Example 1 with GetS3SecretRequest
use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretRequest in project ozone by apache.
the class OzoneManagerProtocolClientSideTranslatorPB method getS3Secret.
@Override
public S3SecretValue getS3Secret(String kerberosID) throws IOException {
GetS3SecretRequest request = GetS3SecretRequest.newBuilder().setKerberosID(kerberosID).build();
OMRequest omRequest = createOMRequest(Type.GetS3Secret).setGetS3SecretRequest(request).build();
final GetS3SecretResponse resp = handleError(submitRequest(omRequest)).getGetS3SecretResponse();
return S3SecretValue.fromProtobuf(resp.getS3Secret());
}
Also used :
OMRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest)
GetS3SecretRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretRequest)
GetS3SecretResponse(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretResponse)
Example 2 with GetS3SecretRequest
use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretRequest in project ozone by apache.
the class S3GetSecretRequest method preExecute.
@Override
public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
GetS3SecretRequest s3GetSecretRequest = getOmRequest().getGetS3SecretRequest();
// Generate S3 Secret to be used by OM quorum.
String kerberosID = s3GetSecretRequest.getKerberosID();
final UserGroupInformation ugi = ProtobufRpcEngine.Server.getRemoteUser();
final String username = ugi.getUserName();
// Permission check. Users need to be themselves or have admin privilege
if (!username.equals(kerberosID) && !ozoneManager.isAdmin(ugi)) {
throw new OMException("Requested user name '" + kerberosID + "' doesn't match current user '" + username + "', nor does current user has administrator privilege.", OMException.ResultCodes.USER_MISMATCH);
}
String s3Secret = DigestUtils.sha256Hex(OmUtils.getSHADigest());
UpdateGetS3SecretRequest updateGetS3SecretRequest = UpdateGetS3SecretRequest.newBuilder().setAwsSecret(s3Secret).setKerberosID(kerberosID).build();
// Client issues GetS3Secret request, when received by OM leader
// it will generate s3Secret. Original GetS3Secret request is
// converted to UpdateGetS3Secret request with the generated token
// information. This updated request will be submitted to Ratis. In this
// way S3Secret created by leader, will be replicated across all
// OMs. With this approach, original GetS3Secret request from
// client does not need any proto changes.
OMRequest.Builder omRequest = OMRequest.newBuilder().setUserInfo(getUserInfo()).setUpdateGetS3SecretRequest(updateGetS3SecretRequest).setCmdType(getOmRequest().getCmdType()).setClientId(getOmRequest().getClientId());
if (getOmRequest().hasTraceID()) {
omRequest.setTraceID(getOmRequest().getTraceID());
}
return omRequest.build();
}
Also used :
UpdateGetS3SecretRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.UpdateGetS3SecretRequest)
OMRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest)
GetS3SecretRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretRequest)
UpdateGetS3SecretRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.UpdateGetS3SecretRequest)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Aggregations
GetS3SecretRequest (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretRequest)2
OMRequest (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest)2
OMException (org.apache.hadoop.ozone.om.exceptions.OMException)1
GetS3SecretResponse (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretResponse)1
UpdateGetS3SecretRequest (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.UpdateGetS3SecretRequest)1
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1
