[kudu-CR] [security] tailored TokenSigner for system catalog

Tue, 21 Feb 2017 13:55:35 -0800 

Hello Todd Lipcon, Kudu Jenkins,

I'd like you to reexamine a change.  Please visit

    http://gerrit.cloudera.org:8080/5930

to look at the new patch set (#19).

Change subject: [security] tailored TokenSigner for system catalog
......................................................................

[security] tailored TokenSigner for system catalog

Updated the TokenSigner class in preparation for loading/storing TSKs
(Token Signing Keys) in system catalog.

The expected use-case for the TokenSigner is calling ImportKey() on
elected-as-leader callback with entries loaded from the system catalog
table, and then calling CheckNeedKey()/AddKey(), TryRotateKey() sequence.
Further down the road, it's necessary to call the CheckNeedKey()/AddKey(),
TryRotateKey() sequence periodically to generate and activate new TSKs.

Change-Id: Ie2417e2ccba6a1114db366b2f642f95362bf479c
---
M src/kudu/master/CMakeLists.txt
D src/kudu/master/authn_token_manager.cc
D src/kudu/master/authn_token_manager.h
M src/kudu/master/master-test.cc
M src/kudu/master/master.cc
M src/kudu/master/master.h
M src/kudu/master/master_service.cc
M src/kudu/rpc/negotiation-test.cc
M src/kudu/security/token-test.cc
M src/kudu/security/token.proto
M src/kudu/security/token_signer.cc
M src/kudu/security/token_signer.h
M src/kudu/security/token_signing_key.cc
M src/kudu/security/token_signing_key.h
M src/kudu/security/token_verifier.cc
M src/kudu/security/token_verifier.h
M src/kudu/tserver/heartbeater.cc
17 files changed, 801 insertions(+), 334 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/30/5930/19
-- 
To view, visit http://gerrit.cloudera.org:8080/5930
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ie2417e2ccba6a1114db366b2f642f95362bf479c
Gerrit-PatchSet: 19
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <[email protected]>

Reply via email to