You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "ChenSammi (via GitHub)" <gi...@apache.org> on 2023/12/13 07:02:02 UTC
[PR] HDDS-9893. clientCache is not properly invalidated with security enabled [ozone]
ChenSammi opened a new pull request, #5780:
URL: https://github.com/apache/ozone/pull/5780
## What changes were proposed in this pull request?
clientCache in XceiverClientManager hold the client created in XceiverClientManager. Client in clientCache will be invalidated by two ways,
one is the explicitly call XceiverClientManager#releaseClient for this client,
another is when the client in clientCache is not accessed for a predefined period of time.
When XceiverClientManager#releaseClient is called, it will invalidate the client based on the constructed cache key, where it doesn't match the key constructed when client is put into clientCache when security is enabled.
## What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-9893
## How was this patch tested?
unit test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
Re: [PR] HDDS-9893. Client in clientCache is not properly invalidated with security enabled [ozone]
Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.
ChenSammi commented on code in PR #5780:
URL: https://github.com/apache/ozone/pull/5780#discussion_r1426125636
##########
hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/XceiverClientManager.java:
##########
@@ -297,6 +293,15 @@ private String getPipelineCacheKey(Pipeline pipeline,
e.getMessage());
}
}
+ // Append user short name to key to prevent a different user
+ // from using same instance of xceiverClient.
+ try {
+ key = isSecurityEnabled ?
+ key + UserGroupInformation.getCurrentUser().getShortUserName() : key;
+ } catch (IOException e) {
+ LOG.error("Failed to get current user to create pipeline cache key:" +
+ e.getMessage());
+ }
Review Comment:
@adoroszlai , thank you for the review. It's addressed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
Re: [PR] HDDS-9893. Client in clientCache is not properly invalidated with security enabled [ozone]
Posted by "adoroszlai (via GitHub)" <gi...@apache.org>.
adoroszlai merged PR #5780:
URL: https://github.com/apache/ozone/pull/5780
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
Re: [PR] HDDS-9893. Client in clientCache is not properly invalidated with security enabled [ozone]
Posted by "adoroszlai (via GitHub)" <gi...@apache.org>.
adoroszlai commented on code in PR #5780:
URL: https://github.com/apache/ozone/pull/5780#discussion_r1424961280
##########
hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/XceiverClientManager.java:
##########
@@ -297,6 +293,15 @@ private String getPipelineCacheKey(Pipeline pipeline,
e.getMessage());
}
}
+ // Append user short name to key to prevent a different user
+ // from using same instance of xceiverClient.
+ try {
+ key = isSecurityEnabled ?
+ key + UserGroupInformation.getCurrentUser().getShortUserName() : key;
+ } catch (IOException e) {
+ LOG.error("Failed to get current user to create pipeline cache key:" +
+ e.getMessage());
+ }
Review Comment:
We can simplify this (and avoid the `try-catch` if security is not enabled).
```suggestion
if (isSecurityEnabled) {
try {
key += UserGroupInformation.getCurrentUser().getShortUserName();
} catch (IOException e) {
LOG.error("Failed to get current user to create pipeline cache key: " +
e.getMessage());
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
Re: [PR] HDDS-9893. Client in clientCache is not properly invalidated with security enabled [ozone]
Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.
ChenSammi commented on PR #5780:
URL: https://github.com/apache/ozone/pull/5780#issuecomment-1855515021
Thank you @adoroszlai for the review and merge.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org