Andrew Wong has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/11750 )
Change subject: KUDU-2542: add initial authorization token impl ...................................................................... KUDU-2542: add initial authorization token impl This patch adds an authorization token that echoes the authentication token implementation. These tokens contain privileges that will be used authorize specific tablet server requests. By in large, tablet server requests are scoped to a single table, and as such, so are authz tokens. In cases where this is not true (e.g. ListTablets), a reasonable assumption is that the call is being made via tooling, and coarse-grained access control should be used instead of fine-grained. If this ends up being less the case in the future, we can always amend the authz token to support multiple tables. The tokens leverage the same token signer as the authentication tokens, though with the token validity interval configured via the new flag --authz_token_validity_seconds. Change-Id: Id28747ec38675abdf50dce1e7c176d29213e370f Reviewed-on: http://gerrit.cloudera.org:8080/11750 Tested-by: Kudu Jenkins Reviewed-by: Alexey Serbin <[email protected]> --- M src/kudu/integration-tests/authn_token_expire-itest.cc M src/kudu/integration-tests/security-unknown-tsk-itest.cc M src/kudu/integration-tests/token_signer-itest.cc M src/kudu/master/master.cc M src/kudu/rpc/negotiation-test.cc M src/kudu/security/token-test.cc M src/kudu/security/token.proto M src/kudu/security/token_signer.cc M src/kudu/security/token_signer.h 9 files changed, 389 insertions(+), 76 deletions(-) Approvals: Kudu Jenkins: Verified Alexey Serbin: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/11750 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Id28747ec38675abdf50dce1e7c176d29213e370f Gerrit-Change-Number: 11750 Gerrit-PatchSet: 5 Gerrit-Owner: Andrew Wong <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241)
