[
https://issues.apache.org/jira/browse/HDDS-1043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16781103#comment-16781103
]
Ajay Kumar commented on HDDS-1043:
----------------------------------
[~elek], [~bharatviswa] thanks for reviews. Addressed them in patch 6.
{quote}1.) I am big +1 about the s/ozoneManager/om/ rename in the docker files.
But it would be easier to do in a separate jira IMHO (and this patch could be
smaller to review). I would immediately commit that one...{quote}
Reverted the changes for other docker files. Change in smoketest#test.sh will
result in failure of other smoketests but is required to test this patch via
robot tests added in patch.
{quote}2.) Until now it was possible to execute the s3g robot tests with using
real AWS endpoint url. We used it to prove that our tests are valid (they
should work in the same way with s3 or with ozone). It's not clear how can we
do it the the future after this patch. I think the kinit part should be moved
out from the aws test or should be made optional.
3.) NIT: sudo yum install -y krb5-user --> fix me If I am wrong but I think the
name of the package is krb5-workstation. But thanks to Xiaoyu Yao it is not
required any more as it's added to the base image.{quote}
Reverted change in comminlib as we have test in "ozone-secure.robot".
{quote}4.) NIT2: There are a few strange names (strange for me):
OZONE_S3_TOKEN_MAX_DATE_DEFAULT (I think it's not a date but a time period, and
it seems to be some ttl or expiry not a maximum)
TIME_FORMATTER_FORMATTER: I think it's an RFC???_TIME_FORMATTER (don't know the
name of the exact pattern){quote}
Changed them to OZONE_S3_TOKEN_MAX_LIFETIME_KEY_DEFAULT and TIME_FORMATTER.
[~bharatviswa]'
{quote}I had the same comment as marton, now we are doing kinit and setting up
the v4 headers. I think here if we want to make these tests to work with aws s3
endpoint and non-secure ozone cluster we can use if ozone.security.enabled
flag and then do accordingly.{quote}
With revert of those changes in commonawslib.robot i think this is not
applicable anymore. Let me know if i am missing something.
> Enable token based authentication for S3 api
> --------------------------------------------
>
> Key: HDDS-1043
> URL: https://issues.apache.org/jira/browse/HDDS-1043
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Ajay Kumar
> Assignee: Ajay Kumar
> Priority: Major
> Labels: security
> Fix For: 0.4.0
>
> Attachments: HDDS-1043.00.patch, HDDS-1043.01.patch,
> HDDS-1043.02.patch, HDDS-1043.03.patch, HDDS-1043.04.patch,
> HDDS-1043.05.patch, HDDS-1043.06.patch
>
>
> Ozone has a S3 api and mechanism to create S3 like secrets for user. This
> jira proposes hadoop compatible token based authentication for S3 api which
> utilizes S3 secret stored in OM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
