[jira] [Updated] (HDDS-5280) Avoid creation of XceiverClientManager in ContainerOperationClient

[Bharat Viswanadham (Jira)]

     [ 
https://issues.apache.org/jira/browse/HDDS-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bharat Viswanadham updated HDDS-5280:
-------------------------------------
    Description: 
ContainerOperation Client creates XceiverClientManager.

XceiverClientManager requires to getCA list.


{code:java}
      manager = new XceiverClientManager(conf,
          conf.getObject(XceiverClientManager.ScmClientConfig.class),
          caCertificates);
{code}

We can avoid listCA which is not required for most admin commands. It is 
required only for ChunkKeyHandler.

This will help when ACLS are configured for SCM security protocol where only 
admin/service principals can make calls to the SCMSecurityProtocol server, then 
we don't need to add all the users to them to make these commands work.

As for few of the commands like pipeline list, safe mode status we don't 
require admin privilege.


  was:
ContainerOperation Client creates XceiverClientManager.

XceiverClientManager requires to getCA list.


{code:java}
      manager = new XceiverClientManager(conf,
          conf.getObject(XceiverClientManager.ScmClientConfig.class),
          caCertificates);
{code}

We can avoid listCA which is not required for most admin commands.



> Avoid creation of XceiverClientManager in ContainerOperationClient
> ------------------------------------------------------------------
>
>                 Key: HDDS-5280
>                 URL: https://issues.apache.org/jira/browse/HDDS-5280
>             Project: Apache Ozone
>          Issue Type: Improvement
>            Reporter: Bharat Viswanadham
>            Assignee: Bharat Viswanadham
>            Priority: Major
>
> ContainerOperation Client creates XceiverClientManager.
> XceiverClientManager requires to getCA list.
> {code:java}
>       manager = new XceiverClientManager(conf,
>           conf.getObject(XceiverClientManager.ScmClientConfig.class),
>           caCertificates);
> {code}
> We can avoid listCA which is not required for most admin commands. It is 
> required only for ChunkKeyHandler.
> This will help when ACLS are configured for SCM security protocol where only 
> admin/service principals can make calls to the SCMSecurityProtocol server, 
> then we don't need to add all the users to them to make these commands work.
> As for few of the commands like pipeline list, safe mode status we don't 
> require admin privilege.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org