linyiqun edited a comment on pull request #1454:
URL: https://github.com/apache/hadoop-ozone/pull/1454#issuecomment-701381759
>since it's a user token, suppose it has a much longer liveness than input
and output stream object instance, right?
A good point that @ChenSammi mentioned, there is a setting to decide the
expired time of block token and it's a long time as 1 day. This should be an
enough time for client to read/write block data.
```xml
<property>
<name>hdds.block.token.expiry.time</name>
<value>1d</value>
<tag>OZONE, HDDS, SECURITY, TOKEN</tag>
<description>
Default value for expiry time of block token. This
setting supports multiple time unit suffixes as described in
dfs.heartbeat.interval. If no suffix is specified, then milliseconds is
assumed.
</description>
</property>
```
> No need to renew or revoke a block access token. when a cached block
access token expires, the client simply get a new one. Block access token
should be cached only in memory and never write to disk.
From this comment of OzoneBlockTokenIdentifier, current change also looks
safe.
In additional, I'm +1 for current change. Thanks @adoroszlai for addressing
the comment.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: ozone-issues-h...@hadoop.apache.org
