[HDDS-4729] Add token support for container admin operations - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.2.0
Component/s: None
Labels:
- pull-request-available

Target Version/s:

1.2.0

Description

~~HDDS-2321~~ disabled token based authentication for container admin commands part of the DataNode admin protocol as that caused problems with requests that are not going through Ozone Manager, as token based auth support is present only there currently.

Within this feature, the followings to be added:

a new SCM request to get a new kind of token issued by the SCM
the token would be short living, without renewal or cancellation signed by SCM
the token will be required for container admin commands inside DataNodes
the token will be supplied to container admin requests from command line client, and for commands arriving via DN heartbeat responses
the token is validated on the DN side for every container admin command, and in case a token is not supplied or invalid the DN should reject the request.

Also it is part of the development to revisit all DN API requests and add the appropriate (OM or SCM) token based auth where applicable.

Attachments

Issue Links

is duplicated by

HDDS-3439 Enable TestSecureContainerServer test cases

Resolved

is related to

HDDS-2321 Ozone Block Token verify should not apply to all datanode cmd

Resolved

relates to

HDDS-9882 Share ByteString-related code between OzonePBHelper classes

Resolved

links to

GitHub Pull Request #2186

Activity

People

Assignee:: Attila Doroszlai

Reporter:: István Fajth

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 21/Jan/21 02:36

Updated:: 08/Dec/23 12:15

Resolved:: 12/May/21 16:45