Skip to content

HDDS-8901. Enable mTLS for InterSCMGrpcProtocol. #4964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adoroszlai merged 2 commits into from
Jun 26, 2023
Merged

HDDS-8901. Enable mTLS for InterSCMGrpcProtocol. #4964

adoroszlai merged 2 commits into from
Jun 26, 2023

Conversation

@fapifta
Copy link
Contributor

@fapifta fapifta commented Jun 23, 2023

What changes were proposed in this pull request?

Currently the InterSCMGrpcProtocol service endpoint on SCM does not require client authentication. This change is about adding the requirement, and verify with a test that mTLS is working, and set.

The newly added test fails without the change in the InterSCMGrpcProtocolService class.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-8901

How was this patch tested?

Added JUnit test to verify client and service certificates are properly sent for the configured trust managers for checking if the client/server is trusted.

@fapifta fapifta changed the title HDDS-8901 Enable mTLS for InterSCMGrpcProtocol. HDDS-8901. Enable mTLS for InterSCMGrpcProtocol. Jun 23, 2023
adoroszlai
adoroszlai approved these changes Jun 24, 2023
View reviewed changes
Copy link
Contributor

@adoroszlai adoroszlai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @fapifta for finding and fixing this.

@adoroszlai adoroszlai merged commit 2fbed63 into apache:master Jun 26, 2023
errose28 added a commit to errose28/ozone that referenced this pull request Jun 30, 2023
@errose28
Merge branch 'master' into HDDS-8062-container-log
2b89dc1 
* master:
  HDDS-8555. [Snapshot] When snapshot feature is disabled, block OM startup if there are still snapshots in the system (apache#4994)
  HDDS-8782. Improve Volume Scanner Health checks. (apache#4867)
  HDDS-8447. Datanodes should not process container deletes for failed volumes. (apache#4901)
  HDDS-5869. Added support for stream on S3Gateway write path (apache#4970)
  HDDS-8859. [Snapshot] Return failure message to client for a failed snapshot diff jobs (apache#4993)
  HDDS-8939. [Snapshot] isBlockLocationSame check should be skipped if object is not OmKeyInfo. (apache#4991)
  HDDS-8923. Expose XceiverClient cache stats as metrics (apache#4979)
  HDDS-8913. ContainerManagerImpl: reduce processing while locked (apache#4967)
  HDDS-8935. [Snapshot] Fallback to full diff if getDetlaFiles from compaction DAG fails (apache#4986)
  HDDS-8911. Update Hadoop to 3.3.6 (apache#4985)
  HDDS-8931. Allow EC PipelineChoosingPolicy to be defined separately from Ratis (apache#4983)
  HDDS-8895. Support dynamic change of ozone.readonly.administrators in SCM (apache#4977)
  HDDS-6814. Make OM service ID optional for `ozone s3` commands if only one is defined in config (apache#4953)
  HDDS-8925. BaseFreonGenerator may not complete if last attempts fail (apache#4975)
  HDDS-7100. Container scanner incorrectly marks containers unhealthy when DN is shutdown (apache#4951)
  HDDS-8919. Allow EC pipelines to be created and then added to PipelineManager in two steps (apache#4968)
  HDDS-8901. Enable mTLS for InterSCMGrpcProtocol. (apache#4964)

Conflicts:
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/interfaces/Container.java
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/keyvalue/KeyValueContainer.java
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/keyvalue/KeyValueContainerCheck.java
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/keyvalue/KeyValueHandler.java
hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/container/common/ContainerTestUtils.java
vtutrinov pushed a commit to Cyrill/ozone that referenced this pull request Jul 3, 2023
@fapifta
HDDS-8901. Enable mTLS for InterSCMGrpcProtocol. (apache#4964)
87139e5
vtutrinov pushed a commit to Cyrill/ozone that referenced this pull request Jul 3, 2023
@fapifta
HDDS-8901. Enable mTLS for InterSCMGrpcProtocol. (apache#4964)
146fb7d
adoroszlai pushed a commit to adoroszlai/ozone that referenced this pull request Feb 9, 2024
@fapifta @adoroszlai
HDDS-8901. Enable mTLS for InterSCMGrpcProtocol. (apache#4964)
ef924d0 
(cherry picked from commit 2fbed63)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adoroszlai adoroszlai adoroszlai approved these changes

@ChenSammi ChenSammi Awaiting requested review from ChenSammi

@duongkame duongkame Awaiting requested review from duongkame

@kerneltime kerneltime Awaiting requested review from kerneltime

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fapifta @adoroszlai