You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2021/10/01 02:07:04 UTC

[GitHub] [ozone] neils-dev commented on a change in pull request #2655: HDDS-5612. Create Ozone s3 authentication token and client authentication transport

neils-dev commented on a change in pull request #2655:
URL: https://github.com/apache/ozone/pull/2655#discussion_r719888761



##########
File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java
##########
@@ -83,65 +75,20 @@ public OzoneClient createClient() throws WebApplicationException,
     return client;
   }
 
-  @PreDestroy
-  public void destroy() throws IOException {
-    client.close();
-  }
-
   private OzoneClient getClient(OzoneConfiguration config)
       throws WebApplicationException {
     OzoneClient ozoneClient = null;
     try {
-      SignatureInfo signatureInfo = signatureProcessor.parseSignature();
-
-      String stringToSign = "";
-      if (signatureInfo.getVersion() == Version.V4) {
-        stringToSign =
-            StringToSignProducer.createSignatureBase(signatureInfo, context);
-      }
-
-      String awsAccessId = signatureInfo.getAwsAccessId();
-      validateAccessId(awsAccessId);
-
-      UserGroupInformation remoteUser =
-          UserGroupInformation.createRemoteUser(awsAccessId);
-      if (OzoneSecurityUtil.isSecurityEnabled(config)) {
-        LOG.debug("Creating s3 auth info for client.");
-
-        if (signatureInfo.getVersion() == Version.NONE) {
-          throw MALFORMED_HEADER;
-        }
-
-        OzoneTokenIdentifier identifier = new OzoneTokenIdentifier();
-        identifier.setTokenType(S3AUTHINFO);
-        identifier.setStrToSign(stringToSign);
-        identifier.setSignature(signatureInfo.getSignature());
-        identifier.setAwsAccessId(awsAccessId);
-        identifier.setOwner(new Text(awsAccessId));
-        if (LOG.isTraceEnabled()) {
-          LOG.trace("Adding token for service:{}", omService);
-        }
-        Token<OzoneTokenIdentifier> token = new Token(identifier.getBytes(),
-            identifier.getSignature().getBytes(StandardCharsets.UTF_8),
-            identifier.getKind(),
-            omService);
-        remoteUser.addToken(token);
 
-      }
+      this.remoteUser = UserGroupInformation.getCurrentUser();
       ozoneClient =
-          remoteUser.doAs((PrivilegedExceptionAction<OzoneClient>) () -> {
-            return createOzoneClient();
-          });
-    } catch (OS3Exception ex) {
-      if (LOG.isDebugEnabled()) {
-        LOG.debug("Error during Client Creation: ", ex);
-      }
-      throw wrapOS3Exception(ex);
-    } catch (Exception e) {
+          OzoneClientCache.getOzoneClientInstance(omServiceID,

Review comment:
       Thanks @bharatviswa504 and @swagle .  Since the s3gateway gRPC does not support another transport it is not configurable.  I don't know how easy it would be to try to support another transport - what else it impacts other than an interface for the s3g `OzoneClientProducer`, in terms of the client and endpoints.  As @swagle suggested we could open another jira to explore this.  Part of this other jira would see if we can select the OzoneClientProducer and OmTransport through configuration (have to see how it impacts the CDI injected variables as well).   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org