kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jdcry...@apache.org
Subject [1/2] kudu git commit: KUDU-1941: more validation for RPC auth flags
Date Fri, 12 May 2017 15:05:46 GMT
Repository: kudu
Updated Branches:
  refs/heads/branch-1.3.x ad9f6de83 -> a1234c05a


KUDU-1941: more validation for RPC auth flags

With this patch, both master and tserver refuse to start if
authentication is 'required' but no authentication method is configured.

Prior to this patch, the inconsistency with the run-time configuration
could be detected at a later stage when a client would try to connect
to Kudu cluster.

Change-Id: I3c088fd6d7a695234e2955e09ca53626078b4e51
Reviewed-on: http://gerrit.cloudera.org:8080/6851
Reviewed-by: Adar Dembo <adar@cloudera.com>
Tested-by: Kudu Jenkins
(cherry picked from commit 87ddf0ae2584f2394bb26d36c01c16e6719659db)
Reviewed-on: http://gerrit.cloudera.org:8080/6862
Tested-by: Alexey Serbin <aserbin@cloudera.com>
Reviewed-by: Todd Lipcon <todd@apache.org>
Reviewed-by: Jean-Daniel Cryans <jdcryans@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/436b3a4e
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/436b3a4e
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/436b3a4e

Branch: refs/heads/branch-1.3.x
Commit: 436b3a4e614720ad918f5eee23fe6155666aecd9
Parents: ad9f6de
Author: Alexey Serbin <aserbin@cloudera.com>
Authored: Wed May 10 18:04:25 2017 -0700
Committer: Jean-Daniel Cryans <jdcryans@apache.org>
Committed: Fri May 12 15:03:18 2017 +0000

----------------------------------------------------------------------
 src/kudu/rpc/messenger.cc | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/436b3a4e/src/kudu/rpc/messenger.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/messenger.cc b/src/kudu/rpc/messenger.cc
index f13adb2..d307ce8 100644
--- a/src/kudu/rpc/messenger.cc
+++ b/src/kudu/rpc/messenger.cc
@@ -164,11 +164,20 @@ static bool ValidateRpcAuthnFlags() {
     return false;
   }
 
+  const bool has_keytab = !FLAGS_keytab_file.empty();
+  const bool has_cert = !FLAGS_rpc_certificate_file.empty();
+  if (authentication == RpcAuthentication::REQUIRED && !has_keytab && !has_cert)
{
+    LOG(ERROR) << "RPC authentication (--rpc_authentication) may not be "
+                  "required unless Kerberos (--keytab_file) or external PKI "
+                  "(--rpc_certificate_file et al) are configured";
+    return false;
+  }
+
   return true;
 }
 GROUP_FLAG_VALIDATOR(rpc_authn_flags, ValidateRpcAuthnFlags);
 
-static bool ValidatePkiFlags() {
+static bool ValidateExternalPkiFlags() {
   bool has_cert = !FLAGS_rpc_certificate_file.empty();
   bool has_key = !FLAGS_rpc_private_key_file.empty();
   bool has_ca = !FLAGS_rpc_ca_certificate_file.empty();
@@ -182,7 +191,7 @@ static bool ValidatePkiFlags() {
 
   return true;
 }
-GROUP_FLAG_VALIDATOR(pki_flags, ValidatePkiFlags);
+GROUP_FLAG_VALIDATOR(external_pki_flags, ValidateExternalPkiFlags);
 
 MessengerBuilder::MessengerBuilder(std::string name)
     : name_(std::move(name)),


Mime
View raw message