Re: [PR] [CELEBORN-1258] Add UserIdentifier to the master application meta [celeborn]

Wed, 27 Mar 2024 20:23:36 -0700 


RexXiong commented on code in PR #2365:
URL: https://github.com/apache/celeborn/pull/2365#discussion_r1542263600


##########
client/src/main/scala/org/apache/celeborn/client/LifecycleManager.scala:
##########
@@ -207,13 +209,20 @@ class LifecycleManager(val appUniqueId: String, val conf: 
CelebornConf) extends
   private val changePartitionManager = new ChangePartitionManager(conf, this)
   private val releasePartitionManager = new ReleasePartitionManager(conf, this)
 
+  private def updateApplicationMeta(): Unit = {
+    
Utils.tryLogNonFatalError(masterClient.askSync[PbApplicationMetaUpdateResponse](
+      PbSerDeUtils.toPbApplicationMeta(applicationMeta),
+      classOf[PbApplicationMetaUpdateResponse]))
+  }
+
   // Since method `onStart` is executed when `rpcEnv.setupEndpoint` is 
executed, and
   // `masterClient` is initialized after `rpcEnv` is initialized, if method 
`onStart` contains
   // a reference to `masterClient`, there may be cases where `masterClient` is 
null when
   // `masterClient` is called. Therefore, it's necessary to uniformly execute 
the initialization
   // method at the end of the construction of the class to perform the 
initialization operations.
   private def initialize(): Unit = {
     // noinspection ConvertExpressionToSAM
+    updateApplicationMeta()

Review Comment:
   Agree with most messages shouldn't be sent via TLS. I believe that the most 
fundamental issue with the existing security authentication mechanism is that 
it only authenticates the connection, but does not verify the legitimacy of the 
messages sent by the authenticated client. At the very least, we need verify 
that the applicationId in the sent messages matches the applicationId provided 
during the initial authentication, Otherwise, an authenticated client could 
still access or modify with the data of other applications. I am not sure if 
this is in line with the expectations.
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to