You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2020/04/28 15:10:10 UTC
[GitHub] [hadoop-ozone] captainzmc opened a new pull request #880: HDDS-3327. fix BUCKET_NOT_FOUND when enable acl.
captainzmc opened a new pull request #880:
URL: https://github.com/apache/hadoop-ozone/pull/880
## What changes were proposed in this pull request?
When the acl is enabled(not enable security), It report an error of BUCKET_NOT_FOUND, when execute the following command to create the bucket. This is successful when the acl is not enabled.
aws s3api --endpoint-url http://localhost:9878 create-bucket --bucket=bucket1
When creating a bucket through s3g, the volume name is determined by the md5Hex value of awsAccessId.
After the bucket is created, the location of that bucket is retrieved and returned to the client. When acls enabled, checkaccess is executed when we get the location. IF we are not set UserGroupInformation.setLoginUser(remoteUser), ozone will get s3g start the user as a username(this username will be used to determine the volume name). When this user is different with awsAccessId, checkaccess will get BUCKET_NOT_FOUND exception.
For example:
When we create a bucket, the bucket is (test_user is the value of awsAccessId):
Md5Hex (test_user)/bucket1
When get location and checkaccess , the bucket is (root is the start user of s3g):
Md5Hex (root)/bucket1
Because the user is different, the volume is different, so the om can't find the bucket.
This PR will get awsAccessId as the current user.
## What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-3327
## How was this patch tested?
1、enable ozone acl without security.
2、create bucket use s3api(Make sure the s3g startup user is different with awsAccessId):
aws s3api --endpoint-url http://s3g-host:9878 create-bucket --bucket=test
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org
[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #880: HDDS-3327. Fix s3api create bucket BUCKET_NOT_FOUND when enable acl.
Posted by GitBox <gi...@apache.org>.
xiaoyuyao commented on a change in pull request #880:
URL: https://github.com/apache/hadoop-ozone/pull/880#discussion_r420384110
##########
File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java
##########
@@ -103,6 +107,13 @@ private OzoneClient getClient(OzoneConfiguration config) throws IOException {
throw S3_AUTHINFO_CREATION_ERROR;
}
+ } else {
Review comment:
Should we move the createRemoteUser, setLoginUser outside the if condition and addToken when security is enabled?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org
[GitHub] [hadoop-ozone] captainzmc edited a comment on pull request #880: HDDS-3327. Fix s3api create bucket BUCKET_NOT_FOUND when enable acl.
Posted by GitBox <gi...@apache.org>.
captainzmc edited a comment on pull request #880:
URL: https://github.com/apache/hadoop-ozone/pull/880#issuecomment-625592747
The issue has been fixed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org
[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #880: HDDS-3327. Fix s3api create bucket BUCKET_NOT_FOUND when enable acl.
Posted by GitBox <gi...@apache.org>.
xiaoyuyao commented on a change in pull request #880:
URL: https://github.com/apache/hadoop-ozone/pull/880#discussion_r420384216
##########
File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java
##########
@@ -76,6 +78,8 @@ public void destory() throws IOException {
private OzoneClient getClient(OzoneConfiguration config) throws IOException {
try {
+ Boolean isAclEnable = config.getBoolean(
Review comment:
Do we still need this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org
[GitHub] [hadoop-ozone] captainzmc edited a comment on pull request #880: HDDS-3327. Fix s3api create bucket BUCKET_NOT_FOUND when enable acl.
Posted by GitBox <gi...@apache.org>.
captainzmc edited a comment on pull request #880:
URL: https://github.com/apache/hadoop-ozone/pull/880#issuecomment-625592747
The review issues has been fixed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org
[GitHub] [hadoop-ozone] vivekratnavel commented on a change in pull request #880: HDDS-3327. Fix s3api create bucket BUCKET_NOT_FOUND when enable acl.
Posted by GitBox <gi...@apache.org>.
vivekratnavel commented on a change in pull request #880:
URL: https://github.com/apache/hadoop-ozone/pull/880#discussion_r416791423
##########
File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java
##########
@@ -103,6 +107,13 @@ private OzoneClient getClient(OzoneConfiguration config) throws IOException {
throw S3_AUTHINFO_CREATION_ERROR;
}
+ } else if (isAclenable) {
+ if (v4RequestParser.getAwsAccessId() != null) {
+ String awsAccessId = v4RequestParser.getAwsAccessId();
Review comment:
Move this statement before `if` and use awsAccessId to check not null in if
```
String awsAccessId = v4RequestParser.getAwsAccessId();
if (awsAccessId != null) {
```
##########
File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java
##########
@@ -76,6 +78,8 @@ public void destory() throws IOException {
private OzoneClient getClient(OzoneConfiguration config) throws IOException {
try {
+ Boolean isAclenable = config.getBoolean(
Review comment:
Rename variable to `isAclEnabled` for consistency in casing.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org
[GitHub] [hadoop-ozone] xiaoyuyao merged pull request #880: HDDS-3327. Fix s3api create bucket BUCKET_NOT_FOUND and acl initialization problem when enable acl.
Posted by GitBox <gi...@apache.org>.
xiaoyuyao merged pull request #880:
URL: https://github.com/apache/hadoop-ozone/pull/880
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org
[GitHub] [hadoop-ozone] captainzmc commented on pull request #880: HDDS-3327. Fix s3api create bucket BUCKET_NOT_FOUND when enable acl.
Posted by GitBox <gi...@apache.org>.
captainzmc commented on pull request #880:
URL: https://github.com/apache/hadoop-ozone/pull/880#issuecomment-625592747
Hi @xiaoyuyao, The issue has been fixed, could you help review it again?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org