[jira] [Commented] (HADOOP-18919) Zookeeper SSL/TLS support in HDFS ZKFC

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-18919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776575#comment-17776575
 ] 

ASF GitHub Bot commented on HADOOP-18919:
-----------------------------------------

dombizita commented on code in PR #6194:
URL: https://github.com/apache/hadoop/pull/6194#discussion_r1363567945


##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java:
##########
@@ -786,4 +789,96 @@ public static List<ZKUtil.ZKAuthInfo> 
getZKAuthInfos(Configuration conf,
       throw e;
     }
   }
+
+  public static void validateSslConfiguration(TruststoreKeystore 
truststoreKeystore) throws ConfigurationException {
+    if 
(org.apache.commons.lang3.StringUtils.isEmpty(truststoreKeystore.keystoreLocation))
 {

Review Comment:
   I thought of this too, but in this class we already have 
`org.apache.hadoop.util.StringUtils` imported and it is using 
`StringUtils.toLowerCase()` and `StringUtils.toUpperCase` from there. This 
library doesn't have the `isEmpty()` method and the 
`org.apache.commons.lang3.StringUtils` doesn't have the other two (at least 
they have a different name). 
   
   What I could do is to use the `commons-lang3` and use the `upperCase()` and 
`lowerCase()` methods from there, but I didn't want to do unnecessary 
refactoring. 
   
   Or I can check this here and not use `commons-lang3`:
   ```
   truststoreKeystore.keystoreLocation == null || 
truststoreKeystore.keystoreLocation.isEmpty()
   ```
   
   These were my first thoughts, let me know if you think something else could 
be done.





> Zookeeper SSL/TLS support in HDFS ZKFC
> --------------------------------------
>
>                 Key: HADOOP-18919
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18919
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Zita Dombi
>            Assignee: Zita Dombi
>            Priority: Major
>              Labels: pull-request-available
>
> HADOOP-18709 added support for Zookeeper to communicate with SSL/TLS enabled 
> in hadoop-common. With those changes we have the necessary parameters, that 
> we need to set to enable SSL/TLS in a ZK Client.
> In YARN-11468 the SSL communication can be set in Yarn, now we need to 
> similar changes in HDFS to enable it correctly. In HDFS ZK Client is used in 
> the Failover Controller. In this improvement we need to create the ZK client 
> with the necessary SSL configs if we enable it, which we can track under a 
> new HDFS config.  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org