Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: Add CREATE JOINTOKEN statement, gated behind feature flag #61810

Closed
wants to merge 2 commits into from
Closed

sql: Add CREATE JOINTOKEN statement, gated behind feature flag #61810

wants to merge 2 commits into from

Conversation

itsbilal
Copy link
Contributor

Adds a CREATE JOINTOKEN statement for use in TLS auto-joins.
This statement, when run on a self-hosted single-tenant
Cockroach node, creates and returns a new join token. This
join token can then be copy-pasted to new nodes and used
to give them the set of certificates for secure auto TLS
initialization.

See RFC #51991. Part of #60632.

Release justification: New code path, gated behind an
experimental feature flag.
Release note: None.

@itsbilal
server: use certificate manager in generateJoinToken
28831e8 
Previously, the generation of join tokens bypassed the
certificate manager when loading CA certificates. This change
updates that code path and associated tests to use the certificate
manager, to make testing easier.

Release note: None.
@itsbilal itsbilal requested review from knz and aaron-crl March 10, 2021 21:51
@itsbilal itsbilal self-assigned this Mar 10, 2021
@itsbilal itsbilal requested a review from a team as a code owner March 10, 2021 21:51
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@itsbilal itsbilal force-pushed the create-join-token-stmt branch from f107efa to a90a962 Compare March 10, 2021 22:57
@itsbilal
sql: Add CREATE JOINTOKEN statement, gated behind feature flag
89f1c2f 
Adds a CREATE JOINTOKEN statement for use in TLS auto-joins.
This statement, when run on a self-hosted single-tenant
Cockroach node, creates and returns a new join token. This
join token can then be copy-pasted to new nodes and used
to give them the set of certificates for secure auto TLS
initialization.

See RFC cockroachdb#51991. Part of cockroachdb#60632.

Release justification: New code path, gated behind an
experimental feature flag.
Release note: None.
@itsbilal itsbilal force-pushed the create-join-token-stmt branch from a90a962 to 89f1c2f Compare March 10, 2021 23:03
@itsbilal itsbilal mentioned this pull request Mar 16, 2021
Merged
@itsbilal
Copy link
Contributor Author

I'm going to fold this PR into #62053; makes more sense to just update one PR instead of two, as all of these changes are related.

@itsbilal itsbilal closed this Mar 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knz knz Awaiting requested review from knz

@aaron-crl aaron-crl Awaiting requested review from aaron-crl

Assignees

@itsbilal itsbilal

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@itsbilal @cockroach-teamcity