HDDS-10889. Remove certificate revocation related code.

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java

@@ -38,10 +38,6 @@ public final class HddsConfigKeys {
       "hdds.container.report.interval";
   public static final String HDDS_CONTAINER_REPORT_INTERVAL_DEFAULT =
       "60m";
-  public static final String HDDS_CRL_STATUS_REPORT_INTERVAL =
-      "hdds.crl.status.report.interval";
-  public static final String HDDS_CRL_STATUS_REPORT_INTERVAL_DEFAULT =
-      "60s";
   public static final String HDDS_PIPELINE_REPORT_INTERVAL =
       "hdds.pipeline.report.interval";
   public static final String HDDS_PIPELINE_REPORT_INTERVAL_DEFAULT =
@@ -184,9 +180,6 @@ public final class HddsConfigKeys {
   public static final String HDDS_X509_FILE_NAME = "hdds.x509.file.name";
   public static final String HDDS_X509_FILE_NAME_DEFAULT = "certificate.crt";
 
-  public static final String HDDS_X509_CRL_NAME = "hdds.x509.CRL.name";
-  public static final String HDDS_X509_CRL_NAME_DEFAULT = "scm.crl";
-
   /**
    * Default duration of certificates issued by SCM CA. The formats accepted are
    * based on the ISO-8601 duration format PnDTnHnMn.nS Default value is 5 years

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/exceptions/SCMException.java

@@ -126,12 +126,18 @@ public enum ResultCodes {
     FAILED_TO_INIT_PIPELINE_CHOOSE_POLICY,
     FAILED_TO_INIT_LEADER_CHOOSE_POLICY,
     SCM_NOT_LEADER,
+    // Unused, revocation code was removed. Re-use with care when implementing revocation support.
+    // (To keep ordinals, we should not delete this from the enum.)
     FAILED_TO_REVOKE_CERTIFICATES,
     PIPELINE_NOT_FOUND,
     UNKNOWN_PIPELINE_STATE,
     CONTAINER_NOT_FOUND,
     CONTAINER_REPLICA_NOT_FOUND,
+    // Unused, revocation code was removed. Re-use with care when implementing revocation support.
+    // (To keep ordinals, we should not delete this from the enum.)
     FAILED_TO_CONNECT_TO_CRL_SERVICE,
+    // Unused, revocation code was removed. Re-use with care when implementing revocation support.
+    // (To keep ordinals, we should not delete this from the enum.)
     FAILED_TO_ADD_CRL_CLIENT,
     INVALID_PIPELINE_STATE,
     DUPLICATED_PIPELINE_ID,

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/SecurityConfig.java

@@ -78,8 +78,6 @@
 import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_PUBLIC_KEY_FILE_NAME;
 import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_PUBLIC_KEY_FILE_NAME_DEFAULT;
 import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_SECURITY_PROVIDER;
-import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_X509_CRL_NAME;
-import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_X509_CRL_NAME_DEFAULT;
 import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_X509_DEFAULT_DURATION;
 import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_X509_DEFAULT_DURATION_DEFAULT;
 import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_X509_DIR_NAME;
@@ -126,7 +124,6 @@ public class SecurityConfig {
   private final Duration defaultCertDuration;
   private final Duration renewalGracePeriod;
   private final boolean isSecurityEnabled;
-  private final String crlName;
   private final boolean grpcTlsUseTestCert;
   private final String externalRootCaPublicKeyPath;
   private final String externalRootCaPrivateKeyPath;
@@ -263,9 +260,6 @@ public SecurityConfig(ConfigurationSource configuration) {
         HDDS_X509_ROOTCA_PRIVATE_KEY_FILE,
         HDDS_X509_ROOTCA_PRIVATE_KEY_FILE_DEFAULT);
 
-    this.crlName = configuration.get(HDDS_X509_CRL_NAME,
-        HDDS_X509_CRL_NAME_DEFAULT);
-
     this.grpcSSLProvider = SslProvider.valueOf(
         configuration.get(HDDS_GRPC_TLS_PROVIDER,
             HDDS_GRPC_TLS_PROVIDER_DEFAULT));
@@ -357,15 +351,6 @@ private void validateCertificateValidityConfig() {
     }
   }
 
-  /**
-   * Returns the CRL Name.
-   *
-   * @return String.
-   */
-  public String getCrlName() {
-    return crlName;
-  }
-
   /**
    * Returns true if security is enabled for OzoneCluster. This is determined by
    * value of OZONE_SECURITY_ENABLED_KEY.

hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java

@@ -127,10 +127,7 @@ public final class OzoneConsts {
    */
   public static final String CONTAINER_DB_SUFFIX = "container.db";
   public static final String PIPELINE_DB_SUFFIX = "pipeline.db";
-  public static final String CRL_DB_SUFFIX = "crl.db";
   public static final String DN_CONTAINER_DB = "-dn-" + CONTAINER_DB_SUFFIX;
-  public static final String DN_CRL_DB = "dn-" + CRL_DB_SUFFIX;
-  public static final String CRL_DB_DIRECTORY_NAME = "crl";
   public static final String OM_DB_NAME = "om.db";
   public static final String SCM_DB_NAME = "scm.db";
   public static final String OM_DB_BACKUP_PREFIX = "om.db.backup.";
@@ -452,9 +449,6 @@ private OzoneConsts() {
   public static final String SCM_DUMMY_NODEID = "scmNodeId";
   public static final String SCM_DUMMY_SERVICE_ID = "scmServiceId";
 
-  // CRL Sequence Id
-  public static final String CRL_SEQUENCE_ID_KEY = "CRL_SEQUENCE_ID";
-
   public static final String SCM_CA_PATH = "ca";
   public static final String SCM_CA_CERT_STORAGE_DIR = "scm";
   public static final String SCM_SUB_CA_PATH = "sub-ca";

hadoop-hdds/common/src/main/resources/ozone-default.xml

@@ -369,14 +369,6 @@
       datanode periodically send container report to SCM. Unit could be
       defined with postfix (ns,ms,s,m,h,d)</description>
   </property>
-  <property>
-    <name>hdds.crl.status.report.interval</name>
-    <value>60000ms</value>
-    <tag>OZONE, SECURITY, MANAGEMENT</tag>
-    <description>Time interval of the datanode to send CRL status report. Each
-      datanode periodically sends CRL status report to SCM. Unit could be
-      defined with postfix (ns,ms,s,m,h,d)</description>
-  </property>
   <property>
     <name>hdds.pipeline.report.interval</name>
     <value>60000ms</value>