You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2021/09/30 15:57:19 UTC

[GitHub] [ozone] swagle commented on a change in pull request #2655: HDDS-5612. Create Ozone s3 authentication token and client authentication transport

swagle commented on a change in pull request #2655:
URL: https://github.com/apache/ozone/pull/2655#discussion_r719548109



##########
File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java
##########
@@ -83,65 +75,20 @@ public OzoneClient createClient() throws WebApplicationException,
     return client;
   }
 
-  @PreDestroy
-  public void destroy() throws IOException {
-    client.close();
-  }
-
   private OzoneClient getClient(OzoneConfiguration config)
       throws WebApplicationException {
     OzoneClient ozoneClient = null;
     try {
-      SignatureInfo signatureInfo = signatureProcessor.parseSignature();
-
-      String stringToSign = "";
-      if (signatureInfo.getVersion() == Version.V4) {
-        stringToSign =
-            StringToSignProducer.createSignatureBase(signatureInfo, context);
-      }
-
-      String awsAccessId = signatureInfo.getAwsAccessId();
-      validateAccessId(awsAccessId);
-
-      UserGroupInformation remoteUser =
-          UserGroupInformation.createRemoteUser(awsAccessId);
-      if (OzoneSecurityUtil.isSecurityEnabled(config)) {
-        LOG.debug("Creating s3 auth info for client.");
-
-        if (signatureInfo.getVersion() == Version.NONE) {
-          throw MALFORMED_HEADER;
-        }
-
-        OzoneTokenIdentifier identifier = new OzoneTokenIdentifier();
-        identifier.setTokenType(S3AUTHINFO);
-        identifier.setStrToSign(stringToSign);
-        identifier.setSignature(signatureInfo.getSignature());
-        identifier.setAwsAccessId(awsAccessId);
-        identifier.setOwner(new Text(awsAccessId));
-        if (LOG.isTraceEnabled()) {
-          LOG.trace("Adding token for service:{}", omService);
-        }
-        Token<OzoneTokenIdentifier> token = new Token(identifier.getBytes(),
-            identifier.getSignature().getBytes(StandardCharsets.UTF_8),
-            identifier.getKind(),
-            omService);
-        remoteUser.addToken(token);
 
-      }
+      this.remoteUser = UserGroupInformation.getCurrentUser();
       ozoneClient =
-          remoteUser.doAs((PrivilegedExceptionAction<OzoneClient>) () -> {
-            return createOzoneClient();
-          });
-    } catch (OS3Exception ex) {
-      if (LOG.isDebugEnabled()) {
-        LOG.debug("Error during Client Creation: ", ex);
-      }
-      throw wrapOS3Exception(ex);
-    } catch (Exception e) {
+          OzoneClientCache.getOzoneClientInstance(omServiceID,

Review comment:
       @neils-dev we should consider this maybe as a part of separate Jira but usually, having such flexibility also allows users to switch back to older impl in the events of bugs/vulnerabilities etc. 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org