Alexey Serbin has posted comments on this change. Change subject: [security] interface for certificate signing service ......................................................................
Patch Set 3: > This seems pretty reasonable, but I'm not sure whether this makes > sense as a standalone RPC service. > > In the real application, I'd guess that the tserver would just want > to piggy-back the CSR with its "Register" RPC that it already sends > to MasterService. And fetching the CAs would be piggy-backed on the > client asking for an authentication token, etc. > > That said, I think the protobufs for the CSRs, errors, etc, are > reasonable, and might be handy, but I think we should hold off > comitting the service part until we figure out how it's actually > integrated? > This seems pretty reasonable, but I'm not sure whether this makes > sense as a standalone RPC service. > > In the real application, I'd guess that the tserver would just want > to piggy-back the CSR with its "Register" RPC that it already sends > to MasterService. And fetching the CAs would be piggy-backed on the > client asking for an authentication token, etc. > > That said, I think the protobufs for the CSRs, errors, etc, are > reasonable, and might be handy, but I think we should hold off > comitting the service part until we figure out how it's actually > integrated? Thank you for the review and the analysis. Yes, you are right -- we need to get some sort of 'automation' of in requesting/retrieving the certificates. I think the way you mention is a very good option. There is no rush from my side in pushing this -- we can update this to make it fit our need any way we want. Let me know when it's time to tailor this a bit as needed. -- To view, visit http://gerrit.cloudera.org:8080/5673 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I9ff31e56be42bfa8d0f9b908ba2ccd2734407f55 Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Mike Percy <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: No
