Hello Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/5930
to look at the new patch set (#3).
Change subject: WIP [security] tailored TokenSigner for system catalog
......................................................................
WIP [security] tailored TokenSigner for system catalog
Updated the TokenSigner class in preparation to loading
public part of token signing keys from the system catalog.
The expected use-case for the TokenSigner is calling
AddTokenSigningPublicKey() multiple times while loading public part
of TSKs from the system catalog and subsequent call of Init().
That's the sequence to be exercised by a master server upon becoming
a leader. It's possible to run this sequence multiple times
on the same instance of TokenSigner, generating new signing keys
only when already existing signing keys are about to expire.
Also, the TokenSigner class now embeds the logic to rotate its
signing key on Init(), if necessary.
Change-Id: Ie2417e2ccba6a1114db366b2f642f95362bf479c
---
M src/kudu/master/authn_token_manager.cc
M src/kudu/master/authn_token_manager.h
M src/kudu/master/master.cc
M src/kudu/security/token-test.cc
M src/kudu/security/token_signer.cc
M src/kudu/security/token_signer.h
M src/kudu/security/token_signing_key.cc
M src/kudu/security/token_signing_key.h
8 files changed, 307 insertions(+), 54 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/30/5930/3
--
To view, visit http://gerrit.cloudera.org:8080/5930
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ie2417e2ccba6a1114db366b2f642f95362bf479c
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
