hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yiqun Lin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDDS-804) Block token: Add secret token manager
Date Tue, 27 Nov 2018 05:58:00 GMT

    [ https://issues.apache.org/jira/browse/HDDS-804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16699952#comment-16699952
] 

Yiqun Lin commented on HDDS-804:
--------------------------------

In additional [~xyao]'s comments, Can we use a consistent way for token expiration? As I see
some places we use {{Time.now}}, others are {{Time.monotonicNow}}.
{code:java}
 /**
+   * Returns expiry time of a token given its identifier.
+   *
+   * @return Expiry time of the token
+   */
+  private long getTokenExpiryTime() {
+    return Time.monotonicNow() + getTokenRenewInterval();
+  }
+
+  /**
+   * Should be called before this object is used.
+   */
...
+  // TODO: handle roll private key/certificate
+  private synchronized void removeExpiredKeys() {
+    long now = Time.now();
+    for (Iterator<Map.Entry<Integer, OzoneSecretKey>> it = allKeys.entrySet()
+        .iterator(); it.hasNext();) {
+      Map.Entry<Integer, OzoneSecretKey> e = it.next();
+      OzoneSecretKey key = e.getValue();
+      if (key.getExpiryDate() < now) {
+        it.remove();
+      }
+    }
+  }
{code}
Looking into implementation in similar class {{AbstractDelegationTokenSecretManager/BlockTokenSecretManager}},
it uses {{Time.now();}} all the time. Also we will print an incorrect date by {{Time.formatTime(Time.monotonicNow())}}.

> Block token: Add secret token manager
> -------------------------------------
>
>                 Key: HDDS-804
>                 URL: https://issues.apache.org/jira/browse/HDDS-804
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Ajay Kumar
>            Assignee: Ajay Kumar
>            Priority: Major
>         Attachments: HDDS-804-HDDS-4.00.patch, HDDS-804-HDDS-4.01.patch, HDDS-804-HDDS-4.02.patch,
HDDS-804-HDDS-4.03.patch
>
>
> Add secret manager to process block tokens in OzoneManager.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message