ajayydv commented on a change in pull request #561: HDDS-1043. Enable token
based authentication for S3 api.
URL: https://github.com/apache/hadoop/pull/561#discussion_r263112688
##########
File path:
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
##########
@@ -327,6 +336,37 @@ public boolean verifySignature(OzoneTokenIdentifier
identifier,
}
}
+ /**
+ * Validates if a S3 identifier is valid or not.
+ * */
+ private byte[] validateS3Token(OzoneTokenIdentifier identifier)
+ throws InvalidToken {
+ LOG.trace("Validating S3Token for identifier:{}", identifier);
+ String awsSecret;
+ try {
+ awsSecret = s3SecretManager.getS3UserSecretString(identifier
+ .getAwsAccessId());
+ } catch (IOException e) {
+ LOG.error("Error while validating S3 identifier:{}",
+ identifier, e);
+ throw new InvalidToken("No S3 secret found for S3 identifier:"
Review comment:
Now if token validation fails rpc connection will fail itself. S3 gateway
will get an error. Error propagation to client will depend on S3g error
handling.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
