[
https://issues.apache.org/jira/browse/HDDS-13600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang updated HDDS-13600:
-----------------------------------
Fix Version/s: 2.1.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Log s3 secret error at WARN level rather than ERROR
> ---------------------------------------------------
>
> Key: HDDS-13600
> URL: https://issues.apache.org/jira/browse/HDDS-13600
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: s3gateway
> Reporter: Wei-Chiu Chuang
> Assignee: Ajay Singh
> Priority: Trivial
> Labels: pull-request-available
> Fix For: 2.1.0
>
>
> {noformat}
> 2025-08-16 02:31:27,317 ERROR [IPC Server handler 74 on
> 9862]-org.apache.hadoop.ozone.security.OzoneDelegationTokenSecretManager:
> Error while validating S3 identifier:OzoneToken
> owner=hue/node1.example1....@halxg.cloudera.com, renewer=, realUser=,
> issueDate=1970-01-01T00:00:00Z, maxDate=1970-01-01T00:00:00Z,
> sequenceNumber=0, masterKeyId=0, strToSign=AWS4-HMAC-SHA256
> 20250816T093127Z
> 20250816/region/s3/aws4_request
> f5015114fc02f1a75a1f77c718a38b80ee8f3d7873d7120519954012b6d042aa,
> signature=18c4371f08ef21ae61fe45915bb141720e2a23e65073f234c16ec25b4dbfa2bb,
> awsAccessKeyId=hue/node1.example1....@example.com, omServiceId=null,
> omCertSerialId=null, secretKeyId=null
> org.apache.hadoop.hdds.security.exception.OzoneSecurityException: S3 secret
> not found for awsAccessKeyId hue/node1.example1....@example.com
> at
> org.apache.hadoop.ozone.om.S3SecretManagerImpl.getSecretString(S3SecretManagerImpl.java:82)
> at
> org.apache.hadoop.ozone.om.S3SecretLockedManager.getSecretString(S3SecretLockedManager.java:53)
> at
> org.apache.hadoop.ozone.security.OzoneDelegationTokenSecretManager.validateS3AuthInfo(OzoneDelegationTokenSecretManager.java:524)
> at
> org.apache.hadoop.ozone.security.OzoneDelegationTokenSecretManager.retrievePassword(OzoneDelegationTokenSecretManager.java:421)
> at
> org.apache.hadoop.ozone.security.S3SecurityUtil.validateS3Credential(S3SecurityUtil.java:61)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.processRequest(OzoneManagerProtocolServerSideTranslatorPB.java:163)
> at
> org.apache.hadoop.hdds.server.OzoneProtocolMessageDispatcher.processRequest(OzoneProtocolMessageDispatcher.java:87)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitRequest(OzoneManagerProtocolServerSideTranslatorPB.java:143)
> at
> org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos$OzoneManagerService$2.callBlockingMethod(OzoneManagerProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:533)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1070)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:994)
> at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:922)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1910)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2899)
> {noformat}
> The ERROR should be logged at WARN instead.
> https://github.com/apache/ozone/blob/master/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java#L466
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org
