adoroszlai commented on code in PR #5486:
URL: https://github.com/apache/ozone/pull/5486#discussion_r1371417731
##########
hadoop-ozone/s3-secret-store/src/main/java/org/apache/hadoop/ozone/s3/remote/vault/VaultS3SecretStore.java:
##########
@@ -128,49 +124,29 @@ public S3SecretValue getSecret(String kerberosID) throws
IOException {
@Override
public void revokeSecret(String kerberosId) throws IOException {
try {
- checkAuth();
- vault.logical().delete(secretPath + '/' + kerberosId);
+ callWithReAuth(() -> vault.logical().delete(secretPath + '/' +
kerberosId));
} catch (VaultException e) {
LOG.error("Failed to delete secret", e);
throw new IOException("Failed to revoke secret", e);
}
}
- private void checkAuth() throws VaultException {
- try {
- doCheck();
- } catch (VaultException e) {
- processEx(e, this::auth);
- try {
- doCheck();
- } catch (VaultException ex) {
- processEx(ex, () -> {
- throw new VaultException("Failed to re-authenticate",
- ex.getHttpStatusCode());
- });
- }
- }
- }
+ private LogicalResponse callWithReAuth(RestCall action) throws
VaultException {
+ LogicalResponse response = action.call();
+ int status = response.getRestResponse().getStatus();
+ if (status == 403 || status == 401 || status == 400) {
+ auth();
- private void doCheck() throws VaultException {
- LookupResponse lookupResponse = vault.auth().lookupSelf();
+ response = action.call();
+ status = response.getRestResponse().getStatus();
- if (!Objects.equals(lookupResponse.getId(), config.getToken())) {
- LOG.error("Lookup token is not the same as Vault client configuration.");
- throw new VaultException("Failed to re-authenticate", 401);
- }
- }
-
- private void processEx(VaultException e, Call callback)
- throws VaultException {
- int status = e.getHttpStatusCode();
- if (status == 403 || status == 401) {
- callback.run();
+ if (status == 403 || status == 401 || status == 400) {
+ throw new VaultException("Failed to re-authenticate",
+ response.getRestResponse().getStatus());
Review Comment:
Can use `status` directly.
```suggestion
status);
```
##########
hadoop-ozone/s3-secret-store/src/main/java/org/apache/hadoop/ozone/s3/remote/vault/VaultS3SecretStore.java:
##########
@@ -128,49 +124,29 @@ public S3SecretValue getSecret(String kerberosID) throws
IOException {
@Override
public void revokeSecret(String kerberosId) throws IOException {
try {
- checkAuth();
- vault.logical().delete(secretPath + '/' + kerberosId);
+ callWithReAuth(() -> vault.logical().delete(secretPath + '/' +
kerberosId));
} catch (VaultException e) {
LOG.error("Failed to delete secret", e);
throw new IOException("Failed to revoke secret", e);
}
}
- private void checkAuth() throws VaultException {
- try {
- doCheck();
- } catch (VaultException e) {
- processEx(e, this::auth);
- try {
- doCheck();
- } catch (VaultException ex) {
- processEx(ex, () -> {
- throw new VaultException("Failed to re-authenticate",
- ex.getHttpStatusCode());
- });
- }
- }
- }
+ private LogicalResponse callWithReAuth(RestCall action) throws
VaultException {
+ LogicalResponse response = action.call();
+ int status = response.getRestResponse().getStatus();
+ if (status == 403 || status == 401 || status == 400) {
+ auth();
- private void doCheck() throws VaultException {
- LookupResponse lookupResponse = vault.auth().lookupSelf();
+ response = action.call();
+ status = response.getRestResponse().getStatus();
- if (!Objects.equals(lookupResponse.getId(), config.getToken())) {
- LOG.error("Lookup token is not the same as Vault client configuration.");
- throw new VaultException("Failed to re-authenticate", 401);
- }
- }
-
- private void processEx(VaultException e, Call callback)
- throws VaultException {
- int status = e.getHttpStatusCode();
- if (status == 403 || status == 401) {
- callback.run();
+ if (status == 403 || status == 401 || status == 400) {
Review Comment:
Please extract `isAuthFailure(status)` to avoid duplicating the status codes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
