ChenSammi commented on code in PR #7394:
URL: https://github.com/apache/ozone/pull/7394#discussion_r1843114270
##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/upgrade/OMLayoutFeature.java:
##########
@@ -46,7 +46,8 @@ public enum OMLayoutFeature implements LayoutFeature {
FILESYSTEM_SNAPSHOT(5, "Ozone version supporting snapshot"),
QUOTA(6, "Ozone quota re-calculate"),
- HBASE_SUPPORT(7, "Full support of hsync, lease recovery and listOpenFiles
APIs for HBase");
+ HBASE_SUPPORT(7, "Full support of hsync, lease recovery and listOpenFiles
APIs for HBase"),
+ DELEGATION_TOKEN_SYMMETRIC_SIGN(8, "Delegation token signed by symmetric
key");
Review Comment:
The token signed by symmetric keys and token signed by asymmetric keys are
incompatible at server side. Delegation tokens are relatively long lived token,
default 7d. If a client get a delegation signed by symmetric keys after OM
upgrade but before finalize, later this OM upgrade is cancelled, then when the
token client held sent to the OM again after downgrade, it cannot be verified
by OM, client execution will fail. All type of tokens are opaque to client. The
new DELEGATION_TOKEN_SYMMETRIC_SIGN layout is introduced to handle the
compatibility between lower version of OM and high version of OM.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
