ChenSammi commented on code in PR #3382:
URL: https://github.com/apache/ozone/pull/3382#discussion_r872298893
##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java:
##########
@@ -404,6 +415,18 @@ public void removeToken(OzoneTokenIdentifier
ozoneTokenIdentifier) {
@Override
public byte[] retrievePassword(OzoneTokenIdentifier identifier)
throws InvalidToken {
+ // Tokens are a bit different in that a follower OM may be behind and
+ // thus not yet know of all tokens issued by the leader OM. the
+ // following check does not allow ANY token auth. In optimistic, it should
+ // allow known tokens in.
+ try {
+ ozoneManager.checkLeaderStatus();
+ } catch (OMNotLeaderException | OMLeaderNotReadyException e) {
+ InvalidToken wrappedStandby = new InvalidToken("IOException");
+ wrappedStandby.initCause(e);
+ throw wrappedStandby;
+ }
Review Comment:
Yes. Will take care of that in next patch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
