adoroszlai commented on a change in pull request #2254:
URL: https://github.com/apache/ozone/pull/2254#discussion_r636703784
##########
File path:
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/token/BlockTokenVerifier.java
##########
@@ -77,21 +75,20 @@ protected Object getService(ContainerCommandRequestProto
cmd) {
@Override
protected void verify(OzoneBlockTokenIdentifier tokenId,
- ContainerCommandRequestProto cmd) throws SCMSecurityException {
+ ContainerCommandRequestProtoOrBuilder cmd) throws SCMSecurityException {
- ContainerProtos.Type type = cmd.getCmdType();
- if (type == ReadChunk || type == GetBlock || type == GetSmallFile) {
- if (!tokenId.getAccessModes().contains(READ)) {
- throw new BlockTokenException("Block token with " +
tokenId.getService()
- + " doesn't have READ permission");
- }
- } else if (type == WriteChunk || type == PutBlock || type == PutSmallFile)
{
- if (!tokenId.getAccessModes().contains(WRITE)) {
- throw new BlockTokenException("Block token with " +
tokenId.getService()
- + " doesn't have WRITE permission");
- }
+ HddsProtos.BlockTokenSecretProto.AccessModeProto accessMode;
+ if (HddsUtils.isReadOnly(cmd)) {
+ accessMode = READ;
+ } else if (cmd.getCmdType() == DeleteBlock ||
+ cmd.getCmdType() == DeleteChunk) {
+ accessMode = DELETE;
Review comment:
Thanks @xiaoyuyao for flagging this. Indeed, further change is needed
in SCM.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org
