Fix/reloadable certificates v3 #26
Closed
Commits on Nov 11, 2020
-
Pass credentials instead of credentials builder
to the RPC transport configuration. Fix all dependent code paths. Don't enable reloadable credentials yet.
-
Update rpc server configuration
Pass ss::tls::server_credentials via config instead of credentials_builder. This allows to futurize code path that leads to server c-tor (which is needed to switch it to reloadable_server_credentials).
-
Use build_reloadable_certificate_credentials
Replace all uses of build_certificate_credentials with build_reloadable_certificate_credentials in the codebase.
-
Use build_reloadable_server_credentials everywere.
Replace all the calls to build_server_credentials with build_reloadable_server_credentials.
-
Add reloadable certificates test
The test creates server with the wrong set of credentials and updates credentials on disk, expecting the server to pick up changes.
-
Convert tls key/certificate paths to absolute format
Seastar tls reloadable credentials only work correctly if aboslute path was used. This update makes tls config paths converted to absolute format (if they're relative).
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.