This is an automated email from the ASF dual-hosted git repository. psomogyi pushed a commit to branch branch-3 in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-3 by this push: new 72c0401a66c HBASE-28038 Add TLS settings to ZooKeeper client (#5370) 72c0401a66c is described below commit 72c0401a66cce1a527afd86964058827aab46582 Author: Andor Molnár <an...@cloudera.com> AuthorDate: Tue Sep 5 11:03:50 2023 +0200 HBASE-28038 Add TLS settings to ZooKeeper client (#5370) Signed-off-by: Wellington Chevreuil <wchevre...@apache.org> Signed-off-by: Duo Zhang <zhang...@apache.org> Signed-off-by: Peter Somogyi <psomo...@apache.org> Reviewed-by: Istvan Toth <st...@apache.org> (cherry picked from commit 198385aa7b10cc09b19ab6c12948340abbe6ef25) --- .../apache/hadoop/hbase/zookeeper/ZKConfig.java | 34 +++++++++++++++++ .../hadoop/hbase/zookeeper/TestZKConfig.java | 43 ++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java index 32cfde410d5..12d81fee658 100644 --- a/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java @@ -21,6 +21,7 @@ import java.io.IOException; import java.util.List; import java.util.Map.Entry; import java.util.Properties; +import java.util.Set; import org.apache.commons.validator.routines.InetAddressValidator; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HConstants; @@ -28,6 +29,7 @@ import org.apache.hadoop.util.StringUtils; import org.apache.yetus.audience.InterfaceAudience; import org.apache.hbase.thirdparty.com.google.common.base.Splitter; +import org.apache.hbase.thirdparty.com.google.common.collect.ImmutableSet; /** * Utility methods for reading, and building the ZooKeeper configuration. The order and priority for @@ -38,6 +40,13 @@ import org.apache.hbase.thirdparty.com.google.common.base.Splitter; public final class ZKConfig { private static final String VARIABLE_START = "${"; + private static final String ZOOKEEPER_JAVA_PROPERTY_PREFIX = "zookeeper."; + + /** Supported ZooKeeper client TLS properties */ + static final Set<String> ZOOKEEPER_CLIENT_TLS_PROPERTIES = + ImmutableSet.of("client.secure", "clientCnxnSocket", "ssl.keyStore.location", + "ssl.keyStore.password", "ssl.keyStore.passwordPath", "ssl.trustStore.location", + "ssl.trustStore.password", "ssl.trustStore.passwordPath"); private ZKConfig() { } @@ -123,6 +132,7 @@ public final class ZKConfig { * @return Quorum servers */ public static String getZKQuorumServersString(Configuration conf) { + setZooKeeperClientSystemProperties(HConstants.ZK_CFG_PROPERTY_PREFIX, conf); return getZKQuorumServersStringFromHbaseConfig(conf); } @@ -318,6 +328,7 @@ public final class ZKConfig { * @return Client quorum servers, or null if not specified */ public static String getClientZKQuorumServersString(Configuration conf) { + setZooKeeperClientSystemProperties(HConstants.ZK_CFG_PROPERTY_PREFIX, conf); String clientQuromServers = conf.get(HConstants.CLIENT_ZOOKEEPER_QUORUM); if (clientQuromServers == null) { return null; @@ -330,4 +341,27 @@ public final class ZKConfig { final String[] serverHosts = StringUtils.getStrings(clientQuromServers); return buildZKQuorumServerString(serverHosts, clientZkClientPort); } + + private static void setZooKeeperClientSystemProperties(String prefix, Configuration conf) { + synchronized (conf) { + for (Entry<String, String> entry : conf) { + String key = entry.getKey(); + if (!key.startsWith(prefix)) { + continue; + } + String zkKey = key.substring(prefix.length()); + if (!ZOOKEEPER_CLIENT_TLS_PROPERTIES.contains(zkKey)) { + continue; + } + String value = entry.getValue(); + // If the value has variables substitutions, need to do a get. + if (value.contains(VARIABLE_START)) { + value = conf.get(key); + } + if (System.getProperty(ZOOKEEPER_JAVA_PROPERTY_PREFIX + zkKey) == null) { + System.setProperty(ZOOKEEPER_JAVA_PROPERTY_PREFIX + zkKey, value); + } + } + } + } } diff --git a/hbase-common/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKConfig.java b/hbase-common/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKConfig.java index 381f78f055e..7418afe5d22 100644 --- a/hbase-common/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKConfig.java +++ b/hbase-common/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKConfig.java @@ -17,6 +17,7 @@ */ package org.apache.hadoop.hbase.zookeeper; +import static org.apache.hadoop.hbase.zookeeper.ZKConfig.ZOOKEEPER_CLIENT_TLS_PROPERTIES; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; @@ -90,6 +91,48 @@ public class TestZKConfig { testKey("server1:2182,server2:2183,server1", 2181, "/hbase", true); } + @Test + public void testZooKeeperTlsPropertiesClient() { + // Arrange + Configuration conf = HBaseConfiguration.create(); + for (String p : ZOOKEEPER_CLIENT_TLS_PROPERTIES) { + conf.set(HConstants.ZK_CFG_PROPERTY_PREFIX + p, p); + String zkprop = "zookeeper." + p; + System.clearProperty(zkprop); + } + + // Act + ZKConfig.getClientZKQuorumServersString(conf); + + // Assert + for (String p : ZOOKEEPER_CLIENT_TLS_PROPERTIES) { + String zkprop = "zookeeper." + p; + assertEquals("Invalid or unset system property: " + zkprop, p, System.getProperty(zkprop)); + System.clearProperty(zkprop); + } + } + + @Test + public void testZooKeeperTlsPropertiesServer() { + // Arrange + Configuration conf = HBaseConfiguration.create(); + for (String p : ZOOKEEPER_CLIENT_TLS_PROPERTIES) { + conf.set(HConstants.ZK_CFG_PROPERTY_PREFIX + p, p); + String zkprop = "zookeeper." + p; + System.clearProperty(zkprop); + } + + // Act + ZKConfig.getZKQuorumServersString(conf); + + // Assert + for (String p : ZOOKEEPER_CLIENT_TLS_PROPERTIES) { + String zkprop = "zookeeper." + p; + assertEquals("Invalid or unset system property: " + zkprop, p, System.getProperty(zkprop)); + System.clearProperty(zkprop); + } + } + private void testKey(String ensemble, int port, String znode) throws IOException { testKey(ensemble, port, znode, false); // not support multiple client ports }