Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/reloadable certificates v3 #26

Closed
wants to merge 7 commits into from
Closed

Fix/reloadable certificates v3 #26

wants to merge 7 commits into from

Commits on Nov 11, 2020

  1. Pass credentials instead of credentials builder

    to the RPC transport configuration. Fix all dependent code paths.
    Don't enable reloadable credentials yet.
    Lazin committed Nov 11, 2020
    Configuration menu
    Copy the full SHA
    e97b78d View commit details
    Browse the repository at this point in the history
  2. Update rpc server configuration

    Pass ss::tls::server_credentials via config instead of
    credentials_builder. This allows to futurize code path that leads
    to server c-tor (which is needed to switch it to
    reloadable_server_credentials).
    Lazin committed Nov 11, 2020
    Configuration menu
    Copy the full SHA
    7430b8d View commit details
    Browse the repository at this point in the history
  3. Use build_reloadable_certificate_credentials

    Replace all uses of build_certificate_credentials with
    build_reloadable_certificate_credentials in the codebase.
    Lazin committed Nov 11, 2020
    Configuration menu
    Copy the full SHA
    7ef7bdd View commit details
    Browse the repository at this point in the history
  4. Use build_reloadable_server_credentials everywere.

    Replace all the calls to build_server_credentials with
    build_reloadable_server_credentials.
    Lazin committed Nov 11, 2020
    Configuration menu
    Copy the full SHA
    20aee8a View commit details
    Browse the repository at this point in the history
  5. Add reloadable certificates test

    The test creates server with the wrong set of credentials and updates
    credentials on disk, expecting the server to pick up changes.
    Lazin committed Nov 11, 2020
    Configuration menu
    Copy the full SHA
    d182ed7 View commit details
    Browse the repository at this point in the history
  6. Convert tls key/certificate paths to absolute format

    Seastar tls reloadable credentials only work correctly if aboslute
    path was used. This update makes tls config paths converted to
    absolute format (if they're relative).
    Lazin committed Nov 11, 2020
    Configuration menu
    Copy the full SHA
    917ea8c View commit details
    Browse the repository at this point in the history
  7. Log tls reload events

    Use callback to log every credentials reload.
    Lazin committed Nov 11, 2020
    Configuration menu
    Copy the full SHA
    8457574 View commit details
    Browse the repository at this point in the history