Hello Tidy Bot, Alexey Serbin, Dan Burkert, Kudu Jenkins, Hao Hao,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/11751
to look at the new patch set (#2).
Change subject: WIP KUDU-2543: pass around default authz tokens
......................................................................
WIP KUDU-2543: pass around default authz tokens
WIP: some edge cases surrounding dropped connections and master leader
changes need to be implemented and tested.
WIP: also need to iron out the scans case; currently only client writes
are tested.
WIP: test what happens when we run new clients with older clusters?
Adds authz token generation to the master's GetTableSchema endpoint,
with which clients can authorize themselves for specific tables via
authz token. A client will cache these tokens and use them appropriately
for RPCs that need them (e.g. Writes and Scans), reacquiring them when
receiving word that they are expired.
This adds a minimal amount privilege-checking (No privileges? No can
do.) and introduces basic token validations (e.g. should be well formed,
not expired, etc.). I reused the authn verification RPC logic, but put
it in the tablet server layer.
This is tested in the following ways:
- added a test to ensure that write requests with malformed
authorization tokens will be retried with a new token from the master
- added a test to ensure that write requests with no permissions at all
do not retry and instead surface an error to the caller
Change-Id: I99555e0ab2d09d4abcbc12b1100658a9a17590f4
---
M src/kudu/client/batcher.cc
M src/kudu/client/client-internal.cc
M src/kudu/client/client-internal.h
M src/kudu/client/client-test.cc
M src/kudu/client/client.h
M src/kudu/client/scanner-internal.cc
M src/kudu/client/scanner-internal.h
M src/kudu/master/master.proto
M src/kudu/master/master_service.cc
M src/kudu/rpc/CMakeLists.txt
M src/kudu/rpc/retriable_rpc.h
M src/kudu/rpc/rpc.h
M src/kudu/rpc/rpc_header.proto
A src/kudu/rpc/rpc_verification_util.cc
A src/kudu/rpc/rpc_verification_util.h
M src/kudu/rpc/server_negotiation.cc
M src/kudu/tserver/tablet_service.cc
M src/kudu/tserver/tserver.proto
M src/kudu/tserver/tserver_service.proto
19 files changed, 678 insertions(+), 53 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/51/11751/2
--
To view, visit http://gerrit.cloudera.org:8080/11751
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I99555e0ab2d09d4abcbc12b1100658a9a17590f4
Gerrit-Change-Number: 11751
Gerrit-PatchSet: 2
Gerrit-Owner: Andrew Wong <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Hao Hao <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
