You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2022/02/05 05:40:03 UTC
[kudu] branch master updated (f4fa4d2 -> 205710c)
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git.
from f4fa4d2 [asan] improve asan success rate, kerberos context init and destroy
new 2392bf7 [tablet] fix compilation warning in rowset_info.cc
new 205710c [security] VerificationResult --> TokenVerificationResult
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../security-unknown-tsk-itest.cc | 5 +--
src/kudu/integration-tests/token_signer-itest.cc | 16 +++++-----
src/kudu/rpc/rpc_verification_util.cc | 24 +++++++-------
src/kudu/rpc/rpc_verification_util.h | 9 +++---
src/kudu/rpc/server_negotiation.cc | 14 ++++----
src/kudu/security/token-test.cc | 37 ++++++++++++----------
src/kudu/security/token_verifier.cc | 37 +++++++++++-----------
src/kudu/security/token_verifier.h | 10 +++---
src/kudu/tablet/rowset_info.cc | 2 +-
src/kudu/tserver/tablet_service.cc | 4 +--
10 files changed, 81 insertions(+), 77 deletions(-)
[kudu] 02/02: [security] VerificationResult --> TokenVerificationResult
Posted by al...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 205710c9246ea847b19d6d923297bcf5002cd70b
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Fri Feb 4 18:28:47 2022 -0800
[security] VerificationResult --> TokenVerificationResult
In this patch I renamed a few authn token-related functions and types
in preparation to JWT-related changes in follow-up changelists.
This patch doesn't contain any functional modifications.
Change-Id: I1c3eaf4f41800735620aca7869addd38181a4d52
Reviewed-on: http://gerrit.cloudera.org:8080/18201
Tested-by: Kudu Jenkins
Reviewed-by: Andrew Wong <aw...@cloudera.com>
---
.../security-unknown-tsk-itest.cc | 5 +--
src/kudu/integration-tests/token_signer-itest.cc | 16 +++++-----
src/kudu/rpc/rpc_verification_util.cc | 24 +++++++-------
src/kudu/rpc/rpc_verification_util.h | 9 +++---
src/kudu/rpc/server_negotiation.cc | 14 ++++----
src/kudu/security/token-test.cc | 37 ++++++++++++----------
src/kudu/security/token_verifier.cc | 37 +++++++++++-----------
src/kudu/security/token_verifier.h | 10 +++---
src/kudu/tserver/tablet_service.cc | 4 +--
9 files changed, 80 insertions(+), 76 deletions(-)
diff --git a/src/kudu/integration-tests/security-unknown-tsk-itest.cc b/src/kudu/integration-tests/security-unknown-tsk-itest.cc
index 57d61a6..bb729d3 100644
--- a/src/kudu/integration-tests/security-unknown-tsk-itest.cc
+++ b/src/kudu/integration-tests/security-unknown-tsk-itest.cc
@@ -85,7 +85,7 @@ using security::TokenPB;
using security::TokenSigner;
using security::TokenSigningPrivateKeyPB;
using security::TokenVerifier;
-using security::VerificationResult;
+using security::TokenVerificationResult;
class SecurityUnknownTskTest : public KuduTest {
public:
@@ -151,7 +151,8 @@ class SecurityUnknownTskTest : public KuduTest {
TokenSigner* signer = cluster_->mini_master()->master()->token_signer();
TokenPB token;
const TokenVerifier& verifier = signer->verifier();
- if (verifier.VerifyTokenSignature(*authn_token, &token) != VerificationResult::VALID) {
+ if (verifier.VerifyTokenSignature(*authn_token, &token) !=
+ TokenVerificationResult::VALID) {
return Status::RuntimeError("current client authn token is not valid");
}
diff --git a/src/kudu/integration-tests/token_signer-itest.cc b/src/kudu/integration-tests/token_signer-itest.cc
index be07721..cfffddc 100644
--- a/src/kudu/integration-tests/token_signer-itest.cc
+++ b/src/kudu/integration-tests/token_signer-itest.cc
@@ -54,7 +54,7 @@ using kudu::cluster::InternalMiniClusterOptions;
using kudu::security::TokenPB;
using kudu::security::TokenSigningPublicKeyPB;
using kudu::security::SignedTokenPB;
-using kudu::security::VerificationResult;
+using kudu::security::TokenVerificationResult;
namespace kudu {
namespace master {
@@ -235,9 +235,9 @@ TEST_F(TokenSignerITest, AuthnTokenLifecycle) {
// There might be some delay due to parallel OS activity, but the public
// part of TSK should reach all tablet servers in a few heartbeat intervals.
AssertEventually([&] {
- const VerificationResult res = ts->messenger()->token_verifier().
+ const TokenVerificationResult res = ts->messenger()->token_verifier().
VerifyTokenSignature(stoken, &token);
- ASSERT_EQ(VerificationResult::VALID, res);
+ ASSERT_EQ(TokenVerificationResult::VALID, res);
}, MonoDelta::FromMilliseconds(5L * FLAGS_heartbeat_interval_ms));
NO_PENDING_FATALS();
}
@@ -276,9 +276,9 @@ TEST_F(TokenSignerITest, AuthnTokenLifecycle) {
ASSERT_NE(nullptr, ts);
const int64_t time_pre = WallTime_Now();
TokenPB token;
- const VerificationResult res = ts->messenger()->token_verifier().
- VerifyTokenSignature(stoken_eotai, &token);
- if (res == VerificationResult::VALID) {
+ const auto res = ts->messenger()->token_verifier().VerifyTokenSignature(
+ stoken_eotai, &token);
+ if (res == TokenVerificationResult::VALID) {
// Both authn token and its TSK should be valid.
valid_at_tserver[i] = true;
ASSERT_GE(token.expire_unix_epoch_seconds(), time_pre);
@@ -286,7 +286,7 @@ TEST_F(TokenSignerITest, AuthnTokenLifecycle) {
} else {
expired_at_tserver[i] = true;
// The only expected error here is EXPIRED_TOKEN.
- ASSERT_EQ(VerificationResult::EXPIRED_TOKEN, res);
+ ASSERT_EQ(TokenVerificationResult::EXPIRED_TOKEN, res);
const int64_t time_post = WallTime_Now();
ASSERT_LT(token.expire_unix_epoch_seconds(), time_post);
}
@@ -312,7 +312,7 @@ TEST_F(TokenSignerITest, AuthnTokenLifecycle) {
const tserver::TabletServer* ts = cluster_->mini_tablet_server(i)->server();
ASSERT_NE(nullptr, ts);
TokenPB token;
- ASSERT_EQ(VerificationResult::EXPIRED_TOKEN,
+ ASSERT_EQ(TokenVerificationResult::EXPIRED_TOKEN,
ts->messenger()->token_verifier().
VerifyTokenSignature(stoken_eotai, &token));
}
diff --git a/src/kudu/rpc/rpc_verification_util.cc b/src/kudu/rpc/rpc_verification_util.cc
index c0bf8b1..27c8af4 100644
--- a/src/kudu/rpc/rpc_verification_util.cc
+++ b/src/kudu/rpc/rpc_verification_util.cc
@@ -26,33 +26,33 @@
namespace kudu {
-using security::VerificationResult;
+using security::TokenVerificationResult;
namespace rpc {
-Status ParseVerificationResult(const VerificationResult& result,
- ErrorStatusPB::RpcErrorCodePB retry_error,
- ErrorStatusPB::RpcErrorCodePB* error) {
+Status ParseTokenVerificationResult(const TokenVerificationResult& result,
+ ErrorStatusPB::RpcErrorCodePB retry_error,
+ ErrorStatusPB::RpcErrorCodePB* error) {
DCHECK(error);
switch (result) {
- case VerificationResult::VALID: return Status::OK();
+ case TokenVerificationResult::VALID: return Status::OK();
- case VerificationResult::INVALID_TOKEN:
- case VerificationResult::INVALID_SIGNATURE:
- case VerificationResult::EXPIRED_TOKEN:
- case VerificationResult::EXPIRED_SIGNING_KEY: {
+ case TokenVerificationResult::INVALID_TOKEN:
+ case TokenVerificationResult::INVALID_SIGNATURE:
+ case TokenVerificationResult::EXPIRED_TOKEN:
+ case TokenVerificationResult::EXPIRED_SIGNING_KEY: {
// These errors indicate the client should get a new token and try again.
*error = retry_error;
break;
}
- case VerificationResult::UNKNOWN_SIGNING_KEY: {
+ case TokenVerificationResult::UNKNOWN_SIGNING_KEY: {
// The server doesn't recognize the signing key. This indicates that the
// server has not been updated with the most recent TSKs, so tell the
// client to try again later.
*error = ErrorStatusPB::ERROR_UNAVAILABLE;
break;
}
- case VerificationResult::INCOMPATIBLE_FEATURE: {
+ case TokenVerificationResult::INCOMPATIBLE_FEATURE: {
// These error types aren't recoverable by having the client get a new token.
*error = ErrorStatusPB::FATAL_UNAUTHORIZED;
break;
@@ -60,7 +60,7 @@ Status ParseVerificationResult(const VerificationResult& result,
default:
LOG(FATAL) << "Unknown verification result: " << static_cast<int>(result);
}
- return Status::NotAuthorized(VerificationResultToString(result));
+ return Status::NotAuthorized(TokenVerificationResultToString(result));
}
} // namespace rpc
diff --git a/src/kudu/rpc/rpc_verification_util.h b/src/kudu/rpc/rpc_verification_util.h
index 0c15b9c..cc626be 100644
--- a/src/kudu/rpc/rpc_verification_util.h
+++ b/src/kudu/rpc/rpc_verification_util.h
@@ -23,7 +23,7 @@
namespace kudu {
namespace security {
-enum class VerificationResult;
+enum class TokenVerificationResult;
} // namespace security
namespace rpc {
@@ -33,9 +33,10 @@ namespace rpc {
// otherwise returns non-OK and sets 'error' appropriately.
// 'retry_error' is the error code to be returned to denote that verification
// should be retried after retrieving a new token.
-Status ParseVerificationResult(const security::VerificationResult& result,
- ErrorStatusPB::RpcErrorCodePB retry_error,
- ErrorStatusPB::RpcErrorCodePB* error);
+Status ParseTokenVerificationResult(
+ const security::TokenVerificationResult& result,
+ ErrorStatusPB::RpcErrorCodePB retry_error,
+ ErrorStatusPB::RpcErrorCodePB* error);
} // namespace rpc
} // namespace kudu
diff --git a/src/kudu/rpc/server_negotiation.cc b/src/kudu/rpc/server_negotiation.cc
index 0f373e5..bcbebf6 100644
--- a/src/kudu/rpc/server_negotiation.cc
+++ b/src/kudu/rpc/server_negotiation.cc
@@ -701,7 +701,7 @@ Status ServerNegotiation::AuthenticateByToken(faststring* recv_buf) {
security::TokenPB token;
auto verification_result = token_verifier_->VerifyTokenSignature(pb.authn_token(), &token);
ErrorStatusPB::RpcErrorCodePB error;
- Status s = ParseVerificationResult(verification_result,
+ Status s = ParseTokenVerificationResult(verification_result,
ErrorStatusPB::FATAL_INVALID_AUTHENTICATION_TOKEN, &error);
if (!s.ok()) {
RETURN_NOT_OK(SendError(error, s));
@@ -722,26 +722,26 @@ Status ServerNegotiation::AuthenticateByToken(faststring* recv_buf) {
}
if (PREDICT_FALSE(FLAGS_rpc_inject_invalid_authn_token_ratio > 0)) {
- security::VerificationResult res;
+ security::TokenVerificationResult res;
int sel = rand() % 4;
switch (sel) {
case 0:
- res = security::VerificationResult::INVALID_TOKEN;
+ res = security::TokenVerificationResult::INVALID_TOKEN;
break;
case 1:
- res = security::VerificationResult::INVALID_SIGNATURE;
+ res = security::TokenVerificationResult::INVALID_SIGNATURE;
break;
case 2:
- res = security::VerificationResult::EXPIRED_TOKEN;
+ res = security::TokenVerificationResult::EXPIRED_TOKEN;
break;
case 3:
- res = security::VerificationResult::EXPIRED_SIGNING_KEY;
+ res = security::TokenVerificationResult::EXPIRED_SIGNING_KEY;
break;
default:
LOG(FATAL) << "unreachable";
}
if (kudu::fault_injection::MaybeTrue(FLAGS_rpc_inject_invalid_authn_token_ratio)) {
- Status s = Status::NotAuthorized(VerificationResultToString(res));
+ Status s = Status::NotAuthorized(TokenVerificationResultToString(res));
RETURN_NOT_OK(SendError(ErrorStatusPB::FATAL_INVALID_AUTHENTICATION_TOKEN, s));
return s;
}
diff --git a/src/kudu/security/token-test.cc b/src/kudu/security/token-test.cc
index 3f1cd32..158cb91 100644
--- a/src/kudu/security/token-test.cc
+++ b/src/kudu/security/token-test.cc
@@ -412,7 +412,7 @@ TEST_F(TokenTest, TestGenerateAuthzToken) {
&signed_token_pb));
ASSERT_TRUE(signed_token_pb.has_token_data());
TokenPB token_pb;
- ASSERT_EQ(VerificationResult::VALID,
+ ASSERT_EQ(TokenVerificationResult::VALID,
verifier->VerifyTokenSignature(signed_token_pb, &token_pb));
ASSERT_TRUE(token_pb.has_authz());
ASSERT_EQ(kAuthorized, token_pb.authz().username());
@@ -619,11 +619,11 @@ TEST_F(TokenTest, TestEndToEnd_Valid) {
TokenVerifier verifier;
ASSERT_OK(verifier.ImportKeys(signer.verifier().ExportKeys()));
TokenPB token;
- ASSERT_EQ(VerificationResult::VALID, verifier.VerifyTokenSignature(signed_token, &token));
+ ASSERT_EQ(TokenVerificationResult::VALID, verifier.VerifyTokenSignature(signed_token, &token));
}
// Test all of the possible cases covered by token verification.
-// See VerificationResult.
+// See TokenVerificationResult.
TEST_F(TokenTest, TestEndToEnd_InvalidCases) {
// Key rotation interval 0 allows adding 2 keys in a row with no delay.
TokenSigner signer(kTokenValiditySeconds, kTokenValiditySeconds, 0);
@@ -643,7 +643,7 @@ TEST_F(TokenTest, TestEndToEnd_InvalidCases) {
ASSERT_OK(signer.SignToken(&signed_token));
signed_token.set_token_data("xyz");
TokenPB token;
- ASSERT_EQ(VerificationResult::INVALID_TOKEN,
+ ASSERT_EQ(TokenVerificationResult::INVALID_TOKEN,
verifier.VerifyTokenSignature(signed_token, &token));
}
@@ -653,7 +653,7 @@ TEST_F(TokenTest, TestEndToEnd_InvalidCases) {
ASSERT_OK(signer.SignToken(&signed_token));
signed_token.set_signature("xyz");
TokenPB token;
- ASSERT_EQ(VerificationResult::INVALID_SIGNATURE,
+ ASSERT_EQ(TokenVerificationResult::INVALID_SIGNATURE,
verifier.VerifyTokenSignature(signed_token, &token));
}
@@ -662,7 +662,7 @@ TEST_F(TokenTest, TestEndToEnd_InvalidCases) {
SignedTokenPB signed_token = MakeUnsignedToken(WallTime_Now() - 10);
ASSERT_OK(signer.SignToken(&signed_token));
TokenPB token;
- ASSERT_EQ(VerificationResult::EXPIRED_TOKEN,
+ ASSERT_EQ(TokenVerificationResult::EXPIRED_TOKEN,
verifier.VerifyTokenSignature(signed_token, &token));
}
@@ -671,7 +671,7 @@ TEST_F(TokenTest, TestEndToEnd_InvalidCases) {
SignedTokenPB signed_token = MakeIncompatibleToken();
ASSERT_OK(signer.SignToken(&signed_token));
TokenPB token;
- ASSERT_EQ(VerificationResult::INCOMPATIBLE_FEATURE,
+ ASSERT_EQ(TokenVerificationResult::INCOMPATIBLE_FEATURE,
verifier.VerifyTokenSignature(signed_token, &token));
}
@@ -690,7 +690,7 @@ TEST_F(TokenTest, TestEndToEnd_InvalidCases) {
SignedTokenPB signed_token = MakeUnsignedToken(WallTime_Now() + 600);
ASSERT_OK(signer.SignToken(&signed_token));
TokenPB token;
- ASSERT_EQ(VerificationResult::UNKNOWN_SIGNING_KEY,
+ ASSERT_EQ(TokenVerificationResult::UNKNOWN_SIGNING_KEY,
verifier.VerifyTokenSignature(signed_token, &token));
}
@@ -713,7 +713,7 @@ TEST_F(TokenTest, TestEndToEnd_InvalidCases) {
// Current implementation allows to use an expired key to sign tokens.
ASSERT_OK(signer.SignToken(&signed_token));
TokenPB token;
- ASSERT_EQ(VerificationResult::EXPIRED_SIGNING_KEY,
+ ASSERT_EQ(TokenVerificationResult::EXPIRED_SIGNING_KEY,
verifier.VerifyTokenSignature(signed_token, &token));
}
}
@@ -771,20 +771,23 @@ TEST_F(TokenTest, TestVaryingTokenValidityIntervals) {
ASSERT_OK(signer.GenerateAuthzToken(kUser, table_privilege, &signed_authz));
TokenPB authn_token;
TokenPB authz_token;
- ASSERT_EQ(VerificationResult::VALID, verifier->VerifyTokenSignature(signed_authn, &authn_token));
- ASSERT_EQ(VerificationResult::VALID, verifier->VerifyTokenSignature(signed_authz, &authz_token));
+ ASSERT_EQ(TokenVerificationResult::VALID,
+ verifier->VerifyTokenSignature(signed_authn, &authn_token));
+ ASSERT_EQ(TokenVerificationResult::VALID,
+ verifier->VerifyTokenSignature(signed_authz, &authz_token));
// Wait for the authz validity interval to pass and verify its expiration.
SleepFor(MonoDelta::FromSeconds(1 + kShortValiditySeconds));
- EXPECT_EQ(VerificationResult::VALID, verifier->VerifyTokenSignature(signed_authn, &authn_token));
- EXPECT_EQ(VerificationResult::EXPIRED_TOKEN,
+ EXPECT_EQ(TokenVerificationResult::VALID,
+ verifier->VerifyTokenSignature(signed_authn, &authn_token));
+ EXPECT_EQ(TokenVerificationResult::EXPIRED_TOKEN,
verifier->VerifyTokenSignature(signed_authz, &authz_token));
// Wait for the authn validity interval to pass and verify its expiration.
SleepFor(MonoDelta::FromSeconds(kLongValiditySeconds - kShortValiditySeconds));
- EXPECT_EQ(VerificationResult::EXPIRED_TOKEN,
+ EXPECT_EQ(TokenVerificationResult::EXPIRED_TOKEN,
verifier->VerifyTokenSignature(signed_authn, &authn_token));
- EXPECT_EQ(VerificationResult::EXPIRED_TOKEN,
+ EXPECT_EQ(TokenVerificationResult::EXPIRED_TOKEN,
verifier->VerifyTokenSignature(signed_authz, &authz_token));
}
@@ -837,9 +840,9 @@ TEST_F(TokenTest, TestKeyValidity) {
TokenPB token_pb;
const auto result = verifier->VerifyTokenSignature(signed_token, &token_pb);
const auto expire_secs = token_pb.expire_unix_epoch_seconds();
- ASSERT_EQ(VerificationResult::EXPIRED_TOKEN, result)
+ ASSERT_EQ(TokenVerificationResult::EXPIRED_TOKEN, result)
<< Substitute("validation result '$0': $1 token expires at $2, now $3",
- VerificationResultToString(result), token_type,
+ TokenVerificationResultToString(result), token_type,
expire_secs, WallTime_Now());
};
diff --git a/src/kudu/security/token_verifier.cc b/src/kudu/security/token_verifier.cc
index e3aef4c..373c272 100644
--- a/src/kudu/security/token_verifier.cc
+++ b/src/kudu/security/token_verifier.cc
@@ -103,29 +103,29 @@ std::vector<TokenSigningPublicKeyPB> TokenVerifier::ExportKeys(
}
// Verify the signature on the given token.
-VerificationResult TokenVerifier::VerifyTokenSignature(const SignedTokenPB& signed_token,
- TokenPB* token) const {
+TokenVerificationResult TokenVerifier::VerifyTokenSignature(
+ const SignedTokenPB& signed_token, TokenPB* token) const {
if (!signed_token.has_signature() ||
!signed_token.has_signing_key_seq_num() ||
!signed_token.has_token_data()) {
- return VerificationResult::INVALID_TOKEN;
+ return TokenVerificationResult::INVALID_TOKEN;
}
if (!token->ParseFromString(signed_token.token_data()) ||
!token->has_expire_unix_epoch_seconds()) {
- return VerificationResult::INVALID_TOKEN;
+ return TokenVerificationResult::INVALID_TOKEN;
}
int64_t now = WallTime_Now();
if (token->expire_unix_epoch_seconds() < now) {
- return VerificationResult::EXPIRED_TOKEN;
+ return TokenVerificationResult::EXPIRED_TOKEN;
}
for (auto flag : token->incompatible_features()) {
if (!TokenPB::Feature_IsValid(flag)) {
KLOG_EVERY_N_SECS(WARNING, 60) << "received token with unknown feature; "
"server needs to be updated";
- return VerificationResult::INCOMPATIBLE_FEATURE;
+ return TokenVerificationResult::INCOMPATIBLE_FEATURE;
}
}
@@ -133,34 +133,34 @@ VerificationResult TokenVerifier::VerifyTokenSignature(const SignedTokenPB& sign
shared_lock<RWMutex> l(lock_);
auto* tsk = FindPointeeOrNull(keys_by_seq_, signed_token.signing_key_seq_num());
if (!tsk) {
- return VerificationResult::UNKNOWN_SIGNING_KEY;
+ return TokenVerificationResult::UNKNOWN_SIGNING_KEY;
}
if (tsk->pb().expire_unix_epoch_seconds() < now) {
- return VerificationResult::EXPIRED_SIGNING_KEY;
+ return TokenVerificationResult::EXPIRED_SIGNING_KEY;
}
if (!tsk->VerifySignature(signed_token)) {
- return VerificationResult::INVALID_SIGNATURE;
+ return TokenVerificationResult::INVALID_SIGNATURE;
}
}
- return VerificationResult::VALID;
+ return TokenVerificationResult::VALID;
}
-const char* VerificationResultToString(VerificationResult r) {
+const char* TokenVerificationResultToString(TokenVerificationResult r) {
switch (r) {
- case security::VerificationResult::VALID:
+ case security::TokenVerificationResult::VALID:
return "valid";
- case security::VerificationResult::INVALID_TOKEN:
+ case security::TokenVerificationResult::INVALID_TOKEN:
return "invalid token";
- case security::VerificationResult::INVALID_SIGNATURE:
+ case security::TokenVerificationResult::INVALID_SIGNATURE:
return "invalid token signature";
- case security::VerificationResult::EXPIRED_TOKEN:
+ case security::TokenVerificationResult::EXPIRED_TOKEN:
return "token expired";
- case security::VerificationResult::EXPIRED_SIGNING_KEY:
+ case security::TokenVerificationResult::EXPIRED_SIGNING_KEY:
return "token signing key expired";
- case security::VerificationResult::UNKNOWN_SIGNING_KEY:
+ case security::TokenVerificationResult::UNKNOWN_SIGNING_KEY:
return "token signed with unknown key";
- case security::VerificationResult::INCOMPATIBLE_FEATURE:
+ case security::TokenVerificationResult::INCOMPATIBLE_FEATURE:
return "token uses incompatible feature";
default:
LOG(FATAL) << "unexpected VerificationResult value: "
@@ -170,4 +170,3 @@ const char* VerificationResultToString(VerificationResult r) {
} // namespace security
} // namespace kudu
-
diff --git a/src/kudu/security/token_verifier.h b/src/kudu/security/token_verifier.h
index 8d5d176..36a6e09 100644
--- a/src/kudu/security/token_verifier.h
+++ b/src/kudu/security/token_verifier.h
@@ -35,7 +35,7 @@ class SignedTokenPB;
class TokenPB;
class TokenSigningPublicKey;
class TokenSigningPublicKeyPB;
-enum class VerificationResult;
+enum class TokenVerificationResult;
// Class responsible for verifying tokens provided to a server.
//
@@ -85,8 +85,8 @@ class TokenVerifier {
// Verify the signature on the given signed token, and deserialize the
// contents into 'token'.
- VerificationResult VerifyTokenSignature(const SignedTokenPB& signed_token,
- TokenPB* token) const;
+ TokenVerificationResult VerifyTokenSignature(
+ const SignedTokenPB& signed_token, TokenPB* token) const;
private:
typedef std::map<int64_t, std::unique_ptr<TokenSigningPublicKey>> KeysMap;
@@ -100,7 +100,7 @@ class TokenVerifier {
// Result of a token verification.
// Values added to this enum must also be added to VerificationResultToString().
-enum class VerificationResult {
+enum class TokenVerificationResult {
// The signature is valid and the token is not expired.
VALID,
// The token itself is invalid (e.g. missing its signature or data,
@@ -120,7 +120,7 @@ enum class VerificationResult {
INCOMPATIBLE_FEATURE
};
-const char* VerificationResultToString(VerificationResult r);
+const char* TokenVerificationResultToString(TokenVerificationResult r);
} // namespace security
} // namespace kudu
diff --git a/src/kudu/tserver/tablet_service.cc b/src/kudu/tserver/tablet_service.cc
index 53c78a1..d37bf08 100644
--- a/src/kudu/tserver/tablet_service.cc
+++ b/src/kudu/tserver/tablet_service.cc
@@ -222,7 +222,7 @@ using kudu::fault_injection::MaybeTrue;
using kudu::pb_util::SecureDebugString;
using kudu::pb_util::SecureShortDebugString;
using kudu::rpc::ErrorStatusPB;
-using kudu::rpc::ParseVerificationResult;
+using kudu::rpc::ParseTokenVerificationResult;
using kudu::rpc::RpcContext;
using kudu::rpc::RpcSidecar;
using kudu::security::TokenPB;
@@ -621,7 +621,7 @@ static bool VerifyAuthzTokenOrRespond(const TokenVerifier& token_verifier,
TokenPB token_pb;
const auto result = token_verifier.VerifyTokenSignature(req.authz_token(), &token_pb);
ErrorStatusPB::RpcErrorCodePB error;
- Status s = ParseVerificationResult(result,
+ Status s = ParseTokenVerificationResult(result,
ErrorStatusPB::ERROR_INVALID_AUTHORIZATION_TOKEN, &error);
if (!s.ok()) {
context->RespondRpcFailure(error, s.CloneAndPrepend("authz token verification failure"));
[kudu] 01/02: [tablet] fix compilation warning in rowset_info.cc
Posted by al...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 2392bf72a0abc0cb02b0e67633e29f69be3baf2f
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Fri Feb 4 20:35:27 2022 -0800
[tablet] fix compilation warning in rowset_info.cc
src/kudu/tablet/rowset_info.cc:207:21: warning: loop variable 'col_id' of type 'const kudu::ColumnId' creates a copy from type 'const kudu::ColumnId' [-Wrange-loop-analysis]
for (const auto col_id : col_ids) {
^
src/kudu/tablet/rowset_info.cc:207:10: note: use reference type 'const kudu::ColumnId &' to prevent copying
for (const auto col_id : col_ids) {
^~~~~~~~~~~~~~~~~~~
&
Change-Id: I25379f9764d7c6c6699740a06877301b624c1f54
Reviewed-on: http://gerrit.cloudera.org:8080/18202
Reviewed-by: Andrew Wong <aw...@cloudera.com>
Tested-by: Alexey Serbin <as...@cloudera.com>
---
src/kudu/tablet/rowset_info.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kudu/tablet/rowset_info.cc b/src/kudu/tablet/rowset_info.cc
index 069dde5..37d2016 100644
--- a/src/kudu/tablet/rowset_info.cc
+++ b/src/kudu/tablet/rowset_info.cc
@@ -204,7 +204,7 @@ double WidthByDataSize(const Slice& prev, const Slice& next,
for (const auto& rs_rsi : active) {
double fraction = StringFractionInRange(rs_rsi.second, prev, next);
- for (const auto col_id : col_ids) {
+ for (const auto& col_id : col_ids) {
weight += rs_rsi.second->size_bytes(col_id) * fraction;
}
}