Re: [PR] ZOOKEEPER-4798: Secure prometheus support [zookeeper]

Sat, 16 Mar 2024 09:14:25 -0700 


eolivelli commented on code in PR #2127:
URL: https://github.com/apache/zookeeper/pull/2127#discussion_r1527195094


##########
zookeeper-metrics-providers/zookeeper-prometheus-metrics/src/main/java/org/apache/zookeeper/metrics/prometheus/PrometheusMetricsProvider.java:
##########
@@ -111,11 +115,46 @@ public class PrometheusMetricsProvider implements 
MetricsProvider {
     private long workerShutdownTimeoutMs = 1000;
     private Optional<ExecutorService> executorOptional = Optional.empty();
 
+    // Constants for SSL configuration
+    public static final int SCAN_INTERVAL = 60 * 10; // 10 minutes
+    public static final String SSL_KEYSTORE_LOCATION = "ssl.keyStore.location";
+    public static final String SSL_KEYSTORE_PASSWORD = "ssl.keyStore.password";
+    public static final String SSL_KEYSTORE_TYPE = "ssl.keyStore.type";
+    public static final String SSL_TRUSTSTORE_LOCATION = 
"ssl.trustStore.location";
+    public static final String SSL_TRUSTSTORE_PASSWORD = 
"ssl.trustStore.password";
+    public static final String SSL_TRUSTSTORE_TYPE = "ssl.trustStore.type";
+    public static final String SSL_X509_CN = "ssl.x509.cn";
+    public static final String SSL_X509_REGEX_CN = "ssl.x509.cn.regex";
+    public static final String SSL_NEED_CLIENT_AUTH = "ssl.need.client.auth";
+    public static final String SSL_WANT_CLIENT_AUTH = "ssl.want.client.auth";
+
+    private String keyStorePath;
+    private String keyStorePassword;
+    private String keyStoreType;
+    private String trustStorePath;
+    private String trustStorePassword;
+    private String trustStoreType;
+    private boolean needClientAuth = true;
+    private boolean wantClientAuth = true;
+
     @Override
     public void configure(Properties configuration) throws 
MetricsProviderLifeCycleException {
         LOG.info("Initializing metrics, configuration: {}", configuration);
         this.host = configuration.getProperty("httpHost", "0.0.0.0");
-        this.port = Integer.parseInt(configuration.getProperty("httpPort", 
"7000"));
+        if (configuration.containsKey("httpsPort")) {
+            this.port = 
Integer.parseInt(configuration.getProperty("httpsPort"));

Review Comment:
   It seems that this way you can only configure http or https but  not both..
   
   I suggest to allow to configure both of them, then the amministrator can 
decide what to enable.
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to