kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ale...@apache.org
Subject kudu git commit: KUDU-1941: more validation for RPC auth flags
Date Thu, 11 May 2017 01:40:44 GMT
Repository: kudu
Updated Branches:
  refs/heads/master 83885ffff -> 87ddf0ae2


KUDU-1941: more validation for RPC auth flags

With this patch, both master and tserver refuse to start if
authentication is 'required' but no authentication method is configured.

Prior to this patch, the inconsistency with the run-time configuration
could be detected at a later stage when a client would try to connect
to Kudu cluster.

Change-Id: I3c088fd6d7a695234e2955e09ca53626078b4e51
Reviewed-on: http://gerrit.cloudera.org:8080/6851
Reviewed-by: Adar Dembo <adar@cloudera.com>
Tested-by: Kudu Jenkins


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/87ddf0ae
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/87ddf0ae
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/87ddf0ae

Branch: refs/heads/master
Commit: 87ddf0ae2584f2394bb26d36c01c16e6719659db
Parents: 83885ff
Author: Alexey Serbin <aserbin@cloudera.com>
Authored: Wed May 10 18:04:25 2017 -0700
Committer: Alexey Serbin <aserbin@cloudera.com>
Committed: Thu May 11 01:39:00 2017 +0000

----------------------------------------------------------------------
 src/kudu/rpc/messenger.cc | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/87ddf0ae/src/kudu/rpc/messenger.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/messenger.cc b/src/kudu/rpc/messenger.cc
index 13d0841..28fea55 100644
--- a/src/kudu/rpc/messenger.cc
+++ b/src/kudu/rpc/messenger.cc
@@ -165,11 +165,20 @@ static bool ValidateRpcAuthnFlags() {
     return false;
   }
 
+  const bool has_keytab = !FLAGS_keytab_file.empty();
+  const bool has_cert = !FLAGS_rpc_certificate_file.empty();
+  if (authentication == RpcAuthentication::REQUIRED && !has_keytab && !has_cert)
{
+    LOG(ERROR) << "RPC authentication (--rpc_authentication) may not be "
+                  "required unless Kerberos (--keytab_file) or external PKI "
+                  "(--rpc_certificate_file et al) are configured";
+    return false;
+  }
+
   return true;
 }
 GROUP_FLAG_VALIDATOR(rpc_authn_flags, ValidateRpcAuthnFlags);
 
-static bool ValidatePkiFlags() {
+static bool ValidateExternalPkiFlags() {
   bool has_cert = !FLAGS_rpc_certificate_file.empty();
   bool has_key = !FLAGS_rpc_private_key_file.empty();
   bool has_ca = !FLAGS_rpc_ca_certificate_file.empty();
@@ -183,7 +192,7 @@ static bool ValidatePkiFlags() {
 
   return true;
 }
-GROUP_FLAG_VALIDATOR(pki_flags, ValidatePkiFlags);
+GROUP_FLAG_VALIDATOR(external_pki_flags, ValidateExternalPkiFlags);
 
 MessengerBuilder::MessengerBuilder(std::string name)
     : name_(std::move(name)),


Mime
View raw message