HDDS-8164. Authorize secret key APIs #4597
Conversation
kerneltime
left a comment
kerneltime
left a comment
There was a problem hiding this comment.
Done with 1/4th of the code review, will wrap this up tomorrow.
There was a problem hiding this comment.
This config key is used in a lot of places (more than 25 usages), I want to avoid including those changes in this PR. Filed a ticket: HDDS-8540
There was a problem hiding this comment.
No ProtocolInfo annotation for this protocol?
There was a problem hiding this comment.
It's a client-side protocol interface, and doesn't need a ProtocolInfo.
duongkame
force-pushed
the
HDDS-8164
branch
2 times, most recently
from
eb3fdcd to
91d2903
Compare
|
@kerneltime do you have further comments? |
kerneltime
left a comment
kerneltime
left a comment
There was a problem hiding this comment.
So far looks good, will re-look post rebase
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HddsServerUtil.java
Outdated
Show resolved
Hide resolved
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecretKeysApi.java
Show resolved
Hide resolved
duongkame
force-pushed
the
HDDS-7733-Symmetric-Tokens
branch
from
783c90f to
ba51dba
Compare
fapifta
left a comment
fapifta
left a comment
There was a problem hiding this comment.
Hi @duongkame thank you for your work on this one, so far I found three small things, and in general the code looks good, though there are some parts I would like to give one more review tomorrow.
| NOT_A_PRIMARY_SCM, | ||
| SECRET_KEY_NOT_ENABLED, | ||
| SECRET_KEY_NOT_INITIALIZED | ||
| NOT_A_PRIMARY_SCM |
There was a problem hiding this comment.
This error code seems to be only checked but it is not thrown... Do we still need it?
There was a problem hiding this comment.
Looks like SCM never throws that error code. It can be deleted I guess, but we should do that on master.
There was a problem hiding this comment.
Ahh... I see now...
Sorry, I thought it is newly added here, but it is just a punctuation change in the line... Ok, please ignore this earlier comment for this PR.
...src/main/java/org/apache/hadoop/hdds/protocolPB/SecretKeyProtocolClientSideTranslatorPB.java
Show resolved
Hide resolved
...src/main/java/org/apache/hadoop/hdds/protocolPB/SecretKeyProtocolClientSideTranslatorPB.java
Show resolved
Hide resolved
|
PR makes sense to me. Will this work with old clients? |
|
Thanks for looking at this, @jojochuang
Fortunately, secret key APIs don't have old clients to deal with. The APIs are introduced in a feature branch that is not merged to master yet.
Yes, we need something like this. I suppose a doc of config changes is also a part of the process to merge the feature branch to master. |
|
@jojochuang as this will be in internal protocol, that is not used by the clients, and as we do not support rolling upgrade, there should not be compatibility problems with it. @duongkame thank you for your patience, I took a second look, I think we are good to go. |
|
could you approve the pr? |
|
Merged. Thanks all for the review and offering the patch! |
* master: (73 commits) HDDS-8587. Test that CertificateClient can store multiple rootCA certificates (apache#4852) HDDS-8801. ReplicationManager: Add metric to count how often replication is throttled (apache#4864) HDDS-8477. Unit test for Snapdiff using tombstone entries (apache#4678) HDDS-7507. [Snapshot] Implement List Snapshot API Pagination (apache#4065) (apache#4861) HDDS-8373. Document that setquota doesn't accept decimals (apache#4856) HDDS-8779. Recon - Expose flag for enable/disable of heatmap. (apache#4845) HDDS-8677. Ozone admin OM CLI command for block tokens (apache#4760) HDDS-8164. Authorize secret key APIs (apache#4597) HDDS-7945. Integrate secret keys to SCM snapshot (apache#4549) HDDS-8003. E2E integration test cases for block tokens (apache#4547) HDDS-7831. Use symmetric secret key to sign and verify token (apache#4417) HDDS-7830. SCM API for OM and Datanode to get secret keys (apache#4345) HDDS-7734. Implement symmetric SecretKeys lifescycle management in SCM (apache#4194) HDDS-8679. Add dedicated, configurable thread pool for OM gRPC server (apache#4771) HDDS-8790. Split EC acceptance tests (apache#4855) HDDS-8714. TestScmHAFinalization: mark testFinalizationWithRestart as flaky, enable other test cases HDDS-8787. Reduce ozone sh calls in robot tests (apache#4854) HDDS-8774. Log allocation stack trace for leaked CodecBuffer (apache#4840) HDDS-8729. Add metric for count of blocks pending deletion on datanode (apache#4800) HDDS-8780. Leak of ManagedChannel in HASecurityUtils (apache#4850) ...
* tmp-dir-refactor: (73 commits) HDDS-8587. Test that CertificateClient can store multiple rootCA certificates (apache#4852) HDDS-8801. ReplicationManager: Add metric to count how often replication is throttled (apache#4864) HDDS-8477. Unit test for Snapdiff using tombstone entries (apache#4678) HDDS-7507. [Snapshot] Implement List Snapshot API Pagination (apache#4065) (apache#4861) HDDS-8373. Document that setquota doesn't accept decimals (apache#4856) HDDS-8779. Recon - Expose flag for enable/disable of heatmap. (apache#4845) HDDS-8677. Ozone admin OM CLI command for block tokens (apache#4760) HDDS-8164. Authorize secret key APIs (apache#4597) HDDS-7945. Integrate secret keys to SCM snapshot (apache#4549) HDDS-8003. E2E integration test cases for block tokens (apache#4547) HDDS-7831. Use symmetric secret key to sign and verify token (apache#4417) HDDS-7830. SCM API for OM and Datanode to get secret keys (apache#4345) HDDS-7734. Implement symmetric SecretKeys lifescycle management in SCM (apache#4194) HDDS-8679. Add dedicated, configurable thread pool for OM gRPC server (apache#4771) HDDS-8790. Split EC acceptance tests (apache#4855) HDDS-8714. TestScmHAFinalization: mark testFinalizationWithRestart as flaky, enable other test cases HDDS-8787. Reduce ozone sh calls in robot tests (apache#4854) HDDS-8774. Log allocation stack trace for leaked CodecBuffer (apache#4840) HDDS-8729. Add metric for count of blocks pending deletion on datanode (apache#4800) HDDS-8780. Leak of ManagedChannel in HASecurityUtils (apache#4850) ...
5 participants
What changes were proposed in this pull request?
HDDS-7830 implements secret key APIs in SCMSecurityProtocol, which for now doesn't enforce authorization (any authenticated principal can call the API).
For secret key APIs, we want to limit the access to Ozone principals only, aka, Datanode and OM. The APIs should be moved to a separate protocol to enforce authorization separately.
What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-8164
How was this patch tested?
Integration tests.