xiaoyuyao commented on a change in pull request #1571: HDDS-2228. Fix NPE in
OzoneDelegationTokenManager#addPersistedDelegat…
URL: https://github.com/apache/hadoop/pull/1571#discussion_r330594466
##########
File path:
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
##########
@@ -84,13 +84,16 @@
* milliseconds
* @param dtRemoverScanInterval how often the tokens are scanned for expired
* tokens in milliseconds
+ * @param certClient certificate client to SCM CA
*/
public OzoneDelegationTokenSecretManager(OzoneConfiguration conf,
long tokenMaxLifetime, long tokenRenewInterval,
long dtRemoverScanInterval, Text service,
- S3SecretManager s3SecretManager) throws IOException {
+ S3SecretManager s3SecretManager, CertificateClient certClient)
+ throws IOException {
super(new SecurityConfig(conf), tokenMaxLifetime, tokenRenewInterval,
service, LOG);
+ setCertClient(certClient);
Review comment:
Thanks for the review, @bharatviswa504. My first version of this patch is
like what you mentioned above. But it introduce many unnecessary changes to
another subclass for OzoneBlockTokenSecretManager, which does not need a
certClient at constructor. It also affect many tests that use a special test
flag to avoid talking to SCM for kerberos based test.
The current patch makes it optional by introduce a set method for the
constructor of OzoneDelegationTokenSecret manager to use only. This way, the
change is minimized.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
