Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/20050 )
Change subject: KUDU-3448 Add support for encrypting existing keys ...................................................................... Patch Set 5: (2 comments) http://gerrit.cloudera.org:8080/#/c/20050/5/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/20050/5/src/kudu/master/catalog_manager.cc@1351 PS5, Line 1351: RETURN_NOT_OK_PREPEND(sys_catalog_->AddCertAuthorityEntry(info), : "IPKI certificate couldn't be written to syscatalog"); > I'm not sure I agree, we're not generating a new CA in this case, just chan The idea is to move this 're-encrypt' logic at the level of InitCertAuthority(), to be called from the same place as StoreCertAuthorityInfo(). LoadCertAuthorityInfo() called from follower master shouldn't even try to update the information in the system catalog, so that's one more fact against having this logic here in LoadCertAuthorityInfo(). http://gerrit.cloudera.org:8080/#/c/20050/6/src/kudu/master/sys_catalog.cc File src/kudu/master/sys_catalog.cc: http://gerrit.cloudera.org:8080/#/c/20050/6/src/kudu/master/sys_catalog.cc@933 PS6, Line 933: WriteRequestPB req; : req.set_tablet_id(kSysCatalogTabletId); : CHECK_OK(SchemaToPB(schema_, req.mutable_schema())); : : CHECK(entry.tsk().has_key_seq_num()); : CHECK(entry.tsk().has_expire_unix_epoch_seconds()); : CHECK(entry.tsk().has_rsa_key_der()); : : faststring metadata_buf; : pb_util::SerializeToString(entry, &metadata_buf); : : // This is crucial to keep entry_id alive until its put into the : // WriteRequestPB object by RowOperationsPBEncoder. : const string entry_id = TskSeqNumberToEntryId(entry.tsk().key_seq_num()); : : KuduPartialRow row(&sc Is it possible to have an utility method that's parameterized by the operation, and UpdateCertAuthorityEntry() and AddCertAuthorityEntry() would call the method with corresponding parameter set? -- To view, visit http://gerrit.cloudera.org:8080/20050 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ide6ec4fb86325897f2b011aee9643d276044279d Gerrit-Change-Number: 20050 Gerrit-PatchSet: 5 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Marton Greber <[email protected]> Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Wed, 21 Jun 2023 18:36:24 +0000 Gerrit-HasComments: Yes
