[jira] [Commented] (HDDS-2390) SCMSecurityClient and mixing of abstraction layers

Thu, 31 Oct 2019 06:45:01 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-2390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16964025#comment-16964025
 ] 

Istvan Fajth commented on HDDS-2390:
------------------------------------

I am working on a PR for this one and I will publish it hopefully today for 
review.

> SCMSecurityClient and mixing of abstraction layers
> --------------------------------------------------
>
>                 Key: HDDS-2390
>                 URL: https://issues.apache.org/jira/browse/HDDS-2390
>             Project: Hadoop Distributed Data Store
>          Issue Type: Improvement
>            Reporter: Istvan Fajth
>            Assignee: Istvan Fajth
>            Priority: Major
>
> During the work on HDDS-2362, I ran into a bigger topic with Security and how 
> the code is organized around internal certificate handling.
> What I see is that we have two methods, HDDSUtils.getScmSecurityClient, and 
> HDDSClientUtils.getSCMSecurityClient, which are essentially doing the same, 
> the latter one without infinite retries, but used only from one test class, 
> besides this DefaultCertificateClient replicates the same logic also.
> Further evaluating the first one in HDDSUtils, I see that it is being used at 
> 3 places, ContainerOperationClient, HddsDataNodeService, and OzoneManager, 
> both of the two has its own DefaultCertificateClient descendants as well.
> ContainerOperationClient is using the client to get the CA certificate.
> HddsDataNodeService is using it to have a signed certificate for the DataNode.
> OzoneManager uses it for the same purpose to get a signed certificate.
> In the HddsDataNodeService, and OzoneManager class with this we effectively 
> tinkering with protobuf requests and responses, and protobuf related code, 
> which seems to be pretty high for the communication layer to buble up to.
> Based on the above, I would propose to have this logic encapsulated in a 
> client class that handles all the protobuf related things below 
> DefaultCertificateClient, and let all the code that is depending on 
> SCMSecurityProtocolClientSideTranslatorPB to depend on this new class or the 
> already exsisting DefaultCertificateClient methods and its descendants.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to