dombizita commented on code in PR #6860:
URL: https://github.com/apache/ozone/pull/6860#discussion_r1672363370
##########
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/conf/OzoneConfiguration.java:
##########
@@ -407,4 +420,76 @@ public int getInt(String name, String fallbackName, int
defaultValue,
}
return Integer.parseInt(value);
}
+
+ private Properties delegatingProps;
+
+ @Override
+ public synchronized void reloadConfiguration() {
+ super.reloadConfiguration();
+ delegatingProps = null;
+ }
+
+ @Override
+ protected final synchronized Properties getProps() {
+ if (delegatingProps == null) {
+ delegatingProps = new DelegatingProperties(super.getProps(),
complianceMode, cryptoProperties);
+ }
+ return delegatingProps;
+ }
+
+ /**
+ * Get a property value without the compliance check. It's needed to get the
compliance
+ * mode and the whitelist parameter values in the checkCompliance method.
+ *
+ * @param key property name
+ * @param defaultValue default value
+ * @return property value, without compliance check
+ */
+ private String getPropertyUnsafe(String key, String defaultValue) {
+ return super.getProps().getProperty(key, defaultValue);
+ }
+
+ private Properties getCryptoProperties() {
+ try {
+ return
super.getAllPropertiesByTag(ConfigTag.CRYPTO_COMPLIANCE.toString());
+ } catch (NoSuchMethodError e) {
+ return new Properties();
+ }
+ }
+
+ public String checkCompliance(String config, String value) {
+ // Don't check the ozone.security.crypto.compliance.mode config, even
though it's tagged as a crypto config
+ if (checkCompliance && cryptoProperties.containsKey(config) &&
+ !config.equals(OzoneConfigKeys.OZONE_SECURITY_CRYPTO_COMPLIANCE_MODE))
{
+
+ String whitelistConfig = config + "." + complianceMode + ".whitelist";
+ String whitelistValue = getPropertyUnsafe(whitelistConfig, "");
+
+ if (whitelistValue != null) {
+ String[] whitelistOptions = whitelistValue.split(",");
+
+ if (!Arrays.asList(whitelistOptions).contains(value)) {
+ throw new ConfigurationException("Not allowed configuration value!
Compliance mode is set to " +
+ complianceMode + " and " + config + " configuration's value is
not allowed. Please check the " +
+ whitelistConfig + " configuration.");
+ }
+ }
+ }
+ return value;
+ }
+
+ @Override
+ public Iterator<Map.Entry<String, String>> iterator() {
+ Properties properties = getProps();
Review Comment:
Thanks for brining this up! I updated my patch, in the end I only have the
compliance check method in the DelegatingProperties class, so I was able to
remove the checkCompliance and the complianceMode variables from both of the
configuration related classes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
