetadataManagerImpl.java
@@ -181,6 +181,8 @@ public class OmMetadataManagerImpl implements
OMMetadataManager,
private TypedTable<String, String> snapshotRenamedTable;
private TypedTable<String, CompactionLogEntry> compactionLogTable;
+ private TypedTable<String, String> s3RevokedStsTokenTable;
+
private OzoneManager ozoneManager;
// Epoch is used to generate the objectIDs. The most significant 2 bits of
@@ -486,6 +488,9 @@ protected void initializeOmTables(CacheType cacheType,
// TODO: [SNAPSHOT] Initialize table lock for snapshotRenamedTable.
compactionLogTable =
initializer.get(OMDBDefinition.COMPACTION_LOG_TABLE_DEF);
+
+ // temporaryAccessKeyId -> sessionToken
+ s3RevokedStsTokenTable =
initializer.get(OMDBDefinition.S3_REVOKED_STS_TOKEN_TABLE_DEF);
}
/**
@@ -1683,6 +1688,11 @@ public Table<String, CompactionLogEntry>
getCompactionLogTable() {
return compactionLogTable;
}
+ @Override
+ public Table<String, String> getS3RevokedStsTokenTable() {
+ return s3RevokedStsTokenTable;
+ }
+
/**
* Get Snapshot Chain Manager.
*
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/codec/OMDBDefinition.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/codec/OMDBDefinition.java
index 9894e8f5d6b..8b4632ef45b 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/codec/OMDBDefinition.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/codec/OMDBDefinition.java
@@ -49,13 +49,14 @@
* OM database definitions.
* <pre>
* {@code
- * User, Token and Secret Tables:
+ * User, Token, Secret and Revoked STS Token Tables:
* |------------------------------------------------------------------------|
- * | Column Family | Mapping |
+ * | Column Family | Mapping |
* |------------------------------------------------------------------------|
- * | userTable | /user :- UserVolumeInfo |
- * | dTokenTable | OzoneTokenID :- renew_time |
- * | s3SecretTable | s3g_access_key_id :- s3Secret |
+ * | userTable | /user :- UserVolumeInfo |
+ * | dTokenTable | OzoneTokenID :- renew_time |
+ * | s3SecretTable | s3g_access_key_id :- s3Secret |
+ * | s3RevokedStsTokenTable | sts_access_key_id :- sessionToken |
* |------------------------------------------------------------------------|
* }
* </pre>
@@ -139,7 +140,7 @@
public final class OMDBDefinition extends DBDefinition.WithMap {
//---------------------------------------------------------------------------
- // User, Token and Secret Tables:
+ // User, Token, Secret and Revoked STS Token Tables:
public static final String USER_TABLE = "userTable";
/** userTable: /user :- UserVolumeInfo. */
public static final DBColumnFamilyDefinition<String,
PersistedUserVolumeInfo> USER_TABLE_DEF
@@ -161,6 +162,13 @@ public final class OMDBDefinition extends
DBDefinition.WithMap {
StringCodec.get(),
S3SecretValue.getCodec());
+ public static final String S3_REVOKED_STS_TOKEN_TABLE =
"s3RevokedStsTokenTable";
+ /** s3RevokedStsTokenTable: sts_access_key_id :- sessionToken.*/
+ public static final DBColumnFamilyDefinition<String, String>
S3_REVOKED_STS_TOKEN_TABLE_DEF
+ = new DBColumnFamilyDefinition<>(S3_REVOKED_STS_TOKEN_TABLE,
+ StringCodec.get(),
+ StringCodec.get());
+
//---------------------------------------------------------------------------
// Volume, Bucket, Prefix and Transaction Tables:
public static final String VOLUME_TABLE = "volumeTable";
@@ -339,7 +347,8 @@ public final class OMDBDefinition extends
DBDefinition.WithMap {
TENANT_STATE_TABLE_DEF,
TRANSACTION_INFO_TABLE_DEF,
USER_TABLE_DEF,
- VOLUME_TABLE_DEF);
+ VOLUME_TABLE_DEF,
+ S3_REVOKED_STS_TOKEN_TABLE_DEF);
private static final OMDBDefinition INSTANCE = new OMDBDefinition();
diff --git
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/TestOmMetadataManager.java
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/TestOmMetadataManager.java
index bebc5880788..6f37afd0674 100644
---
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/TestOmMetadataManager.java
+++
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/TestOmMetadataManager.java
@@ -38,6 +38,7 @@
import static org.apache.hadoop.ozone.om.codec.OMDBDefinition.OPEN_KEY_TABLE;
import static org.apache.hadoop.ozone.om.codec.OMDBDefinition.PREFIX_TABLE;
import static
org.apache.hadoop.ozone.om.codec.OMDBDefinition.PRINCIPAL_TO_ACCESS_IDS_TABLE;
+import static
org.apache.hadoop.ozone.om.codec.OMDBDefinition.S3_REVOKED_STS_TOKEN_TABLE;
import static org.apache.hadoop.ozone.om.codec.OMDBDefinition.S3_SECRET_TABLE;
import static
org.apache.hadoop.ozone.om.codec.OMDBDefinition.SNAPSHOT_INFO_TABLE;
import static
org.apache.hadoop.ozone.om.codec.OMDBDefinition.SNAPSHOT_RENAMED_TABLE;
@@ -52,6 +53,7 @@
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -137,7 +139,8 @@ public class TestOmMetadataManager {
TENANT_STATE_TABLE,
SNAPSHOT_INFO_TABLE,
SNAPSHOT_RENAMED_TABLE,
- COMPACTION_LOG_TABLE
+ COMPACTION_LOG_TABLE,
+ S3_REVOKED_STS_TOKEN_TABLE
};
private OMMetadataManager omMetadataManager;
@@ -1289,4 +1292,29 @@ public void testGetMultipartUploadKeys() throws
Exception {
assertEquals(25, noPagination.size());
}
+
+ @Test
+ public void testS3RevokedStsTokenTablePutAndGet() throws Exception {
+ // Ensure the table is initialized
+ assertNotNull(omMetadataManager.getS3RevokedStsTokenTable(),
"s3RevokedStsTokenTable should be initialized");
+
+ final String tempAccessKeyId1 = "ASIA7VUS1EOBCW8RRJVR";
+ final String sessionToken1 = "test-session-token-1";
+ final String tempAccessKeyId2 = "ASIA904E65QIGL9ON305";
+ final String sessionToken2 = "test-session-token-2";
+
+ omMetadataManager.getS3RevokedStsTokenTable()
+ .put(tempAccessKeyId1, sessionToken1);
+ omMetadataManager.getS3RevokedStsTokenTable()
+ .put(tempAccessKeyId2, sessionToken2);
+
+ // Verify get and getIfExist return the stored value
+ assertEquals(sessionToken1,
omMetadataManager.getS3RevokedStsTokenTable().get(tempAccessKeyId1));
+ assertEquals(sessionToken1,
omMetadataManager.getS3RevokedStsTokenTable().getIfExist(tempAccessKeyId1));
+ assertEquals(sessionToken2,
omMetadataManager.getS3RevokedStsTokenTable().get(tempAccessKeyId2));
+ assertEquals(sessionToken2,
omMetadataManager.getS3RevokedStsTokenTable().getIfExist(tempAccessKeyId2));
+
+ // Unknown key should return null for getIfExist
+
assertNull(omMetadataManager.getS3RevokedStsTokenTable().getIfExist("ASIA_UNKNOWN_ACCESS_KEY"));
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
