[jira] [Updated] (HDDS-7708) No check for certificate duration config scenarios

Thu, 05 Jan 2023 23:43:07 -0800 


     [ 
https://issues.apache.org/jira/browse/HDDS-7708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated HDDS-7708:
---------------------------------
    Labels: pki pull-request-available  (was: pki)

> No check for certificate duration config scenarios
> --------------------------------------------------
>
>                 Key: HDDS-7708
>                 URL: https://issues.apache.org/jira/browse/HDDS-7708
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: SCM
>    Affects Versions: 1.3.0
>            Reporter: Soumitra Sulav
>            Assignee: Ashish Kumar
>            Priority: Critical
>              Labels: pki, pull-request-available
>
> *Issue :*
> While validating the config duration with multiple negative scenarios and 
> below were the observations :
> Config duration accepts 0D as the duration.
> Config duration accepts negative days -1D as the duration.
> No check was added for hdds.x509.renew.grace.duration value
> The only check available currently is for hdds.x509.default.duration not 
> greater than hdds.x509.max.duration.
> The logging message is wrong and the config order is reversed.
> Scenarios Tried :
> Unnatural sequence
>       Max = 0 | Def = 2 | Grace = 1   Failed
> Max = 5 | Def = 0 | Grace = 1 Restarted
> Max = 5 | Def = 2 | Grace = 0 Restarted
> Max = 5 | Def = 6 | Grace = 1 Failed
> Max = 5 | Def = 2 | Grace = 3 Restarted
> Max = 5 | Def = 2 | Grace = 6 Restarted
> Negative values
>       Max = -5 | Def = 2 | Grace = 1  Failed
> Max = 5 | Def = -2 | Grace = 1        Restarted
> Max = 5 | Def = 2 | Grace = -1        Restarted
> Fractional values
>       Max = 5.25 | Def = 2 | Grace = 1        Failed
> Max = 5 | Def = 2.5 | Grace = 1       Failed
> Max = 5 | Def = 2 | Grace = 1.75      Failed
> The scenarios where the restart could go through should have actually failed 
> to start.
> +Error with Logging Message.+
> Scenario 1 where Max Duration is 0D and Default Duration is 2D.
> *Stacktrace :*
> [root@quasar-gvwabo-2 ~]# vim /var/log/hadoop-ozone/ozone-scm.log
> 2022-12-22 08:57:25,296 ERROR 
> org.apache.hadoop.hdds.security.x509.SecurityConfig: Certificate duration 
> PT0S should not be greater than Maximum Certificate duration PT48H



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to