Alexey Serbin has posted comments on this change. ( )

Change subject: KUDU-2319 follower masters should be able to verify authn tokens

Patch Set 5:

File src/kudu/integration-tests/
PS6, Line 119:       ASSERT_LE(0, verifier.GetMaxKnownKeySequenceNumber());
> Shouldn't this be ASSERT_LT?
In current implementation, valid TSK sequence numbers start with 0.  E.g., 
below an excerpt from master's log:

I0222 19:56:02.962090 139954] T 
00000000000000000000000000000000 P 0139908237bb4734833947c72c0faff3: Generated 
new TSK 0
File src/kudu/master/
PS6, Line 1032:     LOG_WITH_PREFIX(INFO) << kDescription << ": success";
> Consider adding the last key ID to this message.
PS6, Line 1040:   static const auto kTskRotationInterval =
> 'static const' seems a little fishy here - does this pick up the non-defaul
I don't think it's fishy -- this is initialized first time the function is 
called.  That's how static variables work in the function scope, and as far as 
I remember that's in the C++ standard.

By the time this function is called, the flags should have been already 
initialized with appropriate override of FLAGS_tsk_rotation_seconds, so yes, it 
picks up the non-default value set via the flag.
PS6, Line 1050: 
master_->messenger()->token_verifier().GetMaxKnownKeySequenceNumber() < 0 ||
              :       !last_tspk_run->Initialized()
> Seems like these first two clauses can be removed if you just initialize 'l
That's a good observation -- yep, last_tspk_run is updated only on successful 
PS6, Line 3875:     LOG_WITH_PREFIX(INFO) << "Read public part of TSK: " << 
> This seems like it's going to be pretty chatty, maybe vlog?  We're already
Good idea!

To view, visit
To unsubscribe, visit

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idcc92dd4fae3d555af563d86634c07d3d06147a7
Gerrit-Change-Number: 9373
Gerrit-PatchSet: 5
Gerrit-Owner: Alexey Serbin <>
Gerrit-Reviewer: Alexey Serbin <>
Gerrit-Reviewer: Dan Burkert <>
Gerrit-Reviewer: Hao Hao <>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Comment-Date: Fri, 23 Feb 2018 21:49:10 +0000
Gerrit-HasComments: Yes

Reply via email to