[
https://issues.apache.org/jira/browse/HDDS-13264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang updated HDDS-13264:
-----------------------------------
Description:
When developing the fix for HDDS-13234, I found that OzoneTokenIdentifier does
not serialize/deserialize correctly if service id is not set.
For example, for a token
{code:java}
OzoneToken owner=tester, renewer=tester, realUser=tester,
issueDate=1970-01-01T00:00:00Z, maxDate=1970-01-01T00:00:00Z, sequenceNumber=0,
masterKeyId=0, strToSign=null, signature=null, awsAccessKeyId=null,
omServiceId=null, omCertSerialId=null,
secretKeyId=74ce8012-4529-4247-8307-16466066f503
{code}
after serialization + deserialization, the token becomes:
{code:java}
OzoneToken owner=tester, renewer=tester, realUser=tester,
issueDate=1970-01-01T00:00:00Z, maxDate=1970-01-01T00:00:00Z, sequenceNumber=0,
masterKeyId=0, strToSign=null, signature=null, awsAccessKeyId=null,
omServiceId=, omCertSerialId=null,
secretKeyId=74ce8012-4529-4247-8307-16466066f503
{code}
Potential problem is that you may think you removed a delegation token from
rocksdb, but because of this bug, the token remains in the rocksdb.
This is a corner case not tested by
TestOzoneTokenIdentifier.testTokenPersistence().
was:
When developing the fix for HDDS-13234, I found that OzoneTokenIdentifier does
not serialize/deserialize correctly if service id is not set.
For example, for a token
{code:java}
OzoneToken owner=tester, renewer=tester, realUser=tester,
issueDate=1970-01-01T00:00:00Z, maxDate=1970-01-01T00:00:00Z, sequenceNumber=0,
masterKeyId=0, strToSign=null, signature=null, awsAccessKeyId=null,
omServiceId=null, omCertSerialId=null,
secretKeyId=74ce8012-4529-4247-8307-16466066f503
{code}
after serialization + deserialization, the token becomes:
{code:java}
OzoneToken owner=tester, renewer=tester, realUser=tester,
issueDate=1970-01-01T00:00:00Z, maxDate=1970-01-01T00:00:00Z, sequenceNumber=0,
masterKeyId=0, strToSign=null, signature=null, awsAccessKeyId=null,
omServiceId=, omCertSerialId=null,
secretKeyId=74ce8012-4529-4247-8307-16466066f503
{code}
Potential problem is that you may think you removed a delegation token from
rocksdb, but because of this bug, the token remains in the rocksdb.
> OzoneTokenIdentifier incorrect de/serialization in corner cases
> ---------------------------------------------------------------
>
> Key: HDDS-13264
> URL: https://issues.apache.org/jira/browse/HDDS-13264
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Priority: Minor
>
> When developing the fix for HDDS-13234, I found that OzoneTokenIdentifier
> does not serialize/deserialize correctly if service id is not set.
> For example, for a token
> {code:java}
> OzoneToken owner=tester, renewer=tester, realUser=tester,
> issueDate=1970-01-01T00:00:00Z, maxDate=1970-01-01T00:00:00Z,
> sequenceNumber=0, masterKeyId=0, strToSign=null, signature=null,
> awsAccessKeyId=null, omServiceId=null, omCertSerialId=null,
> secretKeyId=74ce8012-4529-4247-8307-16466066f503
> {code}
> after serialization + deserialization, the token becomes:
> {code:java}
> OzoneToken owner=tester, renewer=tester, realUser=tester,
> issueDate=1970-01-01T00:00:00Z, maxDate=1970-01-01T00:00:00Z,
> sequenceNumber=0, masterKeyId=0, strToSign=null, signature=null,
> awsAccessKeyId=null, omServiceId=, omCertSerialId=null,
> secretKeyId=74ce8012-4529-4247-8307-16466066f503
> {code}
> Potential problem is that you may think you removed a delegation token from
> rocksdb, but because of this bug, the token remains in the rocksdb.
> This is a corner case not tested by
> TestOzoneTokenIdentifier.testTokenPersistence().
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
