xiaoyuyao commented on a change in pull request #2254:
URL: https://github.com/apache/ozone/pull/2254#discussion_r636544822
##########
File path:
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/token/BlockTokenVerifier.java
##########
@@ -77,21 +75,20 @@ protected Object getService(ContainerCommandRequestProto
cmd) {
@Override
protected void verify(OzoneBlockTokenIdentifier tokenId,
- ContainerCommandRequestProto cmd) throws SCMSecurityException {
+ ContainerCommandRequestProtoOrBuilder cmd) throws SCMSecurityException {
- ContainerProtos.Type type = cmd.getCmdType();
- if (type == ReadChunk || type == GetBlock || type == GetSmallFile) {
- if (!tokenId.getAccessModes().contains(READ)) {
- throw new BlockTokenException("Block token with " +
tokenId.getService()
- + " doesn't have READ permission");
- }
- } else if (type == WriteChunk || type == PutBlock || type == PutSmallFile)
{
- if (!tokenId.getAccessModes().contains(WRITE)) {
- throw new BlockTokenException("Block token with " +
tokenId.getService()
- + " doesn't have WRITE permission");
- }
+ HddsProtos.BlockTokenSecretProto.AccessModeProto accessMode;
+ if (HddsUtils.isReadOnly(cmd)) {
+ accessMode = READ;
+ } else if (cmd.getCmdType() == DeleteBlock ||
+ cmd.getCmdType() == DeleteChunk) {
+ accessMode = DELETE;
Review comment:
I did not find any place where we add block tokens with DELETE mode? Do
you plan to add those in follow up JIRAs? I assume those will be used for some
debug CLI as the deletion done async via Hadoop RPC.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
