Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#6055] feat(core): extend OSS credential provider to support OSS fileset operations #6029

Merged
merged 3 commits into from
Jan 2, 2025
Merged

[#6055] feat(core): extend OSS credential provider to support OSS fileset operations #6029

merged 3 commits into from
Jan 2, 2025

Conversation

FANNG1
Copy link
Contributor

@FANNG1 FANNG1 commented Dec 28, 2024
edited
Loading

What changes were proposed in this pull request?

  1. correct ListBucket to ListObjects
  2. add oss:GetBucketInfo action

Why are the changes needed?

Fix: #6055

Does this PR introduce any user-facing change?

no

How was this patch tested?

  1. run pass fileset oss test

@FANNG1 FANNG1 marked this pull request as draft December 28, 2024 15:04
tengqm
tengqm reviewed Dec 31, 2024
View reviewed changes
bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java Outdated
Comment on lines 170 to 171
.addAction("oss:GetBucketLocation")
.addAction("oss:GetBucketInfo")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please confirm that it is okay to have two actions added here, and update the comments accordingly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's ok to do so, I prefer not adding extra comments because this pattern is used several time in the class, it's self explained. I add extra comment for why adding the action.

bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java Outdated
// ListBucket
bucketListStatementBuilder.computeIfAbsent(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are supposed to be revised at well.

@FANNG1 FANNG1 changed the title [SIP] Fix OSS token privilege [#6055] feat(core): extend OSS credential provider to support OSS fileset operations Dec 31, 2024
@FANNG1 FANNG1 marked this pull request as ready for review December 31, 2024 11:10
@FANNG1
Copy link
Contributor Author

FANNG1 commented Dec 31, 2024

it's ready to review now, @tengqm @sunxiaojian @jerryshao @yuqi1129 PTAL

tengqm
tengqm reviewed Dec 31, 2024
View reviewed changes
bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java
@@ -150,13 +151,13 @@ private String createPolicy(Set<String> readLocations, Set<String> writeLocation
URI uri = URI.create(location);
allowGetObjectStatementBuilder.addResource(getOssUriWithArn(arnPrefix, uri));
String bucketArn = arnPrefix + getBucketName(uri);
// ListBucket
// OSS use 'oss:ListObjects' to list objects in a bucket while s3 use 's3:ListBucket'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. This comment is very useful for other developers to know why the action used is different.

tengqm
tengqm reviewed Dec 31, 2024
View reviewed changes
bundles/aliyun/src/main/java/org/apache/gravitino/oss/credential/OSSTokenProvider.java Outdated
@@ -166,6 +167,8 @@ private String createPolicy(Set<String> readLocations, Set<String> writeLocation
Statement.builder()
.effect(Effect.ALLOW)
.addAction("oss:GetBucketLocation")
// OSS Hadoop connector need to get bucket information
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't mean this line. I meant the line 163.
Other developers (including me) would like to know that the GetBucketLocation action is not sufficient. In other words, this is two-actions in a row is by design, not a careless mistake.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OH, got it, update the comment and variable name

@tengqm
Copy link
Contributor

tengqm commented Dec 31, 2024

LGTM

yuqi1129
yuqi1129 approved these changes Jan 2, 2025
View reviewed changes
Copy link
Contributor

@yuqi1129 yuqi1129 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yuqi1129 yuqi1129 merged commit 6e0bd0d into apache:main Jan 2, 2025
23 checks passed
Abyss-lord pushed a commit to Abyss-lord/gravitino that referenced this pull request Jan 3, 2025
@FANNG1 @Abyss-lord
[apache#6055] feat(core): extend OSS credential provider to support O…
8597dde 
…SS fileset operations (apache#6029)

### What changes were proposed in this pull request?
1. correct `ListBucket` to `ListObjects`
2. add `oss:GetBucketInfo` action


### Why are the changes needed?

Fix: apache#6055 

### Does this PR introduce _any_ user-facing change?
no

### How was this patch tested?
1. run pass fileset oss test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tengqm tengqm tengqm left review comments

@yuqi1129 yuqi1129 yuqi1129 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Improvement] extend OSS credential provider to support OSS fileset operations
3 participants
@FANNG1 @tengqm @yuqi1129