You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ratis.apache.org by "Tsz Wo Nicholas Sze (JIRA)" <ji...@apache.org> on 2018/12/14 06:22:00 UTC

[jira] [Comment Edited] (RATIS-246) Support secure gRPC endpoint with mTLS in Ratis

    [ https://issues.apache.org/jira/browse/RATIS-246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16720968#comment-16720968 ] 

Tsz Wo Nicholas Sze edited comment on RATIS-246 at 12/14/18 6:21 AM:
---------------------------------------------------------------------

Thanks [~xyao] for working on this.   We may run GrpcConfigKeys.main and the output for TLS is shown below.
{code}
  ******* interface org.apache.ratis.grpc.GrpcConfigKeys$TLS *******
  constant: LOG = org.slf4j.impl.Log4jLoggerAdapter(org.apache.ratis.grpc.GrpcConfigKeys$TLS)
  constant: TLS_ROOT_PREFIX = raft.grpc.tls
  key: raft.grpc.tls.enabled (java.lang.Boolean, default=false)
  WARNING: DEFAULT not found for field public static final java.lang.String org.apache.ratis.grpc.GrpcConfigKeys$TLS.TLS_MUTUAL_AUTHN_ENABLED_KEY
  key: raft.grpcmutual_authn.enabled (DEFAULT not found)
  key: raft.grpc.tls.private.key.file.name (java.lang.String, default=private.pem)
  key: raft.grpc.tls.cert.chain.file.name (java.lang.String, default=server.crt)
  key: raft.grpc.tls.trust.store (java.lang.String, default=ca.crt)
{code}
- raft.grpc.tls.enabled and mutual_authn.enabled can be declared using boolean (i.e, lower case 'b') unless we want to support null.
- TLS_MUTUAL_AUTHN_ENABLED_KEY and MUTUAL_TLS_ENABLED_DEFAULT does not match.  
{code}
 WARNING: DEFAULT not found for field public static final java.lang.String org.apache.ratis.grpc.GrpcConfigKeys$TLS.TLS_MUTUAL_AUTHN_ENABLED_KEY
{code}
We may rename them to MUTUAL_AUTHN_ENABLED_KEY and MUTUAL_AUTHN_ENABLED_DEFAULT, i.e. use the same prefix and drop 'TLS'.
- " raft.grpcmutual_authn.enabled" is missing ".tls." in the middle.
{code}
  key: raft.grpcmutual_authn.enabled (DEFAULT not found)
{code}
- Please feel free to use long lines in Ratis.  Our limit is 120 characters per line.

Will review other files.


was (Author: szetszwo):
Thanks [~xyao] for working on this.   We may run GrpcConfigKeys.main and the output for TLS is shown below.
{code}
  ******* interface org.apache.ratis.grpc.GrpcConfigKeys$TLS *******
  constant: LOG = org.slf4j.impl.Log4jLoggerAdapter(org.apache.ratis.grpc.GrpcConfigKeys$TLS)
  constant: TLS_ROOT_PREFIX = raft.grpc.tls
  key: raft.grpc.tls.enabled (java.lang.Boolean, default=false)
  WARNING: DEFAULT not found for field public static final java.lang.String org.apache.ratis.grpc.GrpcConfigKeys$TLS.TLS_MUTUAL_AUTHN_ENABLED_KEY
  key: raft.grpcmutual_authn.enabled (DEFAULT not found)
  key: raft.grpc.tls.private.key.file.name (java.lang.String, default=private.pem)
  key: raft.grpc.tls.cert.chain.file.name (java.lang.String, default=server.crt)
  key: raft.grpc.tls.trust.store (java.lang.String, default=ca.crt)
{code}
- raft.grpc.tls.enabled and mutual_authn.enabled can be declared using boolean (i.e, lower case 'b') unless we want to support null.
- TLS_MUTUAL_AUTHN_ENABLED_KEY and MUTUAL_TLS_ENABLED_DEFAULT does not match.  
{code}
 WARNING: DEFAULT not found for field public static final java.lang.String org.apache.ratis.grpc.GrpcConfigKeys$TLS.TLS_MUTUAL_AUTHN_ENABLED_KEY
{code}
We may rename them to MUTUAL_AUTHN_ENABLED_KEY and MUTUAL_AUTHN_ENABLED_DEFAULT, i.e. use the same prefix and drop 'TLS'.
- " raft.grpcmutual_authn.enabled" is missing a "."
{code}
  key: raft.grpcmutual_authn.enabled (DEFAULT not found)
{code}
- Please feel free to use long lines in Ratis.  Our limit is 120 characters per line.

Will review other files.

> Support secure gRPC endpoint with mTLS in Ratis
> -----------------------------------------------
>
>                 Key: RATIS-246
>                 URL: https://issues.apache.org/jira/browse/RATIS-246
>             Project: Ratis
>          Issue Type: New Feature
>          Components: gRPC, security
>            Reporter: Mukul Kumar Singh
>            Assignee: Xiaoyu Yao
>            Priority: Major
>              Labels: ozone
>         Attachments: RATIS-246.001.patch
>
>
> HDDS-115 discusses making GRPC endpoint secure with mTLS. This jira will track the work needed in Ratis to make grpc communication secure.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)