adoroszlai commented on a change in pull request #2186:
URL: https://github.com/apache/ozone/pull/2186#discussion_r624442234
##########
File path:
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java
##########
@@ -330,6 +330,9 @@ public Duration getMaxCertificateDuration() {
return this.maxCertDuration;
}
+ /**
+ * Whether to require short-lived tokens for block and container operations.
+ */
public boolean isBlockTokenEnabled() {
Review comment:
I don't think introducing a new config property for this adds value.
I'm not sure why we even have a config property for enabling block tokens. I
think they should have been enabled in all secure clusters, ie. by
`ozone.security.enabled=true`. But now we have `hdds.block.token.enabled`. Do
we really need another config property just to force all users who want
security to set this new config, too?
We would also need another one for container token token lifetime.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
