You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "ivanzlenko (via GitHub)" <gi...@apache.org> on 2023/08/29 12:00:53 UTC

[GitHub] [ozone] ivanzlenko opened a new pull request, #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

ivanzlenko opened a new pull request, #5233:
URL: https://github.com/apache/ozone/pull/5233

   ## What changes were proposed in this pull request?
   
   Add an ability to generate or revoke secret for custom user using S3 REST. 
   
   ## What is the link to the Apache JIRA
   
   Please replace this section with the link to the Apache JIRA)](https://issues.apache.org/jira/browse/HDDS-9203)
   
   ## How was this patch tested?
   
   Patch is tested manually, via unit and smoke tests. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1315795195


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretGenerateEndpoint.java:
##########
@@ -34,16 +36,30 @@
 public class S3SecretGenerateEndpoint extends S3SecretEndpointBase {
   @POST
   public Response generate() throws IOException {
+    return generateInternal(null);
+  }
+
+  @POST
+  @Path("/{username}")
+  public Response generate(@PathParam("username") String username)

Review Comment:
   Yes, it's good to have a page for this new RESTful solution. 
   
   There is one Security section on this page https://ci-hadoop.apache.org/view/Hadoop%20Ozone/job/ozone-doc-master/lastSuccessfulBuild/artifact/hadoop-hdds/docs/public/interface/s3.html.  about the CLI S3 Secret Management. It's better to co locate the new content with it.  Maybe we can move the Security section content from s3.html to the Securing S3.html, then add a link in s3.html to refer to the new location.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1315798618


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java:
##########
@@ -20,31 +20,74 @@
 
 import org.apache.hadoop.ozone.audit.S3GAction;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.ws.rs.POST;
+import javax.annotation.Nullable;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
 
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 
 /**
- * Revoke secret endpoint.
+ * Endpoint to generate and return S3 secret.

Review Comment:
   Endpoint to generate and return S3 secret. -> 
   Endpoint to manage S3 secret



##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java:
##########
@@ -20,31 +20,74 @@
 
 import org.apache.hadoop.ozone.audit.S3GAction;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.ws.rs.POST;
+import javax.annotation.Nullable;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
 
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 
 /**
- * Revoke secret endpoint.
+ * Endpoint to generate and return S3 secret.

Review Comment:
   Endpoint to generate and return S3 secret. -> 
   Endpoint to manage S3 secret.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1315802979


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java:
##########
@@ -20,31 +20,74 @@
 
 import org.apache.hadoop.ozone.audit.S3GAction;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.ws.rs.POST;
+import javax.annotation.Nullable;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
 
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 
 /**
- * Revoke secret endpoint.
+ * Endpoint to generate and return S3 secret.
  */
-@Path("/secret/revoke")
+@Path("/secret")
 @S3SecretEnabled
-public class S3SecretRevokeEndpoint extends S3SecretEndpointBase {
-
+public class S3SecretManagementEndpoint extends S3SecretEndpointBase {
   private static final Logger LOG =
-          LoggerFactory.getLogger(S3SecretRevokeEndpoint.class);
+      LoggerFactory.getLogger(S3SecretManagementEndpoint.class);
+
+  @PUT
+  public Response generate() throws IOException {
+    return generateInternal(null);
+  }
 
+  @PUT
+  @Path("/{username}")
+  public Response generate(@PathParam("username") String username)
+      throws IOException {
+    return generateInternal(username);
+  }
 
-  @POST
+  private Response generateInternal(@Nullable String username)
+      throws IOException {
+    S3SecretResponse s3SecretResponse = new S3SecretResponse();
+    S3SecretValue s3SecretValue = generateS3Secret(username);
+    s3SecretResponse.setAwsSecret(s3SecretValue.getAwsSecret());
+    s3SecretResponse.setAwsAccessKey(s3SecretValue.getAwsAccessKey());
+    AUDIT.logReadSuccess(buildAuditMessageForSuccess(
+        S3GAction.GENERATE_SECRET, getAuditParameters()));
+    return Response.ok(s3SecretResponse).build();
+  }
+
+  private S3SecretValue generateS3Secret(@Nullable String username)
+      throws IOException {
+    String actualUsername = username == null ? userNameFromRequest() : username;
+    return getClient().getObjectStore().getS3Secret(actualUsername);
+  }
+
+  @DELETE
   public Response revoke() throws IOException {
+    return revokeInternal(null);
+  }
+
+  @DELETE
+  @Path("/{username}")
+  public Response revoke(@PathParam("username") String username)
+      throws IOException {
+    return revokeInternal(username);
+  }
+
+  private Response revokeInternal(@Nullable String username)
+      throws IOException {
     try {
-      revokeSecret();
+      revokeSecret(username);

Review Comment:
   @ivanzlenko , I remember that in patch, revokeSecret failure case is handled already. But it's not here in this patch?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ivanzlenko commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ivanzlenko (via GitHub)" <gi...@apache.org>.

ivanzlenko commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1311244415


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretGenerateEndpoint.java:
##########
@@ -34,16 +36,30 @@
 public class S3SecretGenerateEndpoint extends S3SecretEndpointBase {
   @POST
   public Response generate() throws IOException {
+    return generateInternal(null);
+  }
+
+  @POST
+  @Path("/{username}")
+  public Response generate(@PathParam("username") String username)

Review Comment:
   Also, does it make sense to add "Administration of S3 Secret" on this page https://ci-hadoop.apache.org/view/Hadoop%20Ozone/job/ozone-doc-master/lastSuccessfulBuild/artifact/hadoop-hdds/docs/public/security/securings3.html ? If that's the case then I create a follow ticket to do so. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ivanzlenko commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ivanzlenko (via GitHub)" <gi...@apache.org>.

ivanzlenko commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1315807728


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java:
##########
@@ -20,31 +20,74 @@
 
 import org.apache.hadoop.ozone.audit.S3GAction;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.ws.rs.POST;
+import javax.annotation.Nullable;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
 
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 
 /**
- * Revoke secret endpoint.
+ * Endpoint to generate and return S3 secret.

Review Comment:
   Fixed



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1311095057


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretGenerateEndpoint.java:
##########
@@ -34,16 +36,30 @@
 public class S3SecretGenerateEndpoint extends S3SecretEndpointBase {
   @POST
   public Response generate() throws IOException {
+    return generateInternal(null);
+  }
+
+  @POST
+  @Path("/{username}")
+  public Response generate(@PathParam("username") String username)

Review Comment:
   The current URL and HTTP action of each operation is 
   POST /secret/generate
   POST /secret/generate/testuser2
   POST /secret/revoke
   POST /secret/revoke/testuser2
   
   For a REST API, it usually leverages HTTP operations instead of put the operation/action name in the URL. I'd like to recommend change the URL and HTTP action to,
   PUT        /secret/
   PUT        /secret/testuser2
   DELETE  /secret/
   DELETE  /secret/testuser2
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ivanzlenko commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ivanzlenko (via GitHub)" <gi...@apache.org>.

ivanzlenko commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1311242158


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretGenerateEndpoint.java:
##########
@@ -34,16 +36,30 @@
 public class S3SecretGenerateEndpoint extends S3SecretEndpointBase {
   @POST
   public Response generate() throws IOException {
+    return generateInternal(null);
+  }
+
+  @POST
+  @Path("/{username}")
+  public Response generate(@PathParam("username") String username)

Review Comment:
   @ChenSammi thanks! I've changed this API.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ivanzlenko commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ivanzlenko (via GitHub)" <gi...@apache.org>.

ivanzlenko commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1315806246


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java:
##########
@@ -20,31 +20,74 @@
 
 import org.apache.hadoop.ozone.audit.S3GAction;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.ws.rs.POST;
+import javax.annotation.Nullable;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
 
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 
 /**
- * Revoke secret endpoint.
+ * Endpoint to generate and return S3 secret.

Review Comment:
   89th line, revokeInternal() method :) 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ivanzlenko commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ivanzlenko (via GitHub)" <gi...@apache.org>.

ivanzlenko commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1315806246


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java:
##########
@@ -20,31 +20,74 @@
 
 import org.apache.hadoop.ozone.audit.S3GAction;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.ws.rs.POST;
+import javax.annotation.Nullable;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
 
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 
 /**
- * Revoke secret endpoint.
+ * Endpoint to generate and return S3 secret.

Review Comment:
   89th line, revokeInternal() method :) 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ivanzlenko commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ivanzlenko (via GitHub)" <gi...@apache.org>.

ivanzlenko commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1316917268


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretGenerateEndpoint.java:
##########
@@ -34,16 +36,30 @@
 public class S3SecretGenerateEndpoint extends S3SecretEndpointBase {
   @POST
   public Response generate() throws IOException {
+    return generateInternal(null);
+  }
+
+  @POST
+  @Path("/{username}")
+  public Response generate(@PathParam("username") String username)

Review Comment:
   https://issues.apache.org/jira/browse/HDDS-9241



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1311095057


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretGenerateEndpoint.java:
##########
@@ -34,16 +36,30 @@
 public class S3SecretGenerateEndpoint extends S3SecretEndpointBase {
   @POST
   public Response generate() throws IOException {
+    return generateInternal(null);
+  }
+
+  @POST
+  @Path("/{username}")
+  public Response generate(@PathParam("username") String username)

Review Comment:
   The current URL and HTTP action of each operation is 
   POST /secret/generate
   POST /secret/generate/testuser2
   POST /secret/revoke
   POST /secret/revoke/testuser2
   
   For a REST API, it usually leverages HTTP operations instead of put the operation/action name in the URL. I'd like to recommend change the URL and HTTP action to,
   PUT        /secret/
   PUT        /secret/testuser2
   DELETE  /secret/
   DELETE  /secret/testuser2
   
   @ivanzlenko , the rest looks good. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi commented on a diff in pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi commented on code in PR #5233:
URL: https://github.com/apache/ozone/pull/5233#discussion_r1315802979


##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java:
##########
@@ -20,31 +20,74 @@
 
 import org.apache.hadoop.ozone.audit.S3GAction;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.ws.rs.POST;
+import javax.annotation.Nullable;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
 
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 
 /**
- * Revoke secret endpoint.
+ * Endpoint to generate and return S3 secret.
  */
-@Path("/secret/revoke")
+@Path("/secret")
 @S3SecretEnabled
-public class S3SecretRevokeEndpoint extends S3SecretEndpointBase {
-
+public class S3SecretManagementEndpoint extends S3SecretEndpointBase {
   private static final Logger LOG =
-          LoggerFactory.getLogger(S3SecretRevokeEndpoint.class);
+      LoggerFactory.getLogger(S3SecretManagementEndpoint.class);
+
+  @PUT
+  public Response generate() throws IOException {
+    return generateInternal(null);
+  }
 
+  @PUT
+  @Path("/{username}")
+  public Response generate(@PathParam("username") String username)
+      throws IOException {
+    return generateInternal(username);
+  }
 
-  @POST
+  private Response generateInternal(@Nullable String username)
+      throws IOException {
+    S3SecretResponse s3SecretResponse = new S3SecretResponse();
+    S3SecretValue s3SecretValue = generateS3Secret(username);
+    s3SecretResponse.setAwsSecret(s3SecretValue.getAwsSecret());
+    s3SecretResponse.setAwsAccessKey(s3SecretValue.getAwsAccessKey());
+    AUDIT.logReadSuccess(buildAuditMessageForSuccess(
+        S3GAction.GENERATE_SECRET, getAuditParameters()));
+    return Response.ok(s3SecretResponse).build();
+  }
+
+  private S3SecretValue generateS3Secret(@Nullable String username)
+      throws IOException {
+    String actualUsername = username == null ? userNameFromRequest() : username;
+    return getClient().getObjectStore().getS3Secret(actualUsername);
+  }
+
+  @DELETE
   public Response revoke() throws IOException {
+    return revokeInternal(null);
+  }
+
+  @DELETE
+  @Path("/{username}")
+  public Response revoke(@PathParam("username") String username)
+      throws IOException {
+    return revokeInternal(username);
+  }
+
+  private Response revokeInternal(@Nullable String username)
+      throws IOException {
     try {
-      revokeSecret();
+      revokeSecret(username);

Review Comment:
   @ivanzlenko , I remember that in patch, revokeSecret failure case is handled already. But it's not here in this patch?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi commented on pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi commented on PR #5233:
URL: https://github.com/apache/ozone/pull/5233#issuecomment-1707923304

   Thanks @ivanzlenko for the contribution.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi merged pull request #5233: HDDS-9203. Allow generating/revoking S3 secret for other users via REST

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi merged PR #5233:
URL: https://github.com/apache/ozone/pull/5233


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org