acelyc111 commented on code in PR #1914:
URL:
https://github.com/apache/incubator-pegasus/pull/1914#discussion_r1499121703
##########
src/security/negotiation.cpp:
##########
@@ -31,6 +31,7 @@ DSN_DEFINE_bool(security,
enable_zookeeper_kerberos,
false,
"whether to enable kerberos for zookeeper client");
+DSN_TAG_VARIABLE(enable_zookeeper_kerberos, FT_MUTABLE);
Review Comment:
Why change it to FT_MUTABLE, isn't it immutable after the zk session has
been established?
##########
src/zookeeper/zookeeper_session.cpp:
##########
@@ -24,35 +24,56 @@
* THE SOFTWARE.
*/
+#include <sasl/sasl.h>
#include <stdlib.h>
#include <zookeeper/zookeeper.h>
#include <algorithm>
#include <utility>
#include "runtime/app_model.h"
#include "runtime/rpc/rpc_address.h"
+#include "utils/filesystem.h"
#include "utils/flags.h"
#include "utils/fmt_logging.h"
+#include "utils/strings.h"
#include "zookeeper/proto.h"
#include "zookeeper/zookeeper.jute.h"
#include "zookeeper_session.h"
DSN_DECLARE_bool(enable_zookeeper_kerberos);
-DSN_DEFINE_string(security,
- zookeeper_kerberos_service_name,
- "zookeeper",
- "zookeeper kerberos service name");
-DSN_DEFINE_string(security,
- zookeeper_sasl_service_fqdn,
- "",
- "The FQDN of a Zookeeper server, used in Kerberos
Principal");
// TODO(yingchun): to keep compatibility, the global name is FLAGS_timeout_ms.
The name is not very
// suitable, maybe improve the macro to us another global name.
DSN_DEFINE_int32(zookeeper,
timeout_ms,
30000,
"The timeout of accessing ZooKeeper, in milliseconds");
DSN_DEFINE_string(zookeeper, hosts_list, "", "Zookeeper hosts list");
+DSN_DEFINE_string(zookeeper, sasl_service_name, "zookeeper", "");
+DSN_DEFINE_string(zookeeper,
+ sasl_service_fqdn,
+ "",
+ "SASL server name ('zk-sasl-md5' for DIGEST-MD5; default:
reverse DNS lookup)");
+DSN_DEFINE_string(zookeeper,
+ sasl_mechanisms_type,
+ "",
+ "SASL mechanisms (GSSAPI and/or DIGEST-MD5)");
+DSN_DEFINE_string(zookeeper, sasl_user_name, "", "");
+DSN_DEFINE_string(zookeeper, sasl_realm, "", "Realm (for SASL/GSSAPI)");
+DSN_DEFINE_string(zookeeper,
+ sasl_password_file,
+ "",
+ "File containing the password (recommended for
SASL/DIGEST-MD5)");
+DSN_TAG_VARIABLE(sasl_mechanisms_type, FT_MUTABLE);
Review Comment:
Same, how can they be mutable?
##########
src/zookeeper/zookeeper_session.cpp:
##########
@@ -158,27 +167,48 @@ int zookeeper_session::attach(void *callback_owner, const
state_callback &cb)
{
utils::auto_write_lock l(_watcher_lock);
if (nullptr == _handle) {
- if (FLAGS_enable_zookeeper_kerberos) {
+ if (utils::is_empty(FLAGS_sasl_mechanisms_type)) {
+ _handle = zookeeper_init(
+ FLAGS_hosts_list, global_watcher, FLAGS_timeout_ms, nullptr,
this, 0);
+ } else {
+ int err = sasl_client_init(nullptr);
Review Comment:
Didn't update this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
