Sumit Agrawal created HDDS-7454:
-----------------------------------
Summary: OM to DN token verification should include Pipeline
Key: HDDS-7454
URL: https://issues.apache.org/jira/browse/HDDS-7454
Project: Apache Ozone
Issue Type: Bug
Reporter: Sumit Agrawal
Assignee: Sumit Agrawal
Client will request for block information to be used to write data, In this
process,
- OM call allocateBlock to SCM, SCM will provide block information, pipeline
and related DN
- OM also create token (when security enabled) with block information
- Client will pass this information to DN
- DN will verify token for block information and start write block
Here, pipeline information is not verified for which request is created. As
security, this also needs to be verified.
Pipeline and DN mapping is shared to DN which Pipeline command from SCM to DNs,
CreatePipelineCommand
Impact (If client is not trustable):
1. Client can forward request with token to different DN with different
pipeline information.
So DN since do not have information about SMC mapping of container to pipeline,
that DN can start operating over that.
Having pipeline in token verification, it will ensure,
- block write is done with correct pipeline (DNs)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
