[#6055] feat(core): extend OSS credential provider to support OSS fil…

…eset operations (#6029) ### What changes were proposed in this pull request? 1. correct `ListBucket` to `ListObjects` 2. add `oss:GetBucketInfo` action ### Why are the changes needed? Fix: #6055 ### Does this PR introduce _any_ user-facing change? no ### How was this patch tested? 1. run pass fileset oss test
apache · Jan 2, 2025 · 6e0bd0d · 6e0bd0d
1 parent c158b75
commit 6e0bd0d
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java b/bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java
@@ -138,9 +138,10 @@ private String createPolicy(Set<String> readLocations, Set<String> writeLocation
             .effect(Effect.ALLOW)
             .addAction("oss:GetObject")
             .addAction("oss:GetObjectVersion");
+
     // Add support for bucket-level policies
     Map<String, Statement.Builder> bucketListStatementBuilder = new HashMap<>();
-    Map<String, Statement.Builder> bucketGetLocationStatementBuilder = new HashMap<>();
+    Map<String, Statement.Builder> bucketMetadataStatementBuilder = new HashMap<>();
 
     String arnPrefix = getArnPrefix();
     Stream.concat(readLocations.stream(), writeLocations.stream())
@@ -150,22 +151,24 @@ private String createPolicy(Set<String> readLocations, Set<String> writeLocation
               URI uri = URI.create(location);
               allowGetObjectStatementBuilder.addResource(getOssUriWithArn(arnPrefix, uri));
               String bucketArn = arnPrefix + getBucketName(uri);
-              // ListBucket
+              // OSS use 'oss:ListObjects' to list objects in a bucket while s3 use 's3:ListBucket'
               bucketListStatementBuilder.computeIfAbsent(
                   bucketArn,
                   key ->
                       Statement.builder()
                           .effect(Effect.ALLOW)
-                          .addAction("oss:ListBucket")
+                          .addAction("oss:ListObjects")
                           .addResource(key)
                           .condition(getCondition(uri)));
-              // GetBucketLocation
-              bucketGetLocationStatementBuilder.computeIfAbsent(
+              // Add get bucket location and bucket info action.
+              bucketMetadataStatementBuilder.computeIfAbsent(
                   bucketArn,
                   key ->
                       Statement.builder()
                           .effect(Effect.ALLOW)
                           .addAction("oss:GetBucketLocation")
+                          // Required for OSS Hadoop connector to get bucket information
+                          .addAction("oss:GetBucketInfo")
                           .addResource(key));
             });
 
@@ -192,7 +195,7 @@ private String createPolicy(Set<String> readLocations, Set<String> writeLocation
       policyBuilder.addStatement(
           Statement.builder().effect(Effect.ALLOW).addAction("oss:ListBucket").build());
     }
-    bucketGetLocationStatementBuilder
+    bucketMetadataStatementBuilder
         .values()
         .forEach(statementBuilder -> policyBuilder.addStatement(statementBuilder.build()));