Hello Kudu Jenkins, I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/5988 to look at the new patch set (#6). Change subject: [security] Negotiate authentication type during RPC setup ...................................................................... [security] Negotiate authentication type during RPC setup This commit introduces the concept of an authentication type to the RPC negotiation sequence. The current valid authentication types are SASL, CERTIFICATE, and TOKEN. Early in the negotiation sequence the client and server decide on an authentication type to use for the connection based on the mutually supported capabilities. If either side does not support the new authentication negotiation, the connection automatically falls back to SASL authentication in order to maintain backwards compatibility. This commit also adds TSKs to the master<->tserver heartbeat protocol, so that tokens may be verified on the server. The client's authn token has been moved to the messenger to make it more accessible to negotiation. negotiation-test has been updated with a general test runner for different negotiation configurations. There are so many possible negotiation configurations that an exhaustive set of tests is not attempted, but it should be straightforward to add additional tests in the future. Change-Id: I8ed9a1a474990dbfe9b71173adffdec95ec02b6c --- M src/kudu/client/client-internal.cc M src/kudu/client/client-internal.h M src/kudu/client/client-test.cc M src/kudu/master/master.proto M src/kudu/rpc/CMakeLists.txt M src/kudu/rpc/client_negotiation.cc M src/kudu/rpc/client_negotiation.h M src/kudu/rpc/messenger.cc M src/kudu/rpc/messenger.h M src/kudu/rpc/negotiation-test.cc M src/kudu/rpc/negotiation.cc M src/kudu/rpc/negotiation.h M src/kudu/rpc/rpc_header.proto M src/kudu/rpc/server_negotiation.cc M src/kudu/rpc/server_negotiation.h M src/kudu/security/security-test-util.cc M src/kudu/security/security-test-util.h M src/kudu/security/tls_context.h M src/kudu/security/tls_handshake-test.cc M src/kudu/security/token-test.cc M src/kudu/security/token_signer.h M src/kudu/security/token_verifier.cc M src/kudu/security/token_verifier.h M src/kudu/server/server_base.h M src/kudu/tserver/heartbeater.cc 25 files changed, 1,254 insertions(+), 441 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/88/5988/6 -- To view, visit http://gerrit.cloudera.org:8080/5988 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: I8ed9a1a474990dbfe9b71173adffdec95ec02b6c Gerrit-PatchSet: 6 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org>