You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Xiaoyu Yao (Jira)" <ji...@apache.org> on 2021/05/12 16:46:00 UTC
[jira] [Updated] (HDDS-4729) Add token support for container admin
operations
[ https://issues.apache.org/jira/browse/HDDS-4729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiaoyu Yao updated HDDS-4729:
-----------------------------
Fix Version/s: 1.2.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
Thanks [~adoroszlai] for the contribution. PR has been merged.
> Add token support for container admin operations
> ------------------------------------------------
>
> Key: HDDS-4729
> URL: https://issues.apache.org/jira/browse/HDDS-4729
> Project: Apache Ozone
> Issue Type: New Feature
> Reporter: István Fajth
> Assignee: Attila Doroszlai
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.2.0
>
>
> HDDS-2321 disabled token based authentication for container admin commands part of the DataNode admin protocol as that caused problems with requests that are not going through Ozone Manager, as token based auth support is present only there currently.
> Within this feature, the followings to be added:
> - a new SCM request to get a new kind of token issued by the SCM
> - the token would be short living, without renewal or cancellation signed by SCM
> - the token will be required for container admin commands inside DataNodes
> - the token will be supplied to container admin requests from command line client, and for commands arriving via DN heartbeat responses
> - the token is validated on the DN side for every container admin command, and in case a token is not supplied or invalid the DN should reject the request.
> Also it is part of the development to revisit all DN API requests and add the appropriate (OM or SCM) token based auth where applicable.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org