[ https://issues.apache.org/jira/browse/HBASE-28317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17809944#comment-17809944 ]
Bryan Beaudreault commented on HBASE-28317: ------------------------------------------- Thanks for the thoughts [~ndimiduk]. Just to be clear, I do agree that adding the cert to RpcCall seems in line with existing conventions. So no problems with it as-is, more just thinking of the bigger picture. In hindsight, that line of thinking might have been best explored in a different jira. If anyone else has useful suggestions/context to provide in response to your comment, I'll make sure to copy it into a new Jira for posterity and further discussion. Your idea around doing some upfront general parsing is interesting, if there is any opportunity there. > RpcCallContext should expose client's TLS certificate > ----------------------------------------------------- > > Key: HBASE-28317 > URL: https://issues.apache.org/jira/browse/HBASE-28317 > Project: HBase > Issue Type: Improvement > Reporter: Charles Connell > Assignee: Charles Connell > Priority: Minor > > At my employer we plan on using a coprocessor to log information about some > requests to HBase. For this to be useful to us, we need to know who each > request is coming from. We use HBase's TLS support with mutual authentication > to authenticate clients. I'd like a way to expose the client certificate used > on a request to coprocessors. For setups using Kerberos authentication, > RpcCall exposes the Kerberos principal shortname via {{getRequestUser()}}, so > this would be the TLS equivalent to that. -- This message was sent by Atlassian Jira (v8.20.10#820010)