use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretResponse in project ozone by apache.
the class OzoneManagerProtocolClientSideTranslatorPB method getS3Secret.
@Override
public S3SecretValue getS3Secret(String kerberosID) throws IOException {
GetS3SecretRequest request = GetS3SecretRequest.newBuilder().setKerberosID(kerberosID).build();
OMRequest omRequest = createOMRequest(Type.GetS3Secret).setGetS3SecretRequest(request).build();
final GetS3SecretResponse resp = handleError(submitRequest(omRequest)).getGetS3SecretResponse();
return S3SecretValue.fromProtobuf(resp.getS3Secret());
}
use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretResponse in project ozone by apache.
the class S3GetSecretRequest method validateAndUpdateCache.
@Override
public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, long transactionLogIndex, OzoneManagerDoubleBufferHelper ozoneManagerDoubleBufferHelper) {
OMClientResponse omClientResponse = null;
OMResponse.Builder omResponse = OmResponseUtil.getOMResponseBuilder(getOmRequest());
boolean acquiredLock = false;
IOException exception = null;
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
UpdateGetS3SecretRequest updateGetS3SecretRequest = getOmRequest().getUpdateGetS3SecretRequest();
String kerberosID = updateGetS3SecretRequest.getKerberosID();
try {
String awsSecret = updateGetS3SecretRequest.getAwsSecret();
acquiredLock = omMetadataManager.getLock().acquireWriteLock(S3_SECRET_LOCK, kerberosID);
S3SecretValue s3SecretValue = omMetadataManager.getS3SecretTable().get(kerberosID);
// If s3Secret for user is not in S3Secret table, add the Secret to cache.
if (s3SecretValue == null) {
omMetadataManager.getS3SecretTable().addCacheEntry(new CacheKey<>(kerberosID), new CacheValue<>(Optional.of(new S3SecretValue(kerberosID, awsSecret)), transactionLogIndex));
} else {
// If it already exists, use the existing one.
awsSecret = s3SecretValue.getAwsSecret();
}
GetS3SecretResponse.Builder getS3SecretResponse = GetS3SecretResponse.newBuilder().setS3Secret(S3Secret.newBuilder().setAwsSecret(awsSecret).setKerberosID(kerberosID));
if (s3SecretValue == null) {
omClientResponse = new S3GetSecretResponse(new S3SecretValue(kerberosID, awsSecret), omResponse.setGetS3SecretResponse(getS3SecretResponse).build());
} else {
// As when it already exists, we don't need to add to DB again. So
// set the value to null.
omClientResponse = new S3GetSecretResponse(null, omResponse.setGetS3SecretResponse(getS3SecretResponse).build());
}
} catch (IOException ex) {
exception = ex;
omClientResponse = new S3GetSecretResponse(null, createErrorOMResponse(omResponse, ex));
} finally {
addResponseToDoubleBuffer(transactionLogIndex, omClientResponse, ozoneManagerDoubleBufferHelper);
if (acquiredLock) {
omMetadataManager.getLock().releaseWriteLock(S3_SECRET_LOCK, kerberosID);
}
}
Map<String, String> auditMap = new HashMap<>();
auditMap.put(OzoneConsts.S3_GETSECRET_USER, kerberosID);
// audit log
auditLog(ozoneManager.getAuditLogger(), buildAuditMessage(OMAction.GET_S3_SECRET, auditMap, exception, getOmRequest().getUserInfo()));
if (exception == null) {
LOG.debug("Secret for accessKey:{} is generated Successfully", kerberosID);
} else {
LOG.error("Secret for accessKey:{} is generation failed", kerberosID, exception);
}
return omClientResponse;
}
Aggregations