[
https://issues.apache.org/jira/browse/HDDS-1796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17134881#comment-17134881
]
Nanda kumar commented on HDDS-1796:
-----------------------------------
{{allocateBlock}}, {{deleteBlock}} and {{sortDatanodes}} doesn't have Admin
check now. If we do Admin check for {{getContainerWithPipeline}}, we should
also do the same in {{allocateBlock}}, {{deleteBlock}} and {{sortDatanodes}}.
All the above-mentioned calls are only done by the namespace layer
(OzoneManager), it makes sense to make all the client-facing APIs of SCM to do
Admin check. SCM should only get calls from namespace service or from admin, it
cannot get direct calls from a client.
> SCMClientProtocolServer#getContainerWithPipeline should check for admin access
> ------------------------------------------------------------------------------
>
> Key: HDDS-1796
> URL: https://issues.apache.org/jira/browse/HDDS-1796
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Components: SCM
> Affects Versions: 0.4.0
> Reporter: Mukul Kumar Singh
> Priority: Major
> Labels: Triaged
>
> SCMClientProtocolServer#getContainerWithPipeline currently calls
> checkAdminAccess with user as null.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
