[
https://issues.apache.org/jira/browse/HDDS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16667634#comment-16667634
]
Anu Engineer commented on HDDS-580:
-----------------------------------
bq. * Right now for a given component (SCM, OM, DN etc) SecurityConfig is an
excellent wrapper for all security related information including key path.
API's like getCurrentKeyLocation, getPrivateKeyFilePath, getPublicKeyFilePath
returns correct path to user without having user to construct any part of it.
The idea of SecurityConfig is to avoid silly mistakes. Like using one algorithm
at one place and then using another algorithm is another place. With this we
have consistent view of all the security configs. The getPrivateKeyFilePath and
getPublicKeyFilePath are going to be same whether you are SCM, OM or DN, thus
giving us more consistency in code and file names.
However if SCM wants a path that is different from OM, then I propose we do it
a different class like SecurityUtils. It has 2 benefits, the SecurityConfigs is
the global view of Security Configs irrespective of the component, and also it
is same values where ever you call it. The code is easier to read, instead of
all the consts in code.
bq. * Moving part of key path (component, current) will result in path
construction logic being split b/w util and config class. It will be ideal to
keep it in single wrapper.
I think securityUtil should should take securityConfig as a parameter and the
component can be passed to the function or the Ctor. That way, the
modifications are localized.
bq. * Util class is stateless so it is not well suited to maintain logic for
"current" & "previous" keys.
I am not saying that we have to modify the Util class per se, But I am saying
the changes in SecurityConfig does not suit that class, and also the changes
are causing a rippling effect across the code base since you modified the Ctor.
Hence I wanted that path changes to more localized.
> Bootstrap OM/SCM with private/public key pair
> ---------------------------------------------
>
> Key: HDDS-580
> URL: https://issues.apache.org/jira/browse/HDDS-580
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Attachments: HDDS-4-HDDS-580.00.patch, HDDS-580-HDDS-4.00.patch,
> HDDS-580-HDDS-4.01.patch, HDDS-580-HDDS-4.02.patch, HDDS-580-HDDS-4.03.patch,
> HDDS-580-HDDS-4.04.patch, HDDS-580-HDDS-4.05.patch, HDDS-580-HDDS-4.06.patch,
> HDDS-580-HDDS-4.07.patch, HDDS-580-HDDS-4.08.patch, HDDS-580-HDDS-4.09.patch,
> HDDS-580-HDDS-4.10.patch
>
>
> We will need to add API that leverage the key generator from HDDS-100 to
> generate public/private key pair for OM/SCM, this will be called by the
> scm/om admin cli with "-init" cmd.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
