[jira] [Work logged] (HDDS-1043) Enable token based authentication for S3 api

[ASF GitHub Bot (JIRA)]

     [ 
https://issues.apache.org/jira/browse/HDDS-1043?focusedWorklogId=209065&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-209065
 ]

ASF GitHub Bot logged work on HDDS-1043:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 06/Mar/19 19:08
            Start Date: 06/Mar/19 19:08
    Worklog Time Spent: 10m 
      Work Description: bharatviswa504 commented on pull request #561: 
HDDS-1043. Enable token based authentication for S3 api.
URL: https://github.com/apache/hadoop/pull/561#discussion_r263090394
 
 

 ##########
 File path: 
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
 ##########
 @@ -327,6 +336,37 @@ public boolean verifySignature(OzoneTokenIdentifier 
identifier,
     }
   }
 
+  /**
+   * Validates if a S3 identifier is valid or not.
+   * */
+  private byte[] validateS3Token(OzoneTokenIdentifier identifier)
+      throws InvalidToken {
+    LOG.trace("Validating S3Token for identifier:{}", identifier);
+    String awsSecret;
+    try {
+      awsSecret = s3SecretManager.getS3UserSecretString(identifier
+          .getAwsAccessId());
+    } catch (IOException e) {
+      LOG.error("Error while validating S3 identifier:{}",
+          identifier, e);
+      throw new InvalidToken("No S3 secret found for S3 identifier:"
 
 Review comment:
   Now if InvalidToken is thrown as an exception during invalid/malformed 
header, then how this will be thrown to the end user s3 request? I don't see 
any code for it.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 209065)
    Time Spent: 26h 10m  (was: 26h)

> Enable token based authentication for S3 api
> --------------------------------------------
>
>                 Key: HDDS-1043
>                 URL: https://issues.apache.org/jira/browse/HDDS-1043
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Ajay Kumar
>            Assignee: Ajay Kumar
>            Priority: Blocker
>              Labels: pull-request-available, security
>             Fix For: 0.4.0
>
>         Attachments: HDDS-1043.00.patch, HDDS-1043.01.patch, 
> HDDS-1043.02.patch, HDDS-1043.03.patch, HDDS-1043.04.patch, 
> HDDS-1043.05.patch, HDDS-1043.06.patch, HDDS-1043.07.patch
>
>          Time Spent: 26h 10m
>  Remaining Estimate: 0h
>
> Ozone has a  S3 api and mechanism to create S3 like secrets for user. This 
> jira proposes hadoop compatible token based authentication for S3 api which 
> utilizes S3 secret stored in OM.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org