Skip to content

HDDS-14894. Fix Latent S3 API Issue having No Acl Check for ListMultipartUploads#9971

Open
fmorg-git wants to merge 3 commits intoapache:masterfrom
fmorg-git:HDDS-14894
Open

HDDS-14894. Fix Latent S3 API Issue having No Acl Check for ListMultipartUploads#9971
fmorg-git wants to merge 3 commits intoapache:masterfrom
fmorg-git:HDDS-14894

Conversation

@fmorg-git
Copy link
Copy Markdown
Contributor

@fmorg-git fmorg-git commented Mar 25, 2026
edited
Loading

Please describe your PR in detail:

  • Currently, there are no acl checks in the S3 ListMultipartUploads implementation. This ticket adds the acl checks.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-14894

How was this patch tested?

unit tests, smoke tests

@fmorg-git fmorg-git force-pushed the HDDS-14894 branch 3 times, most recently from 618decd to 13c2f2f Compare March 25, 2026 16:35
@fmorg-git fmorg-git marked this pull request as draft March 25, 2026 16:36
@fmorg-git fmorg-git mentioned this pull request Mar 25, 2026
Open
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 16, 2026

This PR has been marked as stale due to 21 days of inactivity. Please comment or remove the stale label to keep it open. Otherwise, it will be automatically closed in 7 days.

@github-actions github-actions Bot added the stale label Apr 16, 2026
@fmorg-git
Copy link
Copy Markdown
Contributor Author

fmorg-git commented Apr 16, 2026

commenting to remove stale label

@github-actions github-actions Bot removed the stale label Apr 17, 2026
@fmorg-git fmorg-git marked this pull request as ready for review April 22, 2026 00:27
@fmorg-git
Copy link
Copy Markdown
Contributor Author

fmorg-git commented Apr 22, 2026

hi @ChenSammi - this PR has been rebased and is ready for review. Thanks!

ChenSammi
ChenSammi reviewed Apr 28, 2026
View reviewed changes
Comment thread hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java Outdated
try {
OmMultipartUploadList omMultipartUploadList = keyManager.listMultipartUploads(bucket.realVolume(),
bucket.realBucket(), prefix, keyMarker, uploadIdMarker, maxUploads, withPagination);
if (getAclsEnabled() && isStsS3Request()) {
Copy link
Copy Markdown
Contributor

@ChenSammi ChenSammi Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this ACL check is also required for normal s3 request?

Copy link
Copy Markdown
Contributor Author

@fmorg-git fmorg-git Apr 28, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, discussed with others and they agreed (initially I was concerned it would break existing users, but this check needs to be there in any case)

Copy link
Copy Markdown
Contributor

@ChenSammi ChenSammi Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fmorg-git , since it's a general fix, could you resubmit for master branch, instead of sts branch?

Copy link
Copy Markdown
Contributor Author

@fmorg-git fmorg-git Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@jojochuang jojochuang self-requested a review April 28, 2026 18:28
ChenSammi
ChenSammi reviewed Apr 29, 2026
View reviewed changes
Comment thread hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java Outdated
* Returns true if the current RPC handler thread is processing an S3 request
* authenticated via STS temporary credentials.
*/
public static boolean isStsS3Request() {
Copy link
Copy Markdown
Contributor

@ChenSammi ChenSammi Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not used, can be removed.

Copy link
Copy Markdown
Contributor Author

@fmorg-git fmorg-git Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@fmorg-git fmorg-git changed the base branch from HDDS-13323-sts to master April 29, 2026 18:31
@fmorg-git fmorg-git changed the title HDDS-14894. [STS] Fix Latent S3 API Issue having No Acl Check for ListMultipartUploads HDDS-14894. Fix Latent S3 API Issue having No Acl Check for ListMultipartUploads Apr 29, 2026
Fabian Morgan added 3 commits April 29, 2026 11:42
add acl checks to ListMultipartUploads for sts
9c1665b 
 Conflicts:
	hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
pr review updates for ChenSammi
db40ff8
remove no longer used method and remove sts terminology from unit test
0057a8b 
 Conflicts:
	hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@fmorg-git fmorg-git requested a review from ChenSammi April 29, 2026 18:44
ChenSammi
ChenSammi approved these changes Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ChenSammi ChenSammi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thanks @fmorg-git .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChenSammi ChenSammi ChenSammi approved these changes

@jojochuang jojochuang Awaiting requested review from jojochuang

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fmorg-git @ChenSammi