Search in sources :

Example 1 with RevokeS3SecretRequest

use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest in project ozone by apache.

the class OzoneManagerProtocolClientSideTranslatorPB method revokeS3Secret.

@Override
public void revokeS3Secret(String kerberosID) throws IOException {
    RevokeS3SecretRequest request = RevokeS3SecretRequest.newBuilder().setKerberosID(kerberosID).build();
    OMRequest omRequest = createOMRequest(Type.RevokeS3Secret).setRevokeS3SecretRequest(request).build();
    handleError(submitRequest(omRequest));
}
Also used : OMRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest) RevokeS3SecretRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest)

Example 2 with RevokeS3SecretRequest

use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest in project ozone by apache.

the class S3RevokeSecretRequest method validateAndUpdateCache.

@Override
public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, long transactionLogIndex, OzoneManagerDoubleBufferHelper ozoneManagerDoubleBufferHelper) {
    OMClientResponse omClientResponse = null;
    OMResponse.Builder omResponse = OmResponseUtil.getOMResponseBuilder(getOmRequest());
    boolean acquiredLock = false;
    IOException exception = null;
    OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
    final RevokeS3SecretRequest revokeS3SecretRequest = getOmRequest().getRevokeS3SecretRequest();
    String kerberosID = revokeS3SecretRequest.getKerberosID();
    try {
        acquiredLock = omMetadataManager.getLock().acquireWriteLock(S3_SECRET_LOCK, kerberosID);
        // Remove if entry exists in table
        if (omMetadataManager.getS3SecretTable().isExist(kerberosID)) {
            // Invalid entry in table cache immediately
            omMetadataManager.getS3SecretTable().addCacheEntry(new CacheKey<>(kerberosID), new CacheValue<>(Optional.absent(), transactionLogIndex));
            omClientResponse = new S3RevokeSecretResponse(kerberosID, omResponse.setStatus(Status.OK).build());
        } else {
            omClientResponse = new S3RevokeSecretResponse(null, omResponse.setStatus(Status.S3_SECRET_NOT_FOUND).build());
        }
    } catch (IOException ex) {
        exception = ex;
        omClientResponse = new S3RevokeSecretResponse(null, createErrorOMResponse(omResponse, ex));
    } finally {
        addResponseToDoubleBuffer(transactionLogIndex, omClientResponse, ozoneManagerDoubleBufferHelper);
        if (acquiredLock) {
            omMetadataManager.getLock().releaseWriteLock(S3_SECRET_LOCK, kerberosID);
        }
    }
    Map<String, String> auditMap = new HashMap<>();
    auditMap.put(OzoneConsts.S3_REVOKESECRET_USER, kerberosID);
    auditLog(ozoneManager.getAuditLogger(), buildAuditMessage(OMAction.REVOKE_S3_SECRET, auditMap, exception, getOmRequest().getUserInfo()));
    if (exception == null) {
        if (omResponse.getStatus() == Status.OK) {
            LOG.info("Secret for {} is revoked.", kerberosID);
        } else {
            LOG.info("Secret for {} doesn't exist.", kerberosID);
        }
    } else {
        LOG.error("Error when revoking secret for {}.", kerberosID, exception);
    }
    return omClientResponse;
}
Also used : OMClientResponse(org.apache.hadoop.ozone.om.response.OMClientResponse) HashMap(java.util.HashMap) IOException(java.io.IOException) OMResponse(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse) S3RevokeSecretResponse(org.apache.hadoop.ozone.om.response.s3.security.S3RevokeSecretResponse) OMMetadataManager(org.apache.hadoop.ozone.om.OMMetadataManager) RevokeS3SecretRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest)

Example 3 with RevokeS3SecretRequest

use of org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest in project ozone by apache.

the class S3RevokeSecretRequest method preExecute.

@Override
public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
    final RevokeS3SecretRequest s3RevokeSecretRequest = getOmRequest().getRevokeS3SecretRequest();
    final String kerberosID = s3RevokeSecretRequest.getKerberosID();
    final UserGroupInformation ugi = ProtobufRpcEngine.Server.getRemoteUser();
    final String username = ugi.getUserName();
    // Permission check. Users need to be themselves or have admin privilege
    if (!username.equals(kerberosID) && !ozoneManager.isAdmin(ugi)) {
        throw new OMException("Requested user name '" + kerberosID + "' doesn't match current user '" + username + "', nor does current user has administrator privilege.", OMException.ResultCodes.USER_MISMATCH);
    }
    final RevokeS3SecretRequest revokeS3SecretRequest = RevokeS3SecretRequest.newBuilder().setKerberosID(kerberosID).build();
    OMRequest.Builder omRequest = OMRequest.newBuilder().setRevokeS3SecretRequest(revokeS3SecretRequest).setCmdType(getOmRequest().getCmdType()).setClientId(getOmRequest().getClientId());
    if (getOmRequest().hasTraceID()) {
        omRequest.setTraceID(getOmRequest().getTraceID());
    }
    return omRequest.build();
}
Also used : OMRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest) OMException(org.apache.hadoop.ozone.om.exceptions.OMException) RevokeS3SecretRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Aggregations

RevokeS3SecretRequest (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RevokeS3SecretRequest)3 OMRequest (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest)2 IOException (java.io.IOException)1 HashMap (java.util.HashMap)1 OMMetadataManager (org.apache.hadoop.ozone.om.OMMetadataManager)1 OMException (org.apache.hadoop.ozone.om.exceptions.OMException)1 OMClientResponse (org.apache.hadoop.ozone.om.response.OMClientResponse)1 S3RevokeSecretResponse (org.apache.hadoop.ozone.om.response.s3.security.S3RevokeSecretResponse)1 OMResponse (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1