HDDS-11040. Disable REST endpoint for S3 secret manipulation by usern…

…ame (#6839)

(cherry picked from commit 56ce591)

hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot

@@ -45,13 +45,15 @@ S3 Gateway Secret Already Exists
                         Should contain          ${result}       HTTP/1.1 400 S3_SECRET_ALREADY_EXISTS    ignore_case=True
 
 S3 Gateway Generate Secret By Username
+    [Tags]    robot:skip    # TODO: Enable after HDDS-11041 is done.
     Pass Execution If   '${SECURITY_ENABLED}' == 'false'    Skipping this check as security is not enabled
     ${result} =         Execute                             curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
                         Should contain          ${result}       HTTP/1.1 200 OK    ignore_case=True
                         Should Match Regexp     ${result}       <awsAccessKey>.*</awsAccessKey><awsSecret>.*</awsSecret>
 
 S3 Gateway Generate Secret By Username For Other User
+    [Tags]    robot:skip    # TODO: Enable after HDDS-11041 is done.
     Pass Execution If   '${SECURITY_ENABLED}' == 'false'    Skipping this check as security is not enabled
     ${result} =         Execute                             curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
                         Should contain          ${result}       HTTP/1.1 200 OK    ignore_case=True
-                        Should Match Regexp     ${result}       <awsAccessKey>.*</awsAccessKey><awsSecret>.*</awsSecret>
+                        Should Match Regexp     ${result}       <awsAccessKey>.*</awsAccessKey><awsSecret>.*</awsSecret>

hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot

@@ -38,13 +38,15 @@ S3 Gateway Revoke Secret
                         Should contain      ${result}       HTTP/1.1 200 OK    ignore_case=True
 
 S3 Gateway Revoke Secret By Username
+    [Tags]    robot:skip    # TODO: Enable after HDDS-11041 is done.
     Pass Execution If   '${SECURITY_ENABLED}' == 'false'    Skipping this check as security is not enabled
                         Execute                             ozone s3 getsecret -u testuser ${OM_HA_PARAM}
     ${result} =         Execute                             curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
                         Should contain      ${result}       HTTP/1.1 200 OK    ignore_case=True
 
 S3 Gateway Revoke Secret By Username For Other User
+    [Tags]    robot:skip    # TODO: Enable after HDDS-11041 is done.
     Pass Execution If   '${SECURITY_ENABLED}' == 'false'    Skipping this check as security is not enabled
                         Execute                             ozone s3 getsecret -u testuser2 ${OM_HA_PARAM}
     ${result} =         Execute                             curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
-                        Should contain      ${result}       HTTP/1.1 200 OK    ignore_case=True
+                        Should contain      ${result}       HTTP/1.1 200 OK    ignore_case=True

hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java

@@ -33,6 +33,7 @@
 import java.io.IOException;
 
 import static javax.ws.rs.core.Response.Status.BAD_REQUEST;
+import static javax.ws.rs.core.Response.Status.METHOD_NOT_ALLOWED;
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 
 /**
@@ -53,7 +54,8 @@ public Response generate() throws IOException {
   @Path("/{username}")
   public Response generate(@PathParam("username") String username)
       throws IOException {
-    return generateInternal(username);
+    // TODO: It is a temporary solution. To be removed after HDDS-11041 is done.
+    return Response.status(METHOD_NOT_ALLOWED).build();
   }
 
   private Response generateInternal(@Nullable String username) throws IOException {
@@ -93,7 +95,8 @@ public Response revoke() throws IOException {
   @Path("/{username}")
   public Response revoke(@PathParam("username") String username)
       throws IOException {
-    return revokeInternal(username);
+    // TODO: It is a temporary solution. To be removed after HDDS-11041 is done.
+    return Response.status(METHOD_NOT_ALLOWED).build();
   }
 
   private Response revokeInternal(@Nullable String username)

hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretGenerate.java

@@ -33,6 +33,7 @@
 import org.apache.hadoop.ozone.client.protocol.ClientProtocol;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
 import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
+import org.apache.ozone.test.tag.Unhealthy;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -111,6 +112,7 @@ void testIfSecretAlreadyExists() throws IOException {
   }
 
   @Test
+  @Unhealthy("HDDS-11041")
   void testSecretGenerateWithUsername() throws IOException {
     hasNoSecretYet();
 

hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretRevoke.java

@@ -30,6 +30,7 @@
 import org.apache.hadoop.ozone.client.OzoneClient;
 import org.apache.hadoop.ozone.client.OzoneClientStub;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.ozone.test.tag.Unhealthy;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -97,6 +98,7 @@ void testSecretRevoke() throws IOException {
   }
 
   @Test
+  @Unhealthy("HDDS-11041")
   void testSecretRevokeWithUsername() throws IOException {
     endpoint.revoke(OTHER_USER_NAME);
     verify(objectStore, times(1))