[kudu-CR](branch-1.17.x) [rpc] clean up JWT-related client-side negotiation code

Mon, 19 Jun 2023 11:18:48 -0700 

Hello Attila Bukor, Kudu Jenkins,

I'd like you to do a code review. Please visit

    http://gerrit.cloudera.org:8080/20092

to review the following change.


Change subject: [rpc] clean up JWT-related client-side negotiation code
......................................................................

[rpc] clean up JWT-related client-side negotiation code

Since now there is an API to add a trusted TLS certificate into the
chain of trusted certificates of a Kudu C++ client application, the
test-only flag --jwt_client_require_trusted_tls_cert is no longer
needed.  This patch removes the flag along with corresponding
test scenario.  Correspondingly, the client now verifies the server's
TLS certificate during TLS handshake since there isn't a case when
a client would send out its JWT to a server it doesn't trust once
the --jwt_client_require_trusted_tls_cert test-only flag is removed.

This patch also adds an extra logging about a connection negotiation
condition when the client has a JWT, but it doesn't trust the server's
TLS certificate.

In addition, I took the liberty of removing a few TODOs related to
KUDU-1921 since the referred functionality has already been implemented.

Change-Id: I85574ed05396fcf3740d9d068afa524cf125f5ff
Reviewed-on: http://gerrit.cloudera.org:8080/20076
Reviewed-by: Attila Bukor <[email protected]>
Tested-by: Kudu Jenkins
(cherry picked from commit 6b2077e48e1e96cf6520db09ddd8c2d3ca97334d)
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/rpc/client_negotiation.cc
2 files changed, 27 insertions(+), 49 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/92/20092/1
--
To view, visit http://gerrit.cloudera.org:8080/20092
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: branch-1.17.x
Gerrit-MessageType: newchange
Gerrit-Change-Id: I85574ed05396fcf3740d9d068afa524cf125f5ff
Gerrit-Change-Number: 20092
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)

Reply via email to