Skip to content

HDDS-8593. Add RootCARotationPoller to CertClient #5001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Galsza wants to merge 25 commits into from
Closed

HDDS-8593. Add RootCARotationPoller to CertClient #5001

Galsza wants to merge 25 commits into from

Conversation

@Galsza
Copy link
Contributor

@Galsza Galsza commented Jun 28, 2023
edited
Loading

What changes were proposed in this pull request?

Full client side modifications of cert rotation. This depends on at least 3 pull requests rn:
#4961 -- Creating the root CA rotation poller
#5000 -- Adding changes to cert client before it is able to automate root CA rotation
#4943 -- SCM/server side changes for root CA rotation: without this these patches don't make any sense and don't add any functionality.

What is the link to the Apache JIRA

The jira needs to be updated once the previous patches get merged.
HDDS-8593

Galsza added 18 commits June 22, 2023 18:27
@Galsza
HDDS-8591 Create polling mechanism for root ca mechanism
ef4a43c
@Galsza
HDDS-8591 Fix review comments, add logging
ff39ecf
@Galsza
HDDS-8591 Switch to completable future
33a40d9
@Galsza
HDDS-8591 Fix whitespace change
265be72
@Galsza
HDDS-8592 Rename CertificateLifeTimeMonitor
5434206
@Galsza
HDDS-8592 Rename CertificateLifeTimeMonitor
c026001
@Galsza
HDDS-8592 Refactor DefaultCertificateClient to have signAndStoreCerti…
657c50c 
…ficate in only one place.
@Galsza
HDDS-8592 Remove warning from non thrown exception
aa00ff6
@Galsza
HDDS-8592 Fetch root CAs from the scm and store them
833484d
@Galsza
HDDS-8592 Add force parameter to CertificateRenewalService
f5bfba4
@Galsza
HDDS-8592 Change visibility of the method that shouldn't be seen from…
0b37548 
… outside, fix @OverRide
@Galsza
HDDS-8592 create function for providing task to root ca rotation proc…
cc9ffca 
…essing.
@Galsza
HDDS-8592 remove unused import
0bbacb3
@Galsza
HDDS-8591 refine test case for the poller not activating
cfa3ab6
@Galsza
HDDS-8591 remove unused import
a851885
@Galsza
HDDS-8592 Refine log message to not always imply datanode certificate
164caaf
@Galsza
HDDS-8592 Fix bug with biginteger, remove findbugs issue
650f9b1
@Galsza
HDDS-8593 Start up root ca rotation poller
74af9fd
@Galsza Galsza force-pushed the HDDS-8593_add_root_ca_rotation_poller branch from 08f2222 to 74af9fd Compare June 29, 2023 09:34
@Galsza Galsza changed the title HDDS-8593. Change certificate renewal logic to be able to renew the certificate of a service on demand HDDS-8593. Add RootCARotationPoller to CertClient Jun 29, 2023
@fapifta
Copy link
Contributor

fapifta commented Jun 29, 2023

Thank you @Galsza for sharing this one early on.

I have checked the changes, and I have one note:
The SCMCertificateClient should not start a poller, as SCM's will be notified about the new rootCA via Ratis, and they will act and update their state based on the transactions posted by the leader to the raft ring.

Other than that, the changes looks good.

@Galsza Galsza mentioned this pull request Jul 5, 2023
Merged
@Galsza Galsza closed this Jul 6, 2023
@Galsza Galsza mentioned this pull request Jul 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Galsza @fapifta