HDDS-14150. [STS] Connect STS Endpoint to Backend Processing #9654
Conversation
| } | ||
|
|
||
| @Test | ||
| public void testAssumeRoleRejectedWhenStsEnabledAndNativeAuthorizerNotUsed() { |
There was a problem hiding this comment.
testAssumeRoleRejectedWhenStsEnabledAndNativeAuthorizerNotUsed ->
testAssumeRoleAllowedWhenStsEnabledAndNativeAuthorizerNotUsed
| if (queryParams == null) { | ||
| return null; | ||
| } | ||
| final String stsQueryParam = queryParams.getFirst("X-Amz-Security-Token"); |
There was a problem hiding this comment.
Since "X-Amz-Security-Token" is case insensitive, it's better to loop the queryParams, and use the compareToIgnoreCase to compare the parameter name.
| Random random = new Random(); | ||
| for (int i = 0; i < length; i++) { | ||
| sb.append(chars.charAt(random.nextInt(chars.length()))); | ||
| final String requestId = UUID.randomUUID().toString(); |
There was a problem hiding this comment.
Shall we return the requestId from OM, and add the requestId in assumeRole audit log?
| .build(); | ||
| } | ||
|
|
||
| final AssumeRoleResponseInfo responseInfo = getClient() |
There was a problem hiding this comment.
It's better we catch the exception from assumeRole() and generateAssumeRoleResponse(), wrap it as OS3Exception to return.
There was a problem hiding this comment.
It looks like audit log is not supported in S3AssumeRoleRequest currently.
| final String accountId = parts[4]; | ||
| final String resource = parts[5]; // role/<name> | ||
|
|
||
| if (accountId == null || accountId.isEmpty() || resource == null || !resource.startsWith("role/") || |
There was a problem hiding this comment.
You can leverage Strings.isNullOrEmpty() for string null and empty check. Strings.isNullOrEmpty is wildly used in Ozone.
2 participants
Please describe your PR in detail:
What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-14150
How was this patch tested?
unit tests and smoke testing