duongkame commented on code in PR #4417:
URL: https://github.com/apache/ozone/pull/4417#discussion_r1149942769
##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java:
##########
@@ -601,9 +604,10 @@ private OzoneManager(OzoneConfiguration conf,
StartupOption startupOption)
certClient = new OMCertificateClient(secConfig, omStorage,
scmInfo == null ? null : scmInfo.getScmId(), this::saveNewCertId,
this::terminateOM);
+ secretKeyClient = DefaultSecretKeySignerClient.create(conf);
Review Comment:
There're 2 main code paths for this:
1. With security enabled: this is the production use case. I'm also writing
integration test cases using MiniCluster with security enabled and MiniKDC.
2. Without security enabled: there bunch of existing integration test-case
and unit test-case with token enabled but security disabled. This is probably a
hack to test tokens logic without invoking the keberos authentication path
(which requires a test KDC cluster setup). This is the path where
`blockTokenManager` is created with a `null` secretKeyClient and a test client
is injected later (after construction) to `blockTokenManager`.
Initially, I wanted completely drop the first path, aka. adding a non-null
check of `secretKeyClient` inside `blockTokenManager` constructor. But then I
realized it'd need lots of additional effort to update all the current test
cases.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
