Ren Koike created HDDS-13540:
--------------------------------
Summary: Implement STS Endpoint Functionality
Key: HDDS-13540
URL: https://issues.apache.org/jira/browse/HDDS-13540
Project: Apache Ozone
Issue Type: Sub-task
Components: s3gateway
Reporter: Ren Koike
Assignee: Ren Koike
Fix For: 2.1.0
This sub-task focuses on developing the essential logic for the newly created
STS endpoint. The following key areas will be addressed:
* *Signature-based AWS Credential Extraction:* Implement a filter to securely
extract AWS ID and password from the incoming request's signature. This will
involve validating the signature and parsing the necessary credentials for
subsequent operations. This validation has to happen before the request reaches
to the API endpoint.
* *ACL Subset Checking:* Develop logic to verify that the requested Access
Control Lists (ACLs) by the user are a valid subset of the user's existing
resource permissions.
* *OM Integration for Temporary Credential Generation:* Modify the Ozone
Manager (OM) to facilitate the generation and secure storage of temporary AWS
credentials. This includes defining the data structure for these credentials
and implementing the necessary API calls to OM.
* *Token Expiration Management:* Implement mechanisms to manage the lifecycle
of the generated temporary tokens, including setting provided expiration times
by the request and handling their invalidation after the expiration. No refresh
of tokens is supported.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
