[kudu-CR] master: complete hooking up tokens and IPKI

Sun, 19 Feb 2017 22:28:53 -0800 

Hello Dan Burkert, Alexey Serbin, Kudu Jenkins,

I'd like you to reexamine a change.  Please visit

    http://gerrit.cloudera.org:8080/6075

to look at the new patch set (#3).

Change subject: master: complete hooking up tokens and IPKI
......................................................................

master: complete hooking up tokens and IPKI

This makes a few changes necessary to complete hooking up the master
with the IPKI system and tokens:

* When a master first becomes leader, it uses the CA cert to sign its
  own server cert, and then adopts it. To make this code a little less
  messy, I made AddTrustedCertificate idempotent rather than returning
  AlreadyPresent() if the cert was already trusted.

* The TokenSigner's associated TokenVerifier is now passed in as a
  constructor argument rather than constructed as part of the signer.
  This allows the Signer to be hooked up to the same Verifier used by
  the Messenger to verify incoming connections using TOKEN
  authentication.

  I took the most expedient path here of using shared ownership, since
  the Messenger lifecycle is quite tricky and I wasn't completely sure
  that the teardown sequence would be safe with single-ownership. The
  chances of shared_ptr cycles should be low since TokenVerifier is a
  standalone class.

Change-Id: I3dfadb427491c7b406ad2d2bc1245b3a1cdb9170
---
M src/kudu/client/client-internal.cc
M src/kudu/integration-tests/delete_table-test.cc
M src/kudu/integration-tests/master_failover-itest.cc
M src/kudu/integration-tests/token_signer-itest.cc
M src/kudu/master/catalog_manager.cc
M src/kudu/master/master.cc
M src/kudu/master/master_cert_authority.cc
M src/kudu/master/master_cert_authority.h
M src/kudu/rpc/messenger.h
M src/kudu/rpc/negotiation-test.cc
M src/kudu/security/tls_context.cc
M src/kudu/security/tls_context.h
M src/kudu/security/token-test.cc
M src/kudu/security/token_signer.cc
M src/kudu/security/token_signer.h
15 files changed, 81 insertions(+), 32 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/75/6075/3
-- 
To view, visit http://gerrit.cloudera.org:8080/6075
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I3dfadb427491c7b406ad2d2bc1245b3a1cdb9170
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot

Reply via email to