Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-2020

Remove mTLS from Ozone GRPC

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.5.0
    • None

    Description

      Generic GRPC support mTLS for mutual authentication. However, Ozone has built in block token mechanism for server to authenticate the client. We only need TLS for client to authenticate the server and wire encryption. 

      Remove the mTLS support also simplify the GRPC server/client configuration.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HDDS-1946 CertificateClient should not persist keys/certs to ozone.metadata.dir

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. RATIS-669 Allow Ratis gRPCTlsConfig to take Java Key/Cert Object in addition to File

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1369

          Web Link GitHub Pull Request #1524

          Activity

            People

              xyao Xiaoyu Yao
              xyao Xiaoyu Yao
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 4h 50m
                  4h 50m