[GitHub] [ozone] hanishakoneru commented on a change in pull request #2878: HDDS-6031. Add configs to support externalization of root CA

Tue, 07 Dec 2021 14:48:54 -0800 


hanishakoneru commented on a change in pull request #2878:
URL: https://github.com/apache/ozone/pull/2878#discussion_r764384758



##########
File path: 
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/replication/ReplicationServer.java
##########
@@ -62,15 +63,15 @@ public ReplicationServer(
       ReplicationConfig replicationConfig,
       SecurityConfig secConf,
       CertificateClient caClient
-  ) {
+  ) throws SCMSecurityException {
     this.secConf = secConf;
     this.caClient = caClient;
     this.controller = controller;
     this.port = replicationConfig.getPort();
     init();
   }
 
-  public void init() {
+  public void init() throws SCMSecurityException {

Review comment:
       This function only throws IllegalArgumentException. Any reason for 
making the function throw SCMSecurityException?

##########
File path: 
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
##########
@@ -356,7 +356,9 @@ private StorageContainerManager(OzoneConfiguration conf,
     // Authenticate SCM if security is enabled, this initialization can only
     // be done after the metadata store is initialized.
     if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
-      initializeCAnSecurityProtocol(conf, configurator);
+      if (!securityConfig.isCustomCAEnabled()) {
+        initializeCAnSecurityProtocol(conf, configurator);
+      }

Review comment:
       What happens when custom root CA is enabled? Where do we initialize?

##########
File path: 
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestOzoneConfigurationFields.java
##########
@@ -81,6 +81,12 @@ private void addPropertiesNotInXml() {
         HddsConfigKeys.HDDS_KEY_ALGORITHM,
         HddsConfigKeys.HDDS_SECURITY_PROVIDER,
         HddsConfigKeys.HDDS_X509_CRL_NAME, // HDDS-2873
+        HddsConfigKeys.HDDS_CUSTOM_KEYSTORE_FILE_PASSWORD,
+        HddsConfigKeys.HDDS_CUSTOM_KEYSTORE_FILE_PATH,
+        HddsConfigKeys.HDDS_CUSTOM_ROOT_CA_ENABLED,
+        HddsConfigKeys.HDDS_CUSTOM_KEYSTORE_KEY_PASSWORD,
+        HddsConfigKeys.HDDS_CUSTOM_TRUSTSTORE_PASSWORD,
+        HddsConfigKeys.HDDS_CUSTOM_TRUSTSTORE_FILE_PATH,

Review comment:
       Will these configs not be exposed?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to