sadanand48 commented on code in PR #4747: URL: https://github.com/apache/ozone/pull/4747#discussion_r1199195624
########## hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/admin/scm/RotateKeySubCommand.java: ########## @@ -0,0 +1,40 @@ +package org.apache.hadoop.ozone.admin.scm; + +import java.io.IOException; +import java.util.concurrent.TimeoutException; + +import org.apache.hadoop.hdds.cli.HddsVersionProvider; +import org.apache.hadoop.hdds.scm.cli.ContainerOperationClient; +import org.apache.hadoop.hdds.scm.cli.ScmSubcommand; +import org.apache.hadoop.hdds.scm.client.ScmClient; +import picocli.CommandLine; + +/** + * Handler of ozone admin scm rotate command. + */ [email protected]( + name = "rotate", + description = "CLI command to force generate new keys (rotate)", + mixinStandardHelpOptions = true, + versionProvider = HddsVersionProvider.class) +public class RotateKeySubCommand extends ScmSubcommand { + + @CommandLine.ParentCommand + private ScmAdmin parent; + + @Override + protected void execute(ScmClient scmClient) throws IOException { + try (ScmClient client = new ContainerOperationClient( Review Comment: We can use the same scmClient here from the method , for the unit test to work , we could just pass a list of config args in the args array in --set=key=value format. ########## hadoop-hdds/tools/src/main/java/org/apache/hadoop/hdds/scm/cli/ContainerOperationClient.java: ########## @@ -124,6 +129,16 @@ public static StorageContainerLocationProtocol newContainerRpcClient( return HAUtils.getScmContainerClient(configSource); } + public static SecretKeyProtocolScm newSecretKeyClient( + ConfigurationSource configSource) { + try { + return HddsServerUtil.getScmSecretClient(configSource); + } catch (IOException e) { + e.printStackTrace(); Review Comment: LOG.error instead ########## hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestBlockTokens.java: ########## @@ -377,6 +386,24 @@ private static void setSecureConfig() throws IOException { ozoneKeytab.getAbsolutePath()); } + @Test + public void testRotateKeySCMAdminCommand() + throws InterruptedException, TimeoutException, IOException { + GenericTestUtils.waitFor(() -> cluster.getScmLeader() != null, 100, 1000); + InetSocketAddress address = + cluster.getScmLeader().getClientRpcAddress(); + String hostPort = address.getHostName() + ":" + address.getPort(); + String[] args = {"scm", "rotate", "--scm", hostPort}; + + String oldKey = + scmClient.getSecretKeyClient().getCurrentSecretKey().toString(); + Thread.sleep(1000); Review Comment: Since the force flag rotates the key irrespective of whether duration has expired, this sleep might not be needed. ########## hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/protocol/SecretKeyProtocolServerSideTranslatorPB.java: ########## @@ -102,6 +108,16 @@ public SCMSecretKeyResponse processRequest(SCMSecretKeyRequest request) .setSecretKeysListResponseProto(getAllSecretKeys()) .build(); + case GetCheckAndRotate: + try { + return scmSecurityResponse + .setCheckAndRotateResponseProto( + checkAndRotate(request.getCheckAndRotateRequest().getForce())) + .build(); + } catch (TimeoutException e) { + e.printStackTrace(); Review Comment: LOG.error instead ########## hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java: ########## @@ -232,6 +234,16 @@ private void validateSecretKeyStatus() throws SCMSecretKeyException { } } + @Override + public boolean checkAndRotate(boolean force) throws TimeoutException { + try { + validateSecretKeyStatus(); + } catch (SCMSecretKeyException e) { + e.printStackTrace(); Review Comment: LOG.error instead -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
