Alexey Serbin has submitted this change and it was merged. Change subject: [rpc] introduce per-RPC credentials policy ......................................................................
[rpc] introduce per-RPC credentials policy This patch introduces policy for RPC authentication credentials. The authentication credentials policy allows for control over the type of client-side credentials used for making a remote procedure call. The idea behind this change is simple: sometimes the server's behavior depends on the type of client's credentials used to authenticate the client to the server in the context of the remote procedure call. If the client expects some particular behavior from the server, it has to explicitly specify the type of credentials it wants to use for the call. One example of an RPC depending on the type of the specified credentials is MasterService::ConnectToMaster(). It's impossible to receive an authentication token from the master if calling that method over a connection established with an authn token. To get a new authn token in that case, it's necessary to open a new connection to the master using types of credentials other than authn token (e.g., Kerberos credentials or TLS certificate will work). In other words, derived/secondary authentication credentials (such as authn token) can only be acquired if using the primary ones. That's a crucial restriction to allow for enforcing expiration of derived/secondary credentials. With this patch a client has an ability to re-acquire secondary authentication credentials (authn token) regardless of the type of credentials used to established current connection to Kudu master. As a part of this patch, a new unit test is added to cover the new functionality. Change-Id: I52f806e7b6f6362f66148530124e748e199ae6c2 Reviewed-on: http://gerrit.cloudera.org:8080/6875 Tested-by: Kudu Jenkins Reviewed-by: Todd Lipcon <[email protected]> Reviewed-by: Dan Burkert <[email protected]> --- M src/kudu/rpc/connection.cc M src/kudu/rpc/connection.h M src/kudu/rpc/messenger.h M src/kudu/rpc/negotiation.cc M src/kudu/rpc/outbound_call.h M src/kudu/rpc/proxy.cc M src/kudu/rpc/reactor.cc M src/kudu/rpc/reactor.h M src/kudu/rpc/rpc-test-base.h M src/kudu/rpc/rpc-test.cc M src/kudu/rpc/rpc_controller.cc M src/kudu/rpc/rpc_controller.h M src/kudu/rpc/rpc_stub-test.cc 13 files changed, 305 insertions(+), 75 deletions(-) Approvals: Dan Burkert: Looks good to me, approved Todd Lipcon: Looks good to me, but someone else must approve Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/6875 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: I52f806e7b6f6362f66148530124e748e199ae6c2 Gerrit-PatchSet: 8 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]>
