Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-4729

Add token support for container admin operations

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.2.0
    • None

    Description

      HDDS-2321 disabled token based authentication for container admin commands part of the DataNode admin protocol as that caused problems with requests that are not going through Ozone Manager, as token based auth support is present only there currently.

      Within this feature, the followings to be added:

      • a new SCM request to get a new kind of token issued by the SCM
      • the token would be short living, without renewal or cancellation signed by SCM
      • the token will be required for container admin commands inside DataNodes
      • the token will be supplied to container admin requests from command line client, and for commands arriving via DN heartbeat responses
      • the token is validated on the DN side for every container admin command, and in case a token is not supplied or invalid the DN should reject the request.

      Also it is part of the development to revisit all DN API requests and add the appropriate (OM or SCM) token based auth where applicable.

      Attachments

        Issue Links

          Activity

            People

              adoroszlai Attila Doroszlai
              pifta István Fajth
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: