Skip to content

HDDS-15140. Piggyback S3 derived key during key creation#10652

Open
chungen0126 wants to merge 10 commits into
apache:masterfrom
chungen0126:HDDS-15140
Open

HDDS-15140. Piggyback S3 derived key during key creation#10652
chungen0126 wants to merge 10 commits into
apache:masterfrom
chungen0126:HDDS-15140

Conversation

@chungen0126

@chungen0126 chungen0126 commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

What changes were proposed in this pull request?

To support signature verification (SigV4/SigV4a) for S3G chunked uploads while avoiding direct exposure or handling of the AWS Secret Key for each data chunk, this patch introduces a mechanism where S3G piggybacks on the Ozone Manager (OM) during key creation to obtain a derived key for signature validation.

The main changes in this PR include:

  • Extracted Key Generation Logic: Moved AWSV4AuthValidator from ozone-manager to the common module to lay the groundwork for future signature verification within S3G.
  • Updated Protobuf Protocol: Added a derivedKeyPiggyBacking flag to CreateKeyRequest and a derivedKey field to CreateKeyResponse. This allows the OM to generate and return the derived key to S3G seamlessly during the key creation process.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-15140

How was this patch tested?

Added testCreateKeyWithS3DerivedKey and testCreateKeyWithoutS3DerivedKey unit tests in TestOMKeyCreateRequest to ensure that OM correctly generates and returns the derived key based on the request flag.

CI: https://github.com/chungen0126/ozone/actions/runs/28652530744

@chungen0126 chungen0126 changed the title Hdds 15140 HDDS-15140. Piggyback S3 derived key during key creation Jul 2, 2026
@chungen0126 chungen0126 marked this pull request as ready for review July 3, 2026 10:23
@adoroszlai adoroszlai added the s3 S3 Gateway label Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

s3 S3 Gateway

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants