HomePhabricator

Cassandra client encryption

Authored by Eevans on Feb 12 2019, 2:02 AM.

Description

Cassandra client encryption

Optionally enables Cassandra client encryption; Enables encryption
only if the tls stanza in the configuration is present.

Driver behavior is such that at a minimum, you *must* specify a valid
CA cert to enable client encryption. It it acceptable to omit the key
and cert if validation is not being performed, but then *both* must be
omitted. The error message that trickles up from the driver when you
specify a CA but not both a key and cert is descriptive, but omitting
the CA when either a key or cert has been specified results in a
confusing error (connection reset by peer). As a result, config
validation was added to address this case.

Also

cassandra_schema.cql ...: Use correct comment syntax
storage_test.go ........: Fail tests fast if setup() fails
storage_test.go ........: Execute TestSetGetDelete steps as subtests (cleaner

code, cleaner results output)

Bug: T209109
Change-Id: If5d66a7ca69864a88ea72e4cd9648ff1687ab32f

Details

Committed
EevansFeb 12 2019, 5:35 PM
Parents
rMSKS1b29763ec641: HTTP handler cleanups
Branches
Unknown
Tags
Unknown
References
refs/changes/06/490106/1
ChangeId
If5d66a7ca69864a88ea72e4cd9648ff1687ab32f