Thanks Arpit Agarwal for the comments.
I am attaching a new based on some of your comments. I request guidance on #1 and #4.
1. isSecureOnClient may also want to use the peer's address to make a decision. e.g. intra-cluster transfer vs. distcp to remote cluster.
The ip address of namenode or datanode is not available at some of the client invocations. Please let me know if there is a way to get an ip address..
2. Related to #1, isSecureOnClient and isSecureOnServer look awkward. How about replacing both with isTrustedChannel that takes the peer's IP address? We should probably avoid overloading the term secure in this context since there is a related concept ofPeer#hasSecureChannel().
I have renamed the class to TrustedChannelResolver and function to isTrusted() .
3. Could you please update the documentation
4. Is the InetAddress.getByName call in DataXceiver#getClientAddress necessary? If it were necessary it would have been a security hole since DNS resolution may yield a different IP address than the one used by the client. It turns out for the kinds of Peers we are interested in this will be an IP address, so let's just remove the call.
I wanted to use InetAddress as the argument to TrustedChannelResolver than a string-ip-address to maintain parity with SaslPropertiesResolver. To convert a string ip, I use InetAddress.getByName
From the documentation of InetAddress.getByName(String host):
The host name can either be a machine name, such as "java.sun.com", or a textual representation of its IP address. If a literal IP address is supplied, only the validity of the address format is checked.
So basically , if the argument is ip address, getByName doesn't do a DNS check.
If there is a different way to get the InetAddress , we can definitely use that.
Other option is to not care about the parity with SaslPropertiesResolver and pass the string ip address.
Yet another option will be to pass the Peer itself to TrustedChannelResolver so that the custom implementation can take care of getting the ip address etc. Will be great to get your opinion on this.