fapifta commented on code in PR #5157:
URL: https://github.com/apache/ozone/pull/5157#discussion_r1287792674
##########
hadoop-hdds/tools/src/main/java/org/apache/hadoop/hdds/scm/cli/cert/CertificatePrintUtils.java:
##########
Review Comment:
Instead of having a utility class for this, as this is used only in the CLI,
can we put this logic to the SCMCertSubCommand as non-static protected methods,
and then use it from the children CleanExpired and ListSubCommand? If you see
any immediate or in future use of having these methods as static utility in
this package, then let's discuss it, I am open to have it this way if there is
a reason, but I would prefer to just leave this internal to the certificate sub
commands based on my current knowledge.
##########
hadoop-hdds/tools/src/test/java/org/apache/hadoop/hdds/scm/cli/cert/TestCleanExpired.java:
##########
Review Comment:
Should we have some kind of test at least for the happy path?
I can imagine testing server side implementation with a mocked certificate
store or something like that, look at ScmConfigurator usages to see how you can
inject one in a mocked ScmHAManager.
Also we should test client side I believe with a mocked server side behind,
so that we can ensure that it is visible via the test change when the output
format changes for any reason.
But there might be better ways to test the functonality all I am sure about
is that it is definitelly better to have some tests than no tests at all.
##########
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java:
##########
@@ -223,33 +223,41 @@ public void removeExpiredCertificate(BigInteger serialID)
}
@Override
- public void removeAllExpiredCertificates() throws IOException {
+ public List<X509Certificate> removeAllExpiredCertificates()
+ throws IOException {
+ List<X509Certificate> removedCerts = new ArrayList<>();
lock.lock();
try (BatchOperation batchOperation =
scmMetadataStore.getBatchHandler().initBatchOperation()) {
- addExpiredCertsToBeRemoved(batchOperation,
- scmMetadataStore.getValidCertsTable());
- addExpiredCertsToBeRemoved(batchOperation,
- scmMetadataStore.getValidSCMCertsTable());
+ removedCerts.addAll(addExpiredCertsToBeRemoved(batchOperation,
+ scmMetadataStore.getValidCertsTable()));
+ removedCerts.addAll(addExpiredCertsToBeRemoved(batchOperation,
+ scmMetadataStore.getValidSCMCertsTable()));
scmMetadataStore.getStore().commitBatchOperation(batchOperation);
} finally {
lock.unlock();
}
+ return removedCerts;
}
- private void addExpiredCertsToBeRemoved(BatchOperation batchOperation,
- Table<BigInteger, X509Certificate> certTable) throws IOException {
+ private List<X509Certificate> addExpiredCertsToBeRemoved(
+ BatchOperation batchOperation, Table<BigInteger,
+ X509Certificate> certTable) throws IOException {
+ List<X509Certificate> removedCerts = new ArrayList<>();
try (TableIterator<BigInteger, ? extends Table.KeyValue<BigInteger,
X509Certificate>> certsIterator = certTable.iterator()) {
Instant now = Instant.now();
while (certsIterator.hasNext()) {
Table.KeyValue<BigInteger, X509Certificate> certEntry =
certsIterator.next();
- if (certEntry.getValue().getNotAfter().toInstant().isBefore(now)) {
+ X509Certificate cert = certEntry.getValue();
+ if (cert.getNotAfter().toInstant().isBefore(now)) {
Review Comment:
We don't need toInstant, you have Date#before for this check, with a new
Date() instead of Instant.now().
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
