[GitHub] [ozone] duongkame commented on a diff in pull request #4760: HDDS-8677. Ozone admin OM CLI command for block tokens

Tue, 30 May 2023 18:07:41 -0700 


duongkame commented on code in PR #4760:
URL: https://github.com/apache/ozone/pull/4760#discussion_r1210968033


##########
hadoop-ozone/interface-client/src/main/proto/OmClientProtocol.proto:
##########
@@ -589,6 +592,14 @@ message SetVolumePropertyResponse {
     optional bool response = 1;
 }
 
+message GetCurrentSecretKeyRequest {

Review Comment:
   Rename to `RefetchSecretKeyRequest`, similar to response message. 



##########
hadoop-ozone/interface-client/src/main/proto/OmClientProtocol.proto:
##########
@@ -134,6 +134,7 @@ enum Type {
   TransferLeadership = 117;
   SnapshotPurge = 118;
   RecoverLease = 119;
+  GetCurrentSecretKey = 120;

Review Comment:
   Rename to `RefetchSecretKey`.



##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestBlockTokens.java:
##########
@@ -271,6 +279,22 @@ public void blockTokenFailsOnWrongPassword() throws 
Exception {
     assertExceptionContains("Invalid token for user", ex);
   }
 
+  @Test
+  public void testGetCurrentSecretKey() throws UnsupportedEncodingException {

Review Comment:
   Similar to the one for SCM CLI, would be nice if we move all the CLI tests 
to a separated class.



##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java:
##########
@@ -1064,6 +1064,10 @@ private void stopSecretManager() {
     }
   }
 
+  public void refetchSecretKey() {
+    secretKeyClient.getCurrentSecretKey();

Review Comment:
   This would not refresh the current key from SCM. You need to add a new 
method to `SecretKeySignerClient`, say `refetchCurrentSecretKey`, which should 
be implemented in `DefaultSecretKeySignerClient`. 
   The implementation can look like follow:
   ```
    @Override
     public void refetchCurrentKey() {
       // pass duration as ZERO to force a refresh.
       checkAndRefresh(Duration.ZERO);
     }
   ```
   
   The method `checkAndRefresh` should me made `synchronized` as well, as now 
it's possible that it'd be called concurrently. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to