[ https://issues.apache.org/jira/browse/HDDS-1043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16781103#comment-16781103 ]
Ajay Kumar commented on HDDS-1043: ---------------------------------- [~elek], [~bharatviswa] thanks for reviews. Addressed them in patch 6. {quote}1.) I am big +1 about the s/ozoneManager/om/ rename in the docker files. But it would be easier to do in a separate jira IMHO (and this patch could be smaller to review). I would immediately commit that one...{quote} Reverted the changes for other docker files. Change in smoketest#test.sh will result in failure of other smoketests but is required to test this patch via robot tests added in patch. {quote}2.) Until now it was possible to execute the s3g robot tests with using real AWS endpoint url. We used it to prove that our tests are valid (they should work in the same way with s3 or with ozone). It's not clear how can we do it the the future after this patch. I think the kinit part should be moved out from the aws test or should be made optional. 3.) NIT: sudo yum install -y krb5-user --> fix me If I am wrong but I think the name of the package is krb5-workstation. But thanks to Xiaoyu Yao it is not required any more as it's added to the base image.{quote} Reverted change in comminlib as we have test in "ozone-secure.robot". {quote}4.) NIT2: There are a few strange names (strange for me): OZONE_S3_TOKEN_MAX_DATE_DEFAULT (I think it's not a date but a time period, and it seems to be some ttl or expiry not a maximum) TIME_FORMATTER_FORMATTER: I think it's an RFC???_TIME_FORMATTER (don't know the name of the exact pattern){quote} Changed them to OZONE_S3_TOKEN_MAX_LIFETIME_KEY_DEFAULT and TIME_FORMATTER. [~bharatviswa]' {quote}I had the same comment as marton, now we are doing kinit and setting up the v4 headers. I think here if we want to make these tests to work with aws s3 endpoint and non-secure ozone cluster we can use if ozone.security.enabled flag and then do accordingly.{quote} With revert of those changes in commonawslib.robot i think this is not applicable anymore. Let me know if i am missing something. > Enable token based authentication for S3 api > -------------------------------------------- > > Key: HDDS-1043 > URL: https://issues.apache.org/jira/browse/HDDS-1043 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task > Reporter: Ajay Kumar > Assignee: Ajay Kumar > Priority: Major > Labels: security > Fix For: 0.4.0 > > Attachments: HDDS-1043.00.patch, HDDS-1043.01.patch, > HDDS-1043.02.patch, HDDS-1043.03.patch, HDDS-1043.04.patch, > HDDS-1043.05.patch, HDDS-1043.06.patch > > > Ozone has a S3 api and mechanism to create S3 like secrets for user. This > jira proposes hadoop compatible token based authentication for S3 api which > utilizes S3 secret stored in OM. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org