[hbase] branch branch-3 updated: HBASE-28038 Add TLS settings to ZooKeeper client (#5370)

Tue, 05 Sep 2023 02:42:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

psomogyi pushed a commit to branch branch-3
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-3 by this push:
     new 72c0401a66c HBASE-28038 Add TLS settings to ZooKeeper client (#5370)
72c0401a66c is described below

commit 72c0401a66cce1a527afd86964058827aab46582
Author: Andor Molnár <an...@cloudera.com>
AuthorDate: Tue Sep 5 11:03:50 2023 +0200

    HBASE-28038 Add TLS settings to ZooKeeper client (#5370)
    
    Signed-off-by: Wellington Chevreuil <wchevre...@apache.org>
    Signed-off-by: Duo Zhang <zhang...@apache.org>
    Signed-off-by: Peter Somogyi <psomo...@apache.org>
    Reviewed-by: Istvan Toth <st...@apache.org>
    (cherry picked from commit 198385aa7b10cc09b19ab6c12948340abbe6ef25)
---
 .../apache/hadoop/hbase/zookeeper/ZKConfig.java    | 34 +++++++++++++++++
 .../hadoop/hbase/zookeeper/TestZKConfig.java       | 43 ++++++++++++++++++++++
 2 files changed, 77 insertions(+)

diff --git 
a/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java 
b/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java
index 32cfde410d5..12d81fee658 100644
--- a/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java
+++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java
@@ -21,6 +21,7 @@ import java.io.IOException;
 import java.util.List;
 import java.util.Map.Entry;
 import java.util.Properties;
+import java.util.Set;
 import org.apache.commons.validator.routines.InetAddressValidator;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HConstants;
@@ -28,6 +29,7 @@ import org.apache.hadoop.util.StringUtils;
 import org.apache.yetus.audience.InterfaceAudience;
 
 import org.apache.hbase.thirdparty.com.google.common.base.Splitter;
+import org.apache.hbase.thirdparty.com.google.common.collect.ImmutableSet;
 
 /**
  * Utility methods for reading, and building the ZooKeeper configuration. The 
order and priority for
@@ -38,6 +40,13 @@ import 
org.apache.hbase.thirdparty.com.google.common.base.Splitter;
 public final class ZKConfig {
 
   private static final String VARIABLE_START = "${";
+  private static final String ZOOKEEPER_JAVA_PROPERTY_PREFIX = "zookeeper.";
+
+  /** Supported ZooKeeper client TLS properties */
+  static final Set<String> ZOOKEEPER_CLIENT_TLS_PROPERTIES =
+    ImmutableSet.of("client.secure", "clientCnxnSocket", 
"ssl.keyStore.location",
+      "ssl.keyStore.password", "ssl.keyStore.passwordPath", 
"ssl.trustStore.location",
+      "ssl.trustStore.password", "ssl.trustStore.passwordPath");
 
   private ZKConfig() {
   }
@@ -123,6 +132,7 @@ public final class ZKConfig {
    * @return Quorum servers
    */
   public static String getZKQuorumServersString(Configuration conf) {
+    setZooKeeperClientSystemProperties(HConstants.ZK_CFG_PROPERTY_PREFIX, 
conf);
     return getZKQuorumServersStringFromHbaseConfig(conf);
   }
 
@@ -318,6 +328,7 @@ public final class ZKConfig {
    * @return Client quorum servers, or null if not specified
    */
   public static String getClientZKQuorumServersString(Configuration conf) {
+    setZooKeeperClientSystemProperties(HConstants.ZK_CFG_PROPERTY_PREFIX, 
conf);
     String clientQuromServers = conf.get(HConstants.CLIENT_ZOOKEEPER_QUORUM);
     if (clientQuromServers == null) {
       return null;
@@ -330,4 +341,27 @@ public final class ZKConfig {
     final String[] serverHosts = StringUtils.getStrings(clientQuromServers);
     return buildZKQuorumServerString(serverHosts, clientZkClientPort);
   }
+
+  private static void setZooKeeperClientSystemProperties(String prefix, 
Configuration conf) {
+    synchronized (conf) {
+      for (Entry<String, String> entry : conf) {
+        String key = entry.getKey();
+        if (!key.startsWith(prefix)) {
+          continue;
+        }
+        String zkKey = key.substring(prefix.length());
+        if (!ZOOKEEPER_CLIENT_TLS_PROPERTIES.contains(zkKey)) {
+          continue;
+        }
+        String value = entry.getValue();
+        // If the value has variables substitutions, need to do a get.
+        if (value.contains(VARIABLE_START)) {
+          value = conf.get(key);
+        }
+        if (System.getProperty(ZOOKEEPER_JAVA_PROPERTY_PREFIX + zkKey) == 
null) {
+          System.setProperty(ZOOKEEPER_JAVA_PROPERTY_PREFIX + zkKey, value);
+        }
+      }
+    }
+  }
 }
diff --git 
a/hbase-common/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKConfig.java
 
b/hbase-common/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKConfig.java
index 381f78f055e..7418afe5d22 100644
--- 
a/hbase-common/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKConfig.java
+++ 
b/hbase-common/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKConfig.java
@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.hbase.zookeeper;
 
+import static 
org.apache.hadoop.hbase.zookeeper.ZKConfig.ZOOKEEPER_CLIENT_TLS_PROPERTIES;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
@@ -90,6 +91,48 @@ public class TestZKConfig {
     testKey("server1:2182,server2:2183,server1", 2181, "/hbase", true);
   }
 
+  @Test
+  public void testZooKeeperTlsPropertiesClient() {
+    // Arrange
+    Configuration conf = HBaseConfiguration.create();
+    for (String p : ZOOKEEPER_CLIENT_TLS_PROPERTIES) {
+      conf.set(HConstants.ZK_CFG_PROPERTY_PREFIX + p, p);
+      String zkprop = "zookeeper." + p;
+      System.clearProperty(zkprop);
+    }
+
+    // Act
+    ZKConfig.getClientZKQuorumServersString(conf);
+
+    // Assert
+    for (String p : ZOOKEEPER_CLIENT_TLS_PROPERTIES) {
+      String zkprop = "zookeeper." + p;
+      assertEquals("Invalid or unset system property: " + zkprop, p, 
System.getProperty(zkprop));
+      System.clearProperty(zkprop);
+    }
+  }
+
+  @Test
+  public void testZooKeeperTlsPropertiesServer() {
+    // Arrange
+    Configuration conf = HBaseConfiguration.create();
+    for (String p : ZOOKEEPER_CLIENT_TLS_PROPERTIES) {
+      conf.set(HConstants.ZK_CFG_PROPERTY_PREFIX + p, p);
+      String zkprop = "zookeeper." + p;
+      System.clearProperty(zkprop);
+    }
+
+    // Act
+    ZKConfig.getZKQuorumServersString(conf);
+
+    // Assert
+    for (String p : ZOOKEEPER_CLIENT_TLS_PROPERTIES) {
+      String zkprop = "zookeeper." + p;
+      assertEquals("Invalid or unset system property: " + zkprop, p, 
System.getProperty(zkprop));
+      System.clearProperty(zkprop);
+    }
+  }
+
   private void testKey(String ensemble, int port, String znode) throws 
IOException {
     testKey(ensemble, port, znode, false); // not support multiple client ports
   }

Reply via email to