Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/20050 )
Change subject: KUDU-3448 Add support for encrypting existing keys ...................................................................... Patch Set 9: Code-Review+1 (4 comments) Overall looks good to me, just a request to add a test and add more logging for traceability. http://gerrit.cloudera.org:8080/#/c/20050/9//COMMIT_MSG Commit Message: PS9: Is it possible to add a new test scenario to verify that switching from non-encrypted to encrypted keys works as expected? That's to cover the newly introduced functionality, and to catch regressions (if any) in the future. The scenario seems to be straightforward: * create a start a new Kudu cluster with IPKI and TSK keys stored non-encrypted in the system catalog * create a new a Kudu client, connect to the cluster, create a table, write some data into the table * stop the cluster * add the flags to store the keys encrypted * start the cluster back * make sure the client that has the CA cert from the prior run of the cluster (that was with non-encrypted keys) is able to connect to the cluster using its authn keys, and read back the data * restart cluster one more time when keys are already stored encrypted in the system catalog (to make sure it works as expected when the keys are stored encrypted) * make sure the same client is still able to connect to the cluster and read/write data http://gerrit.cloudera.org:8080/#/c/20050/9/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/20050/9/src/kudu/master/catalog_manager.cc@1363 PS9, Line 1363: VLOG(1) Since that's going to be just a single run when this happens, maybe change VLOG(1) into LOG(INFO)? http://gerrit.cloudera.org:8080/#/c/20050/9/src/kudu/master/catalog_manager.cc@1373 PS9, Line 1373: VLOG(1) ditto http://gerrit.cloudera.org:8080/#/c/20050/9/src/kudu/master/sys_catalog.h File src/kudu/master/sys_catalog.h: http://gerrit.cloudera.org:8080/#/c/20050/9/src/kudu/master/sys_catalog.h@271 PS9, Line 271: into nit: in -- To view, visit http://gerrit.cloudera.org:8080/20050 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ide6ec4fb86325897f2b011aee9643d276044279d Gerrit-Change-Number: 20050 Gerrit-PatchSet: 9 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Marton Greber <[email protected]> Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Sun, 25 Jun 2023 23:24:11 +0000 Gerrit-HasComments: Yes
