You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2020/02/03 10:06:16 UTC

[GitHub] [hadoop-ozone] elek commented on a change in pull request #449: HDDS-2891. Apache NiFi PutFile processor is failing with secure Ozone S3G

elek commented on a change in pull request #449: HDDS-2891. Apache NiFi PutFile processor is failing with secure Ozone S3G
URL: https://github.com/apache/hadoop-ozone/pull/449#discussion_r374014856
 
 

 ##########
 File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java
 ##########
 @@ -75,36 +70,31 @@ private OzoneClient getClient(OzoneConfiguration config) throws IOException {
     try {
       if (OzoneSecurityUtil.isSecurityEnabled(config)) {
         LOG.debug("Creating s3 auth info for client.");
-        if (context.getHeaderString(AUTHORIZATION_HEADER).startsWith("AWS4")) {
-          try {
-            AWSV4AuthParser v4RequestParser = new AWSV4AuthParser(context);
-            v4RequestParser.parse();
-
-            OzoneTokenIdentifier identifier = new OzoneTokenIdentifier();
-            identifier.setTokenType(S3AUTHINFO);
-            identifier.setStrToSign(v4RequestParser.getStringToSign());
-            identifier.setSignature(v4RequestParser.getSignature());
-            identifier.setAwsAccessId(v4RequestParser.getAwsAccessId());
-            identifier.setOwner(new Text(v4RequestParser.getAwsAccessId()));
-            if (LOG.isTraceEnabled()) {
-              LOG.trace("Adding token for service:{}", omService);
-            }
-            Token<OzoneTokenIdentifier> token = new Token(identifier.getBytes(),
-                identifier.getSignature().getBytes(UTF_8),
-                identifier.getKind(),
-                omService);
-            UserGroupInformation remoteUser =
-                UserGroupInformation.createRemoteUser(
-                    v4RequestParser.getAwsAccessId());
-            remoteUser.addToken(token);
-            UserGroupInformation.setLoginUser(remoteUser);
-          } catch (OS3Exception | URISyntaxException ex) {
-            LOG.error("S3 auth info creation failed.");
-            throw S3_AUTHINFO_CREATION_ERROR;
+        try {
+
 
 Review comment:
   The idea was to avoid code duplication. Instead of using `AWSV4AuthParser` we use the common `SignatureProcessor`.
   This particular check is included in the `AWS3SignatureProcessor->authorizationHeader->validateAlgorithm()` which will throw an exception if it's anything else than AWS4.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org