This is an automated email from the ASF dual-hosted git repository.
dbecker pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
from c044bdd49 IMPALA-14083: Connected user and session user mismatch when
cookie based authentication is used with SPNEGO
new 5856a107e IMPALA-14066 (Part 1): Rebase the Kudu code in Impala to
1.17.1
new 0f27dd26c IMPALA-14066 (Part 2): Fixed rebased Kudu source code to
compile
new 0a55bf54e IMPALA-14066 (Part 3): Re-applying
IMPALA-11640/IMPALA-11641: Workaround errors in shared library build on Ubuntu
18+
new 40a72e05d IMPALA-14066 (Part 4): Re-applying IMPALA-11922 Verify JWKS
URL server TLS certificate by default after Kudu rebase
new 4e7c600f1 IMPALA-14066 (Part 5): Re-applying IMPALA-12318: Add a flag
option for http spnego dedicated keytab file.
new eddf075a7 IMPALA-14066 (Part 6): Re-applying IMPALA-14038: Pull in
KUDU-3663 to handle certs with RSASSA-PSS
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
be/src/common/logging.cc | 2 +-
be/src/kudu/rpc/CMakeLists.txt | 47 +-
be/src/kudu/rpc/client_negotiation.cc | 67 +-
be/src/kudu/rpc/client_negotiation.h | 15 +-
be/src/kudu/rpc/connection.cc | 6 +
be/src/kudu/rpc/connection.h | 9 +-
be/src/kudu/rpc/exactly_once_rpc-test.cc | 2 +-
be/src/kudu/rpc/inbound_call.cc | 7 +
be/src/kudu/rpc/inbound_call.h | 8 +-
be/src/kudu/rpc/messenger.cc | 7 +-
be/src/kudu/rpc/messenger.h | 27 +-
be/src/kudu/rpc/negotiation-test.cc | 423 ++++++-
be/src/kudu/rpc/negotiation.cc | 23 +-
be/src/kudu/rpc/negotiation.h | 1 +
be/src/kudu/rpc/periodic.cc | 9 +-
be/src/kudu/rpc/periodic.h | 8 +-
be/src/kudu/rpc/protoc-gen-krpc.cc | 13 +-
be/src/kudu/rpc/remote_user.h | 13 +-
be/src/kudu/rpc/rpc-test-base.h | 1 +
be/src/kudu/rpc/rpc-test.cc | 26 +-
be/src/kudu/rpc/rpc_context.cc | 4 +
be/src/kudu/rpc/rpc_context.h | 4 +
be/src/kudu/rpc/rpc_header.proto | 14 +
be/src/kudu/rpc/rpc_stub-test.cc | 2 +-
be/src/kudu/rpc/server_negotiation.cc | 134 ++-
be/src/kudu/rpc/server_negotiation.h | 9 +-
be/src/kudu/rpc/service_pool.cc | 6 +-
be/src/kudu/rpc/service_queue-test.cc | 8 +-
be/src/kudu/rpc/service_queue.cc | 5 +-
be/src/kudu/rpc/service_queue.h | 8 +-
be/src/kudu/rpc/transfer.cc | 3 +-
be/src/kudu/security/CMakeLists.txt | 47 +-
be/src/kudu/security/ca/cert_management-test.cc | 4 +-
be/src/kudu/security/ca/cert_management.h | 6 +-
be/src/kudu/security/cert-test.cc | 6 +-
be/src/kudu/security/cert.cc | 21 +-
be/src/kudu/security/cert.h | 11 +-
be/src/kudu/security/crypto.cc | 6 +-
be/src/kudu/security/gssapi.cc | 15 +-
be/src/kudu/security/gssapi.h | 1 -
be/src/kudu/security/init.cc | 16 +-
be/src/kudu/security/init.h | 12 +-
be/src/kudu/security/security-test-util.cc | 3 +-
be/src/kudu/security/security_flags.cc | 31 +-
be/src/kudu/security/simple_acl.cc | 12 +-
be/src/kudu/security/simple_acl.h | 2 +
be/src/kudu/security/test/mini_kdc-test.cc | 2 +-
be/src/kudu/security/test/mini_kdc.cc | 5 +-
be/src/kudu/security/test/test_certs.cc | 1169 +++++++++++++-------
be/src/kudu/security/test/test_certs.h | 7 +
be/src/kudu/security/tls_context.cc | 11 +-
be/src/kudu/security/tls_context.h | 9 +-
be/src/kudu/security/tls_handshake-test.cc | 6 +-
be/src/kudu/security/tls_handshake.cc | 15 +-
be/src/kudu/security/tls_handshake.h | 1 -
be/src/kudu/security/tls_socket-test.cc | 2 +-
be/src/kudu/security/token.proto | 5 +
be/src/kudu/util/CMakeLists.txt | 176 ++-
be/src/kudu/util/curl_util.cc | 81 +-
be/src/kudu/util/curl_util.h | 26 +
be/src/kudu/util/debug-util.cc | 4 -
be/src/kudu/util/debug/trace_logging.h | 6 +-
be/src/kudu/util/env-test.cc | 18 +-
be/src/kudu/util/env.h | 12 +
be/src/kudu/util/env_posix.cc | 169 ++-
be/src/kudu/util/env_util.cc | 60 +-
be/src/kudu/util/env_util.h | 8 +
be/src/kudu/util/file_cache-test.cc | 3 -
be/src/kudu/util/flag_tags-test.cc | 4 +-
be/src/kudu/util/flags.cc | 63 +-
be/src/kudu/util/flags.h | 9 +-
be/src/kudu/util/int128.h | 6 +-
be/src/kudu/util/interval_tree-test.cc | 54 +-
be/src/kudu/util/interval_tree.h | 2 +-
be/src/kudu/util/jwt-util-internal.h | 380 +++++++
be/src/kudu/util/jwt-util-test.cc | 1017 +++++++++++++++++
be/src/kudu/util/jwt-util.cc | 1091 ++++++++++++++++++
be/src/kudu/util/jwt-util.h | 180 +++
.../kudu/{security/test/test_pass.h => util/jwt.h} | 23 +-
be/src/kudu/util/jwt_test_certs.cc | 393 +++++++
be/src/kudu/util/jwt_test_certs.h | 79 ++
be/src/kudu/util/logging-test.cc | 8 +-
be/src/kudu/util/logging.cc | 14 +-
be/src/kudu/util/logging.h | 3 +-
be/src/kudu/util/logging_test_util.h | 6 +-
be/src/kudu/util/maintenance_manager.cc | 2 +
be/src/kudu/util/maintenance_manager.proto | 1 +
be/src/kudu/util/mem_tracker.h | 8 +-
be/src/kudu/util/memory/arena.h | 5 +-
be/src/kudu/util/metrics-test.cc | 168 ++-
be/src/kudu/util/metrics.cc | 176 +++
be/src/kudu/util/metrics.h | 94 +-
be/src/kudu/util/mini_oidc.cc | 221 ++++
be/src/kudu/util/mini_oidc.h | 111 ++
be/src/kudu/util/minidump.cc | 4 +-
be/src/kudu/util/net/dns_resolver.cc | 38 +-
be/src/kudu/util/net/net_util-test.cc | 122 ++
be/src/kudu/util/net/net_util.cc | 34 +-
be/src/kudu/util/net/net_util.h | 11 +-
be/src/kudu/util/net/socket-test.cc | 28 +-
be/src/kudu/util/oid_generator-test.cc | 13 +-
be/src/kudu/util/oid_generator.cc | 8 +
be/src/kudu/util/oid_generator.h | 7 +
be/src/kudu/util/openssl_util.h | 5 +
be/src/kudu/util/openssl_util_bio.h | 3 +
be/src/kudu/util/pb_util-test.cc | 6 +-
be/src/kudu/util/pb_util.cc | 29 +-
be/src/kudu/util/pb_util.h | 8 +-
.../util/prometheus_writer.cc} | 8 +-
.../kerberos_util.h => util/prometheus_writer.h} | 16 +-
be/src/kudu/util/promise.h | 3 +-
be/src/kudu/util/pstack_watcher.cc | 28 +-
be/src/kudu/util/pstack_watcher.h | 8 +
be/src/kudu/util/random_util-test.cc | 1 +
be/src/kudu/util/random_util.h | 9 +-
be/src/kudu/util/regex.h | 56 +
be/src/kudu/util/rw_mutex-test.cc | 56 +-
be/src/kudu/util/sanitizer_options.cc | 7 +
be/src/kudu/util/status.cc | 3 +
be/src/kudu/util/status.h | 10 +
be/src/kudu/util/subprocess.cc | 13 +-
be/src/kudu/util/subprocess.h | 7 +-
be/src/kudu/util/test_util.cc | 108 +-
be/src/kudu/util/test_util.h | 18 +
be/src/kudu/util/thread.cc | 54 +-
be/src/kudu/util/threadlocal_cache.h | 11 +-
be/src/kudu/util/threadpool-test.cc | 172 ++-
be/src/kudu/util/threadpool.cc | 118 +-
be/src/kudu/util/threadpool.h | 125 ++-
be/src/kudu/util/version_util-test.cc | 15 +-
be/src/kudu/util/version_util.h | 7 +-
be/src/kudu/util/web_callback_registry.h | 12 +-
be/src/kudu/util/yamlreader-test.cc | 2 +-
be/src/rpc/impala-service-pool.cc | 4 +-
be/src/util/webserver.cc | 2 +
135 files changed, 7117 insertions(+), 1089 deletions(-)
create mode 100644 be/src/kudu/util/jwt-util-internal.h
create mode 100644 be/src/kudu/util/jwt-util-test.cc
create mode 100644 be/src/kudu/util/jwt-util.cc
create mode 100644 be/src/kudu/util/jwt-util.h
copy be/src/kudu/{security/test/test_pass.h => util/jwt.h} (65%)
create mode 100644 be/src/kudu/util/jwt_test_certs.cc
create mode 100644 be/src/kudu/util/jwt_test_certs.h
create mode 100644 be/src/kudu/util/mini_oidc.cc
create mode 100644 be/src/kudu/util/mini_oidc.h
copy be/src/{runtime/collection-value.cc => kudu/util/prometheus_writer.cc}
(85%)
copy be/src/kudu/{security/kerberos_util.h => util/prometheus_writer.h} (77%)
create mode 100644 be/src/kudu/util/regex.h
