You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2022/08/19 08:06:46 UTC

[GitHub] [ozone] adoroszlai opened a new pull request, #3698: HDDS-7139. INVALID_TOKEN is handled as internal error in S3G

adoroszlai opened a new pull request, #3698:
URL: https://github.com/apache/ozone/pull/3698

   ## What changes were proposed in this pull request?
   
   Providing wrong signature (authentication) for S3 request should result in access denied (403), but currently it results in server error (500) instead:
   
   ```
   $ kinit -kt /etc/security/keytabs/scm.keytab scm/scm@EXAMPLE.COM
   $ ozone sh bucket create /s3v/bucket
   $ ozone sh key put /s3v/bucket/passwd /etc/passwd
   $ curl -i -X GET 'http://s3g:9878/bucket/passwd' -H 'Authorization: AWS scm/scm@EXAMPLE.COM:asdfqwerty'
   HTTP/1.1 500 Server Error
   ...
   ```
   
   Server-side log:
   
   ```
   s3g_1       | 2022-08-18 17:58:41,466 [qtp1178587240-20] WARN server.HttpChannelState: unhandled due to prior sendError
   s3g_1       | javax.servlet.ServletException: javax.servlet.ServletException: org.glassfish.jersey.server.ContainerException: INVALID_TOKEN org.apache.hadoop.ozone.om.exceptions.OMException: User scm/scm@EXAMPLE.COM request authorization failure: signatures do NOT match
   ...
   s3g_1       | Caused by: INVALID_TOKEN org.apache.hadoop.ozone.om.exceptions.OMException: User scm/scm@EXAMPLE.COM request authorization failure: signatures do NOT match
   s3g_1       | 	at org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.handleError(OzoneManagerProtocolClientSideTranslatorPB.java:696)
   s3g_1       | 	at org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.getS3VolumeContext(OzoneManagerProtocolClientSideTranslatorPB.java:1205)
   s3g_1       | 	at org.apache.hadoop.ozone.client.rpc.RpcClient.getS3VolumeContext(RpcClient.java:510)
   s3g_1       | 	at org.apache.hadoop.ozone.client.ObjectStore.getS3Volume(ObjectStore.java:167)
   s3g_1       | 	at org.apache.hadoop.ozone.s3.endpoint.EndpointBase.getVolume(EndpointBase.java:133)
   s3g_1       | 	at org.apache.hadoop.ozone.s3.endpoint.ObjectEndpoint.get(ObjectEndpoint.java:289)
   ```
   
   This patch makes S3G handle `INVALID_TOKEN` as permission problem.
   
   https://issues.apache.org/jira/browse/HDDS-7139
   
   ## How was this patch tested?
   
   Added Robot test case.
   
   https://github.com/adoroszlai/hadoop-ozone/actions/runs/2887470108


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] kerneltime commented on pull request #3698: HDDS-7139. INVALID_TOKEN is handled as internal error in S3G

Posted by GitBox <gi...@apache.org>.

kerneltime commented on PR #3698:
URL: https://github.com/apache/ozone/pull/3698#issuecomment-1220919429

   Thank you, @adoroszlai for the patch and @Galsza for the review.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] kerneltime merged pull request #3698: HDDS-7139. INVALID_TOKEN is handled as internal error in S3G

Posted by GitBox <gi...@apache.org>.

kerneltime merged PR #3698:
URL: https://github.com/apache/ozone/pull/3698


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on pull request #3698: HDDS-7139. INVALID_TOKEN is handled as internal error in S3G

Posted by GitBox <gi...@apache.org>.

adoroszlai commented on PR #3698:
URL: https://github.com/apache/ozone/pull/3698#issuecomment-1220923484

   Thanks @kerneltime for reviewing and committing it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org