You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by ad...@apache.org on 2022/04/19 08:08:14 UTC
[ozone] branch master updated: HDDS-6574. Set owner of buckets created via S3 Gateway to actual user rather than `s3g`; print LinkBucket owner field on the client (#3298)
This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new a0684e26c8 HDDS-6574. Set owner of buckets created via S3 Gateway to actual user rather than `s3g`; print LinkBucket owner field on the client (#3298)
a0684e26c8 is described below
commit a0684e26c87caa70f3744f777741dbf748370675
Author: Siyao Meng <50...@users.noreply.github.com>
AuthorDate: Tue Apr 19 01:08:07 2022 -0700
HDDS-6574. Set owner of buckets created via S3 Gateway to actual user rather than `s3g`; print LinkBucket owner field on the client (#3298)
---
.../java/org/apache/hadoop/ozone/client/rpc/RpcClient.java | 14 ++++++++++++--
.../dist/src/main/compose/ozonesecure-ha/docker-config | 2 +-
hadoop-ozone/dist/src/main/smoketest/s3/bucketlist.robot | 8 ++++++++
.../hadoop/ozone/shell/bucket/InfoBucketHandler.java | 6 ++++++
4 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
index e11f1abc99..3a460deb0b 100644
--- a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
+++ b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
@@ -533,8 +533,18 @@ public class RpcClient implements ClientProtocol {
verifyCountsQuota(bucketArgs.getQuotaInNamespace());
verifySpaceQuota(bucketArgs.getQuotaInBytes());
- String owner = bucketArgs.getOwner() == null ?
- ugi.getShortUserName() : bucketArgs.getOwner();
+ final String owner;
+ // If S3 auth exists, set owner name to the short user name derived from the
+ // accessId. Similar to RpcClient#getDEK
+ if (getThreadLocalS3Auth() != null) {
+ UserGroupInformation s3gUGI = UserGroupInformation.createRemoteUser(
+ getThreadLocalS3Auth().getAccessID());
+ owner = s3gUGI.getShortUserName();
+ } else {
+ owner = bucketArgs.getOwner() == null ?
+ ugi.getShortUserName() : bucketArgs.getOwner();
+ }
+
Boolean isVersionEnabled = bucketArgs.getVersioning() == null ?
Boolean.FALSE : bucketArgs.getVersioning();
StorageType storageType = bucketArgs.getStorageType() == null ?
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config
index 498d02efae..4baaca586a 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/docker-config
@@ -67,7 +67,7 @@ HDFS-SITE.XML_dfs.datanode.address=0.0.0.0:1019
HDFS-SITE.XML_dfs.datanode.http.address=0.0.0.0:1012
CORE-SITE.XML_dfs.data.transfer.protection=authentication
CORE-SITE.XML_hadoop.security.authentication=kerberos
-CORE-SITE.XML_hadoop.security.auth_to_local=RULE:[2:$1](testuser2.*) RULE:[2:$1@$0](.*)s/.*/root/
+CORE-SITE.XML_hadoop.security.auth_to_local="RULE:[2:$1](testuser2.*) RULE:[2:$1](testuser.*) RULE:[2:$1@$0](.*)s/.*/root/"
CORE-SITE.XML_hadoop.security.key.provider.path=kms://http@kms:9600/kms
diff --git a/hadoop-ozone/dist/src/main/smoketest/s3/bucketlist.robot b/hadoop-ozone/dist/src/main/smoketest/s3/bucketlist.robot
index b30d2601a6..cdea52f5b6 100644
--- a/hadoop-ozone/dist/src/main/smoketest/s3/bucketlist.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/s3/bucketlist.robot
@@ -32,6 +32,14 @@ List buckets
${result} = Execute AWSS3APICli list-buckets | jq -r '.Buckets[].Name'
Should contain ${result} ${BUCKET}
+Get bucket info with Ozone Shell to check the owner field
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+ ${result} = Execute ozone sh bucket info /s3v/${BUCKET} | jq -r '.owner'
+ Should Be Equal ${result} testuser
+ # In ozonesecure(-ha) docker-config, hadoop.security.auth_to_local is set
+ # in the way that getShortUserName() converts the accessId to "testuser".
+ # Also see "Setup dummy credentials for S3" in commonawslib.robot
+
List buckets with empty access id
Execute aws configure set aws_access_key_id ''
${result} = Execute AWSS3APICli and checkrc list-buckets 255
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/bucket/InfoBucketHandler.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/bucket/InfoBucketHandler.java
index 6c6948c8ad..cfb9f5a8e7 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/bucket/InfoBucketHandler.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/bucket/InfoBucketHandler.java
@@ -58,6 +58,7 @@ public class InfoBucketHandler extends BucketHandler {
private String sourceBucket;
private Instant creationTime;
private Instant modificationTime;
+ private String owner;
LinkBucket(OzoneBucket ozoneBucket) {
this.volumeName = ozoneBucket.getVolumeName();
@@ -66,6 +67,7 @@ public class InfoBucketHandler extends BucketHandler {
this.sourceBucket = ozoneBucket.getSourceBucket();
this.creationTime = ozoneBucket.getCreationTime();
this.modificationTime = ozoneBucket.getModificationTime();
+ this.owner = ozoneBucket.getOwner();
}
public String getVolumeName() {
@@ -91,6 +93,10 @@ public class InfoBucketHandler extends BucketHandler {
public Instant getModificationTime() {
return modificationTime;
}
+
+ public String getOwner() {
+ return owner;
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org