xiaoyuyao commented on a change in pull request #2186:
URL: https://github.com/apache/ozone/pull/2186#discussion_r624537355
##########
File path:
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java
##########
@@ -330,6 +330,9 @@ public Duration getMaxCertificateDuration() {
return this.maxCertDuration;
}
+ /**
+ * Whether to require short-lived tokens for block and container operations.
+ */
public boolean isBlockTokenEnabled() {
Review comment:
Technical wise, I think that we could live without a separate config.
But there are several reasons for having the token on datanode optional:
1. performance: the additional validation adds the cost for each block I/O
2. backward compatibility: old client will be broken without upgrade.
3. deployment with flexibility
bq. We would also need another one for container token token lifetime.
We can use a default one for the short lived tokens if customer does not
need to specify. This is common in hadoop delegation tokens.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
