use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest in project ozone by apache.
the class OzoneManagerProtocolClientSideTranslatorPB method revokeS3Secret.
@Override
public void revokeS3Secret(String kerberosID) throws IOException {
RevokeS3SecretRequest request = RevokeS3SecretRequest.newBuilder().setKerberosID(kerberosID).build();
OMRequest omRequest = createOMRequest(Type.RevokeS3Secret).setRevokeS3SecretRequest(request).build();
handleError(submitRequest(omRequest));
}
use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest in project ozone by apache.
the class S3RevokeSecretRequest method validateAndUpdateCache.
@Override
public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, long transactionLogIndex, OzoneManagerDoubleBufferHelper ozoneManagerDoubleBufferHelper) {
OMClientResponse omClientResponse = null;
OMResponse.Builder omResponse = OmResponseUtil.getOMResponseBuilder(getOmRequest());
boolean acquiredLock = false;
IOException exception = null;
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
final RevokeS3SecretRequest revokeS3SecretRequest = getOmRequest().getRevokeS3SecretRequest();
String kerberosID = revokeS3SecretRequest.getKerberosID();
try {
acquiredLock = omMetadataManager.getLock().acquireWriteLock(S3_SECRET_LOCK, kerberosID);
// Remove if entry exists in table
if (omMetadataManager.getS3SecretTable().isExist(kerberosID)) {
// Invalid entry in table cache immediately
omMetadataManager.getS3SecretTable().addCacheEntry(new CacheKey<>(kerberosID), new CacheValue<>(Optional.absent(), transactionLogIndex));
omClientResponse = new S3RevokeSecretResponse(kerberosID, omResponse.setStatus(Status.OK).build());
} else {
omClientResponse = new S3RevokeSecretResponse(null, omResponse.setStatus(Status.S3_SECRET_NOT_FOUND).build());
}
} catch (IOException ex) {
exception = ex;
omClientResponse = new S3RevokeSecretResponse(null, createErrorOMResponse(omResponse, ex));
} finally {
addResponseToDoubleBuffer(transactionLogIndex, omClientResponse, ozoneManagerDoubleBufferHelper);
if (acquiredLock) {
omMetadataManager.getLock().releaseWriteLock(S3_SECRET_LOCK, kerberosID);
}
}
Map<String, String> auditMap = new HashMap<>();
auditMap.put(OzoneConsts.S3_REVOKESECRET_USER, kerberosID);
auditLog(ozoneManager.getAuditLogger(), buildAuditMessage(OMAction.REVOKE_S3_SECRET, auditMap, exception, getOmRequest().getUserInfo()));
if (exception == null) {
if (omResponse.getStatus() == Status.OK) {
LOG.info("Secret for {} is revoked.", kerberosID);
} else {
LOG.info("Secret for {} doesn't exist.", kerberosID);
}
} else {
LOG.error("Error when revoking secret for {}.", kerberosID, exception);
}
return omClientResponse;
}
use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest in project ozone by apache.
the class S3RevokeSecretRequest method preExecute.
@Override
public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
final RevokeS3SecretRequest s3RevokeSecretRequest = getOmRequest().getRevokeS3SecretRequest();
final String kerberosID = s3RevokeSecretRequest.getKerberosID();
final UserGroupInformation ugi = ProtobufRpcEngine.Server.getRemoteUser();
final String username = ugi.getUserName();
// Permission check. Users need to be themselves or have admin privilege
if (!username.equals(kerberosID) && !ozoneManager.isAdmin(ugi)) {
throw new OMException("Requested user name '" + kerberosID + "' doesn't match current user '" + username + "', nor does current user has administrator privilege.", OMException.ResultCodes.USER_MISMATCH);
}
final RevokeS3SecretRequest revokeS3SecretRequest = RevokeS3SecretRequest.newBuilder().setKerberosID(kerberosID).build();
OMRequest.Builder omRequest = OMRequest.newBuilder().setRevokeS3SecretRequest(revokeS3SecretRequest).setCmdType(getOmRequest().getCmdType()).setClientId(getOmRequest().getClientId());
if (getOmRequest().hasTraceID()) {
omRequest.setTraceID(getOmRequest().getTraceID());
}
return omRequest.build();
}
Aggregations