This is an automated email from the ASF dual-hosted git repository.
smiklosovic pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push:
new 087a4474d8 Remove native_transport_port_ssl
087a4474d8 is described below
commit 087a4474d8f6a8a962751e81d84d0f0cb880d947
Author: Stefan Miklosovic <smikloso...@apache.org>
AuthorDate: Wed Feb 14 17:41:21 2024 +0100
Remove native_transport_port_ssl
patch by Stefan Miklosovic; reviewed by Brandon Williams for CASSANDRA-19397
---
CHANGES.txt | 1 +
NEWS.txt | 5 +
conf/cassandra.yaml | 9 --
.../pages/managing/operating/security.adoc | 5 +
src/java/org/apache/cassandra/config/Config.java | 3 -
.../cassandra/config/DatabaseDescriptor.java | 28 ----
.../apache/cassandra/metrics/ClientMetrics.java | 38 ++---
.../cassandra/service/NativeTransportService.java | 65 ++-------
.../org/apache/cassandra/tools/LoaderOptions.java | 9 +-
.../cassandra/transport/SimpleClientBurnTest.java | 2 +-
.../cassandra/transport/SimpleClientPerfTest.java | 2 +-
test/conf/unit-test-conf/test-native-port.yaml | 2 +-
.../test/NativeTransportEncryptionOptionsTest.java | 159 ++++++++-------------
.../cassandra/config/ConfigCompatibilityTest.java | 12 +-
test/unit/org/apache/cassandra/cql3/CQLTester.java | 2 +-
.../service/NativeTransportServiceTest.java | 104 +-------------
.../cassandra/transport/CQLConnectionTest.java | 2 +-
.../cassandra/transport/MessageDispatcherTest.java | 3 +-
18 files changed, 125 insertions(+), 326 deletions(-)
diff --git a/CHANGES.txt b/CHANGES.txt
index d470d8f813..06520d16dc 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
5.1
+ * Remove native_transport_port_ssl (CASSANDRA-19397)
* Make nodetool reconfigurecms sync by default and add --cancel to be able to
cancel ongoing reconfigurations (CASSANDRA-19216)
* Expose auth mode in system_views.clients, nodetool clientstats, metrics
(CASSANDRA-19366)
* Remove sealed_periods and last_sealed_period tables (CASSANDRA-19189)
diff --git a/NEWS.txt b/NEWS.txt
index d5a3805968..8dcb8a630f 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -141,6 +141,11 @@ Upgrading
which come up during or after an election will learn of the elected first
CMS node and direct metadata updates to
it. It is important to remember that at the completion of the election,
the CMS still only comprises a single
member. Just as in the upgrade case, operators should add further members
as soon as possible.
+ - native_transport_port_ssl property was removed. Please transition to
using one port only. Encrypted communication
+ may be optional by setting `optional` flag in `client_encryption_options`
to `true` and it should be set only
+ while in unencrypted or transitional operation. Please consult
`client_encryption_options` in cassandra.yaml
+ for more information.
+
Deprecation
-----------
diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml
index 2bb561396d..ecdea7b89d 100644
--- a/conf/cassandra.yaml
+++ b/conf/cassandra.yaml
@@ -933,15 +933,6 @@ start_native_transport: true
# port for the CQL native transport to listen for clients on
# For security reasons, you should not expose this port to the internet.
Firewall it if needed.
native_transport_port: 9042
-# Enabling native transport encryption in client_encryption_options allows you
to either use
-# encryption for the standard port or to use a dedicated, additional port
along with the unencrypted
-# standard native_transport_port.
-# Enabling client encryption and keeping native_transport_port_ssl disabled
will use encryption
-# for native_transport_port. Setting native_transport_port_ssl to a different
value
-# from native_transport_port will use encryption for native_transport_port_ssl
while
-# keeping native_transport_port unencrypted.
-# This feature is deprecated since Cassandra 5.0 and will be removed. Please
consult deprecation section in NEWS.txt.
-# native_transport_port_ssl: 9142
# The maximum threads for handling requests (note that idle threads are stopped
# after 30 seconds so there is not corresponding minimum setting).
# native_transport_max_threads: 128
diff --git a/doc/modules/cassandra/pages/managing/operating/security.adoc
b/doc/modules/cassandra/pages/managing/operating/security.adoc
index 4613932578..a425cab8d0 100644
--- a/doc/modules/cassandra/pages/managing/operating/security.adoc
+++ b/doc/modules/cassandra/pages/managing/operating/security.adoc
@@ -162,6 +162,11 @@ requirements demand it. To do so, set `optional` to false
and use the
`native_transport_port_ssl` setting in `cassandra.yaml` to specify the
port to be used for secure client communication.
+[NOTE]
+====
+`native_transport_port_ssl` property was deprecated in Cassandra 5.0.
+====
+
[[operation-roles]]
== Roles
diff --git a/src/java/org/apache/cassandra/config/Config.java
b/src/java/org/apache/cassandra/config/Config.java
index abf2fbc616..1b2ea89512 100644
--- a/src/java/org/apache/cassandra/config/Config.java
+++ b/src/java/org/apache/cassandra/config/Config.java
@@ -284,9 +284,6 @@ public class Config
public boolean start_native_transport = true;
public int native_transport_port = 9042;
- /** @deprecated See CASSANDRA-19392 */
- @Deprecated(since = "5.0")
- public Integer native_transport_port_ssl = null;
public int native_transport_max_threads = 128;
@Replaces(oldName = "native_transport_max_frame_size_in_mb", converter =
Converters.MEBIBYTES_DATA_STORAGE_INT, deprecated = true)
public DataStorageSpec.IntMebibytesBound native_transport_max_frame_size =
new DataStorageSpec.IntMebibytesBound("16MiB");
diff --git a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
index 1112c4ea53..2d81cf67ba 100644
--- a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
+++ b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
@@ -903,25 +903,8 @@ public class DatabaseDescriptor
// native transport encryption options
if (conf.client_encryption_options != null)
- {
conf.client_encryption_options.applyConfig();
- if (conf.native_transport_port_ssl != null)
- {
- logger.warn("Usage of dual ports (native_transport_port
together with native_transport_port_ssl) is " +
- "deprecated since Cassandra 5.0 and it will be
removed in next releases. Please consider to use one port only " +
- "(native_transport_port) which can support
unencrypted as well as encrypted traffic. This feature " +
- "is effectively not functioning properly except a
corner-case of having a cluster " +
- "consisting of just one node. For more
information, please consult deprecation " +
- "section in NEWS.txt");
- if (conf.native_transport_port_ssl !=
conf.native_transport_port
- && (conf.client_encryption_options.tlsEncryptionPolicy()
== EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED))
- {
- throw new ConfigurationException("Encryption must be
enabled in client_encryption_options for native_transport_port_ssl", false);
- }
- }
- }
-
if (conf.snapshot_links_per_second < 0)
throw new ConfigurationException("snapshot_links_per_second must
be >= 0");
@@ -2986,17 +2969,6 @@ public class DatabaseDescriptor
conf.native_transport_port = port;
}
- public static int getNativeTransportPortSSL()
- {
- return conf.native_transport_port_ssl == null ?
getNativeTransportPort() : conf.native_transport_port_ssl;
- }
-
- @VisibleForTesting
- public static void setNativeTransportPortSSL(Integer port)
- {
- conf.native_transport_port_ssl = port;
- }
-
public static int getNativeTransportMaxThreads()
{
return conf.native_transport_max_threads;
diff --git a/src/java/org/apache/cassandra/metrics/ClientMetrics.java
b/src/java/org/apache/cassandra/metrics/ClientMetrics.java
index f0d075bd0c..a8801bad5f 100644
--- a/src/java/org/apache/cassandra/metrics/ClientMetrics.java
+++ b/src/java/org/apache/cassandra/metrics/ClientMetrics.java
@@ -19,8 +19,6 @@
package org.apache.cassandra.metrics;
import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
@@ -54,7 +52,7 @@ public final class ClientMetrics
private static final MetricNameFactory factory = new
DefaultNameFactory("Client");
private volatile boolean initialized = false;
- private Collection<Server> servers = Collections.emptyList();
+ private Server server = null;
@VisibleForTesting
Meter authSuccess;
@@ -148,7 +146,7 @@ public final class ClientMetrics
{
List<ConnectedClient> clients = new ArrayList<>();
- for (Server server : servers)
+ if (server != null)
clients.addAll(server.getConnectedClients());
return clients;
@@ -164,12 +162,12 @@ public final class ClientMetrics
unknownException.mark();
}
- public synchronized void init(Collection<Server> servers)
+ public synchronized void init(Server servers)
{
if (initialized)
return;
- this.servers = servers;
+ this.server = servers;
// deprecated the lower-cased initial letter metric names in 4.0
connectedNativeClients = registerGauge(CONNECTED_NATIVE_CLIENTS,
"connectedNativeClients", this::countConnectedClients);
@@ -225,23 +223,16 @@ public final class ClientMetrics
private int countConnectedClients()
{
- int count = 0;
-
- for (Server server : servers)
- count += server.countConnectedClients();
-
- return count;
+ return server == null ? 0 : server.countConnectedClients();
}
private Map<String, Integer> countConnectedClientsByUser()
{
Map<String, Integer> counts = new HashMap<>();
- for (Server server : servers)
- {
+ if (server != null)
server.countConnectedClientsByUser()
.forEach((username, count) -> counts.put(username,
counts.getOrDefault(username, 0) + count));
- }
return counts;
}
@@ -250,32 +241,31 @@ public final class ClientMetrics
{
List<Map<String, String>> clients = new ArrayList<>();
- for (Server server : servers)
+ if (server != null)
+ {
for (ConnectedClient client : server.getConnectedClients())
clients.add(client.asMap());
+ }
return clients;
}
private int countConnectedClients(Predicate<ServerConnection> predicate)
{
- int count = 0;
-
- for (Server server : servers)
- count += server.countConnectedClients(predicate);
-
- return count;
+ return server == null ? 0 : server.countConnectedClients(predicate);
}
private List<Map<String, String>> recentClientStats()
{
List<Map<String, String>> stats = new ArrayList<>();
- for (Server server : servers)
+ if (server != null)
+ {
for (ClientStat stat : server.recentClientStats())
stats.add(new HashMap<>(stat.asMap())); // asMap returns
guava, so need to convert to java for jmx
- stats.sort(Comparator.comparing(map ->
map.get(ClientStat.PROTOCOL_VERSION)));
+ stats.sort(Comparator.comparing(map ->
map.get(ClientStat.PROTOCOL_VERSION)));
+ }
return stats;
}
diff --git a/src/java/org/apache/cassandra/service/NativeTransportService.java
b/src/java/org/apache/cassandra/service/NativeTransportService.java
index cc6ee37d49..cfbc638afe 100644
--- a/src/java/org/apache/cassandra/service/NativeTransportService.java
+++ b/src/java/org/apache/cassandra/service/NativeTransportService.java
@@ -18,9 +18,6 @@
package org.apache.cassandra.service;
import java.net.InetAddress;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
import java.util.concurrent.TimeUnit;
import com.google.common.annotations.VisibleForTesting;
@@ -50,7 +47,7 @@ public class NativeTransportService
private static final Logger logger =
LoggerFactory.getLogger(NativeTransportService.class);
- private Collection<Server> servers = Collections.emptyList();
+ private Server server = null;
private boolean initialized = false;
private EventLoopGroup workerGroup;
@@ -76,7 +73,6 @@ public class NativeTransportService
}
int nativePort = DatabaseDescriptor.getNativeTransportPort();
- int nativePortSSL = DatabaseDescriptor.getNativeTransportPortSSL();
InetAddress nativeAddr = DatabaseDescriptor.getRpcAddress();
org.apache.cassandra.transport.Server.Builder builder = new
org.apache.cassandra.transport.Server.Builder()
@@ -84,62 +80,30 @@ public class NativeTransportService
.withHost(nativeAddr);
EncryptionOptions.TlsEncryptionPolicy encryptionPolicy =
DatabaseDescriptor.getNativeProtocolEncryptionOptions().tlsEncryptionPolicy();
- Server regularPortServer;
- Server tlsPortServer = null;
+ server =
builder.withTlsEncryptionPolicy(encryptionPolicy).withPort(nativePort).build();
- // If an SSL port is separately supplied for the native transport,
listen for unencrypted connections on the
- // regular port, and encryption / optionally encrypted connections on
the ssl port.
- if (nativePort != nativePortSSL)
- {
- regularPortServer =
builder.withTlsEncryptionPolicy(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED).withPort(nativePort).build();
- switch(encryptionPolicy)
- {
- case OPTIONAL: // FALLTHRU - encryption is optional on the
regular port, but encrypted on the tls port.
- case ENCRYPTED:
- tlsPortServer =
builder.withTlsEncryptionPolicy(encryptionPolicy).withPort(nativePortSSL).build();
- break;
- case UNENCRYPTED: // Should have been caught by
DatabaseDescriptor.applySimpleConfig
- throw new IllegalStateException("Encryption must be
enabled in client_encryption_options for native_transport_port_ssl");
- default:
- throw new IllegalStateException("Unrecognized TLS
encryption policy: " + encryptionPolicy);
- }
- }
- // Otherwise, if only the regular port is supplied, listen as the
encryption policy specifies
- else
- {
- regularPortServer =
builder.withTlsEncryptionPolicy(encryptionPolicy).withPort(nativePort).build();
- }
-
- if (tlsPortServer == null)
- {
- servers = Collections.singleton(regularPortServer);
- }
- else
- {
- servers =
Collections.unmodifiableList(Arrays.asList(regularPortServer, tlsPortServer));
- }
-
- ClientMetrics.instance.init(servers);
+ ClientMetrics.instance.init(server);
initialized = true;
}
/**
- * Starts native transport servers.
+ * Starts native transport server.
*/
public void start()
{
logger.info("Using Netty Version: {}", Version.identify().entrySet());
initialize();
- servers.forEach(Server::start);
+ server.start();
}
/**
- * Stops currently running native transport servers.
+ * Stops currently running native transport server.
*/
public void stop()
{
- servers.forEach(Server::stop);
+ if (server != null)
+ server.stop();
}
/**
@@ -148,7 +112,7 @@ public class NativeTransportService
public void destroy()
{
stop();
- servers = Collections.emptyList();
+ server = null;
// shutdown executors used by netty for native transport server
if (workerGroup != null)
@@ -175,9 +139,7 @@ public class NativeTransportService
*/
public boolean isRunning()
{
- for (Server server : servers)
- if (server.isRunning()) return true;
- return false;
+ return server != null && server.isRunning();
}
@VisibleForTesting
@@ -187,14 +149,13 @@ public class NativeTransportService
}
@VisibleForTesting
- Collection<Server> getServers()
+ Server getServer()
{
- return servers;
+ return server;
}
public void clearConnectionHistory()
{
- for (Server server : servers)
- server.clearConnectionHistory();
+ server.clearConnectionHistory();
}
}
diff --git a/src/java/org/apache/cassandra/tools/LoaderOptions.java
b/src/java/org/apache/cassandra/tools/LoaderOptions.java
index 1f368168a7..c3d2072ff4 100644
--- a/src/java/org/apache/cassandra/tools/LoaderOptions.java
+++ b/src/java/org/apache/cassandra/tools/LoaderOptions.java
@@ -556,16 +556,9 @@ public class LoaderOptions
serverEncOptions.applyConfig();
if (cmd.hasOption(NATIVE_PORT_OPTION))
- {
nativePort =
Integer.parseInt(cmd.getOptionValue(NATIVE_PORT_OPTION));
- }
else
- {
- if (config.native_transport_port_ssl != null &&
(config.client_encryption_options.getEnabled() ||
clientEncOptions.getEnabled()))
- nativePort = config.native_transport_port_ssl;
- else
- nativePort = config.native_transport_port;
- }
+ nativePort = config.native_transport_port;
if (cmd.hasOption(INITIAL_HOST_ADDRESS_OPTION))
{
diff --git a/test/burn/org/apache/cassandra/transport/SimpleClientBurnTest.java
b/test/burn/org/apache/cassandra/transport/SimpleClientBurnTest.java
index 2d863cf020..d14bf6178d 100644
--- a/test/burn/org/apache/cassandra/transport/SimpleClientBurnTest.java
+++ b/test/burn/org/apache/cassandra/transport/SimpleClientBurnTest.java
@@ -103,7 +103,7 @@ public class SimpleClientBurnTest
.withPort(port)
.withPipelineConfigurator(configurator)
.build();
- ClientMetrics.instance.init(Collections.singleton(server));
+ ClientMetrics.instance.init(server);
server.start();
Message.Type.QUERY.unsafeSetCodec(new Message.Codec<QueryMessage>()
diff --git a/test/burn/org/apache/cassandra/transport/SimpleClientPerfTest.java
b/test/burn/org/apache/cassandra/transport/SimpleClientPerfTest.java
index d15c4e56a7..51895c5c11 100644
--- a/test/burn/org/apache/cassandra/transport/SimpleClientPerfTest.java
+++ b/test/burn/org/apache/cassandra/transport/SimpleClientPerfTest.java
@@ -159,7 +159,7 @@ public class SimpleClientPerfTest
.withPort(port)
.build();
- ClientMetrics.instance.init(Collections.singleton(server));
+ ClientMetrics.instance.init(server);
server.start();
Message.Type.QUERY.unsafeSetCodec(new Message.Codec<QueryMessage>()
diff --git a/test/conf/unit-test-conf/test-native-port.yaml
b/test/conf/unit-test-conf/test-native-port.yaml
index 0cf6fb2e97..dc47a560f0 100644
--- a/test/conf/unit-test-conf/test-native-port.yaml
+++ b/test/conf/unit-test-conf/test-native-port.yaml
@@ -18,7 +18,7 @@ listen_address: 127.0.0.1
storage_port: 7010
ssl_storage_port: 7011
start_native_transport: true
-native_transport_port_ssl: 9142
+native_transport_port: 9142
column_index_size: 4KiB
saved_caches_directory: build/test/cassandra/saved_caches
data_file_directories:
diff --git
a/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java
b/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java
index dfb3a6656d..9eb7c7afeb 100644
---
a/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java
+++
b/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java
@@ -43,7 +43,6 @@ import org.apache.cassandra.distributed.api.Feature;
import org.apache.cassandra.transport.TlsTestUtils;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
public class NativeTransportEncryptionOptionsTest extends
AbstractEncryptionOptionsImpl
{
@@ -83,7 +82,6 @@ public class NativeTransportEncryptionOptionsTest extends
AbstractEncryptionOpti
}
}
-
@Test
public void optionalTlsConnectionAllowedWithKeystoreTest() throws Throwable
{
@@ -105,57 +103,6 @@ public class NativeTransportEncryptionOptionsTest extends
AbstractEncryptionOpti
}
}
- @Test
- public void optionalTlsConnectionAllowedToRegularPortTest() throws
Throwable
- {
- try (Cluster cluster = builder().withNodes(1).withConfig(c -> {
- c.with(Feature.NATIVE_PROTOCOL);
- c.set("native_transport_port_ssl", 9043);
- c.set("client_encryption_options",
- ImmutableMap.builder().putAll(validKeystore)
- .put("enabled", false)
- .put("optional", true)
- .build());
- }).createWithoutStarting())
- {
- InetAddress address =
cluster.get(1).config().broadcastAddress().getAddress();
- int unencrypted_port = (int)
cluster.get(1).config().get("native_transport_port");
- int ssl_port = (int)
cluster.get(1).config().get("native_transport_port_ssl");
-
- // Create the connections and prove they cannot connect before
server start
- TlsConnection connectionToUnencryptedPort = new
TlsConnection(address.getHostAddress(), unencrypted_port);
- connectionToUnencryptedPort.assertCannotConnect();
-
- TlsConnection connectionToEncryptedPort = new
TlsConnection(address.getHostAddress(), ssl_port);
- connectionToEncryptedPort.assertCannotConnect();
-
- cluster.startup();
-
- Assert.assertEquals("TLS native connection should be possible to
native_transport_port_ssl",
- ConnectResult.NEGOTIATED,
connectionToEncryptedPort.connect());
- Assert.assertEquals("TLS native connection should not be possible
on the regular port if an SSL port is specified",
- ConnectResult.FAILED_TO_NEGOTIATE,
connectionToUnencryptedPort.connect()); // but did connect
- }
- }
-
- @Test
- public void unencryptedNativeConnectionNotlisteningOnTlsPortTest() throws
Throwable
- {
- try (Cluster cluster = builder().withNodes(1).withConfig(c -> {
- c.with(Feature.NATIVE_PROTOCOL);
- c.set("native_transport_port_ssl", 9043);
- c.set("client_encryption_options",
- ImmutableMap.builder().putAll(validKeystore)
- .put("enabled", false)
- .put("optional", false)
- .build());
- }).createWithoutStarting())
- {
- assertCannotStartDueToConfigurationException(cluster);
- }
- }
-
-
/**
* Tests that the negotiated protocol is the highest common protocol
between the client and server.
* <p>
@@ -300,24 +247,30 @@ public class NativeTransportEncryptionOptionsTest extends
AbstractEncryptionOpti
InetAddress address =
cluster.get(1).config().broadcastAddress().getAddress();
// non-ssl connections should succeed
- com.datastax.driver.core.Cluster nonSSLDriver =
com.datastax.driver.core.Cluster.builder()
+ try (com.datastax.driver.core.Cluster nonSSLDriver =
com.datastax.driver.core.Cluster.builder()
.addContactPoint(address.getHostAddress())
-
.build();
- assertNotNull(nonSSLDriver.connect());
+
.build())
+ {
+ assertNotNull(nonSSLDriver.connect());
+ }
// ssl connections should succeed
- com.datastax.driver.core.Cluster sslDriver =
com.datastax.driver.core.Cluster.builder()
+ try (com.datastax.driver.core.Cluster sslDriver =
com.datastax.driver.core.Cluster.builder()
.addContactPoint(address.getHostAddress())
.withSSL(sslOptions(false))
-
.build();
- assertNotNull(sslDriver.connect());
+
.build())
+ {
+ assertNotNull(sslDriver.connect());
+ }
// mtls connections should succeed
- com.datastax.driver.core.Cluster mtlsDriver =
com.datastax.driver.core.Cluster.builder()
+ try (com.datastax.driver.core.Cluster mtlsDriver =
com.datastax.driver.core.Cluster.builder()
.addContactPoint(address.getHostAddress())
.withSSL(sslOptions(true))
-
.build();
- assertNotNull(mtlsDriver.connect());
+
.build())
+ {
+ assertNotNull(mtlsDriver.connect());
+ }
}
}
@@ -339,25 +292,31 @@ public class NativeTransportEncryptionOptionsTest extends
AbstractEncryptionOpti
InetAddress address =
cluster.get(1).config().broadcastAddress().getAddress();
// ssl connections should succeed
- com.datastax.driver.core.Cluster sslDriver =
com.datastax.driver.core.Cluster.builder()
-
.addContactPoint(address.getHostAddress())
-
.withSSL(sslOptions(false))
-
.build();
- assertNotNull(sslDriver.connect());
+ try (com.datastax.driver.core.Cluster sslDriver =
com.datastax.driver.core.Cluster.builder()
+
.addContactPoint(address.getHostAddress())
+
.withSSL(sslOptions(false))
+
.build())
+ {
+ assertNotNull(sslDriver.connect());
+ }
// mtls connections should succeed
- com.datastax.driver.core.Cluster mtlsDriver =
com.datastax.driver.core.Cluster.builder()
+ try (com.datastax.driver.core.Cluster mtlsDriver =
com.datastax.driver.core.Cluster.builder()
.addContactPoint(address.getHostAddress())
.withSSL(sslOptions(true))
-
.build();
- assertNotNull(mtlsDriver.connect());
+
.build())
+ {
+ assertNotNull(mtlsDriver.connect());
+ }
// non-ssl connections should not succeed
- com.datastax.driver.core.Cluster nonSSLDriver =
com.datastax.driver.core.Cluster.builder()
+ try (com.datastax.driver.core.Cluster nonSSLDriver =
com.datastax.driver.core.Cluster.builder()
.addContactPoint(address.getHostAddress())
-
.build();
- expectedException.expect(NoHostAvailableException.class);
- assertNull(nonSSLDriver.connect());
+
.build())
+ {
+ expectedException.expect(NoHostAvailableException.class);
+ nonSSLDriver.connect();
+ }
}
}
@@ -380,24 +339,30 @@ public class NativeTransportEncryptionOptionsTest extends
AbstractEncryptionOpti
InetAddress address =
cluster.get(1).config().broadcastAddress().getAddress();
// non-ssl connections should succeed
- com.datastax.driver.core.Cluster nonSSLDriver =
com.datastax.driver.core.Cluster.builder()
-
.addContactPoint(address.getHostAddress())
-
.build();
- assertNotNull(nonSSLDriver.connect());
+ try (com.datastax.driver.core.Cluster nonSSLDriver =
com.datastax.driver.core.Cluster.builder()
+
.addContactPoint(address.getHostAddress())
+
.build())
+ {
+ assertNotNull(nonSSLDriver.connect());
+ }
// ssl connections should succeed
- com.datastax.driver.core.Cluster sslDriver =
com.datastax.driver.core.Cluster.builder()
-
.addContactPoint(address.getHostAddress())
-
.withSSL(sslOptions(false))
-
.build();
- assertNotNull(sslDriver.connect());
+ try (com.datastax.driver.core.Cluster sslDriver =
com.datastax.driver.core.Cluster.builder()
+
.addContactPoint(address.getHostAddress())
+
.withSSL(sslOptions(false))
+
.build())
+ {
+ assertNotNull(sslDriver.connect());
+ }
// mtls connections should succeed
- com.datastax.driver.core.Cluster mtlsDriver =
com.datastax.driver.core.Cluster.builder()
-
.addContactPoint(address.getHostAddress())
-
.withSSL(sslOptions(true))
-
.build();
- assertNotNull(mtlsDriver.connect());
+ try (com.datastax.driver.core.Cluster mtlsDriver =
com.datastax.driver.core.Cluster.builder()
+
.addContactPoint(address.getHostAddress())
+
.withSSL(sslOptions(true))
+
.build())
+ {
+ assertNotNull(mtlsDriver.connect());
+ }
}
}
@@ -436,17 +401,19 @@ public class NativeTransportEncryptionOptionsTest extends
AbstractEncryptionOpti
SslContext sslContext =
sslContextBuilder.trustManager(createTrustManagerFactory(TlsTestUtils.SERVER_TRUSTSTORE_PATH,
TlsTestUtils.SERVER_TRUSTSTORE_PASSWORD))
.build();
final SSLOptions sslOptions = socketChannel ->
sslContext.newHandler(socketChannel.alloc());
- com.datastax.driver.core.Cluster driverCluster =
com.datastax.driver.core.Cluster.builder()
-
.addContactPoint(address.getHostAddress())
-
.withSSL(sslOptions)
-
.build();
- if (!ipInSAN)
+ try (com.datastax.driver.core.Cluster driverCluster =
com.datastax.driver.core.Cluster.builder()
+
.addContactPoint(address.getHostAddress())
+
.withSSL(sslOptions)
+
.build())
{
- expectedException.expect(NoHostAvailableException.class);
- }
+ if (!ipInSAN)
+ {
+ expectedException.expect(NoHostAvailableException.class);
+ }
- driverCluster.connect();
+ driverCluster.connect();
+ }
}
}
diff --git a/test/unit/org/apache/cassandra/config/ConfigCompatibilityTest.java
b/test/unit/org/apache/cassandra/config/ConfigCompatibilityTest.java
index f965182915..19d7f17d76 100644
--- a/test/unit/org/apache/cassandra/config/ConfigCompatibilityTest.java
+++ b/test/unit/org/apache/cassandra/config/ConfigCompatibilityTest.java
@@ -96,7 +96,15 @@ public class ConfigCompatibilityTest
.add("commitlog_periodic_queue_size")
.build();
- private static final Set<String> ALLOW_LIST = Sets.union(REMOVED_IN_40,
REMOVED_IN_50);
+ private static final Set<String> REMOVED_IN_51 =
ImmutableSet.<String>builder()
+
.add("native_transport_port_ssl")
+ .build();
+
+ private static final Set<String> ALLOW_LIST =
ImmutableSet.<String>builder()
+
.addAll(REMOVED_IN_40)
+
.addAll(REMOVED_IN_50)
+
.addAll(REMOVED_IN_51)
+ .build();
private static final Set<String> EXPECTED_FOR_50 =
ImmutableSet.<String>builder()
// Switched
to a parameterized class that can construct from a bare string
@@ -146,7 +154,7 @@ public class ConfigCompatibilityTest
@Test
public void diff_5_0() throws IOException
{
- diff(TEST_DIR + "/version=5.0-alpha1.yml",
ImmutableSet.<String>builder()
+ diff(TEST_DIR + "/version=5.0-alpha1.yml",
ImmutableSet.<String>builder().addAll(REMOVED_IN_51)
.build(),
EXPECTED_FOR_50);
}
diff --git a/test/unit/org/apache/cassandra/cql3/CQLTester.java
b/test/unit/org/apache/cassandra/cql3/CQLTester.java
index 5f996e49af..18beee3d2a 100644
--- a/test/unit/org/apache/cassandra/cql3/CQLTester.java
+++ b/test/unit/org/apache/cassandra/cql3/CQLTester.java
@@ -660,7 +660,7 @@ public abstract class CQLTester
Server.Builder serverBuilder = new
Server.Builder().withHost(nativeAddr).withPort(nativePort);
decorator.accept(serverBuilder);
server = serverBuilder.build();
- ClientMetrics.instance.init(Collections.singleton(server));
+ ClientMetrics.instance.init(server);
server.start();
}
diff --git
a/test/unit/org/apache/cassandra/service/NativeTransportServiceTest.java
b/test/unit/org/apache/cassandra/service/NativeTransportServiceTest.java
index 2f45748739..645d5b8f8b 100644
--- a/test/unit/org/apache/cassandra/service/NativeTransportServiceTest.java
+++ b/test/unit/org/apache/cassandra/service/NativeTransportServiceTest.java
@@ -17,13 +17,10 @@
*/
package org.apache.cassandra.service;
-import java.util.Arrays;
import java.util.function.BooleanSupplier;
import java.util.function.Consumer;
-import java.util.stream.Collectors;
import java.util.stream.IntStream;
-import com.google.common.collect.Sets;
import org.junit.After;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -31,11 +28,10 @@ import org.junit.Test;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.config.EncryptionOptions;
import org.apache.cassandra.transport.Server;
-import org.apache.cassandra.transport.TlsTestUtils;
-import org.apache.cassandra.utils.Pair;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
public class NativeTransportServiceTest
@@ -53,7 +49,6 @@ public class NativeTransportServiceTest
public void resetConfig()
{
DatabaseDescriptor.updateNativeProtocolEncryptionOptions(update -> new
EncryptionOptions(defaultOptions).applyConfig());
- DatabaseDescriptor.setNativeTransportPortSSL(null);
}
@Test
@@ -121,8 +116,8 @@ public class NativeTransportServiceTest
// default plain settings: client encryption disabled and default
native transport port
withService((NativeTransportService service) ->
{
- assertEquals(1, service.getServers().size());
- Server server = service.getServers().iterator().next();
+ Server server = service.getServer();
+ assertNotNull(server);
assertEquals(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED,
server.tlsEncryptionPolicy);
assertEquals(server.socket.getPort(),
DatabaseDescriptor.getNativeTransportPort());
});
@@ -138,8 +133,8 @@ public class NativeTransportServiceTest
withService((NativeTransportService service) ->
{
service.initialize();
- assertEquals(1, service.getServers().size());
- Server server = service.getServers().iterator().next();
+ Server server = service.getServer();
+ assertNotNull(server);
assertEquals(EncryptionOptions.TlsEncryptionPolicy.ENCRYPTED,
server.tlsEncryptionPolicy);
assertEquals(server.socket.getPort(),
DatabaseDescriptor.getNativeTransportPort());
}, false, 1);
@@ -155,98 +150,13 @@ public class NativeTransportServiceTest
withService((NativeTransportService service) ->
{
service.initialize();
- assertEquals(1, service.getServers().size());
- Server server = service.getServers().iterator().next();
+ Server server = service.getServer();
+ assertNotNull(server);
assertEquals(EncryptionOptions.TlsEncryptionPolicy.OPTIONAL,
server.tlsEncryptionPolicy);
assertEquals(server.socket.getPort(),
DatabaseDescriptor.getNativeTransportPort());
}, false, 1);
}
- @Test
- public void testSSLPortWithOptionalEncryption()
- {
- // ssl+non-ssl settings: client encryption enabled and additional ssl
port specified
- DatabaseDescriptor.updateNativeProtocolEncryptionOptions(
- options -> options.withEnabled(true)
- .withOptional(true)
-
.withKeyStore(TlsTestUtils.SERVER_KEYSTORE_PATH));
- DatabaseDescriptor.setNativeTransportPortSSL(8432);
-
- withService((NativeTransportService service) ->
- {
- service.initialize();
- assertEquals(2, service.getServers().size());
- assertEquals(
- Sets.newHashSet(Arrays.asList(
-
Pair.create(EncryptionOptions.TlsEncryptionPolicy.OPTIONAL,
-
DatabaseDescriptor.getNativeTransportPortSSL()),
-
Pair.create(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED,
-
DatabaseDescriptor.getNativeTransportPort())
- )
- ),
- service.getServers().stream().map((Server
s) ->
-
Pair.create(s.tlsEncryptionPolicy,
-
s.socket.getPort())).collect(Collectors.toSet())
- );
- }, false, 1);
- }
-
- @Test(expected=java.lang.IllegalStateException.class)
- public void testSSLPortWithDisabledEncryption()
- {
- // ssl+non-ssl settings: client encryption disabled and additional ssl
port specified
- // should get an illegal state exception
- DatabaseDescriptor.updateNativeProtocolEncryptionOptions(
- options -> options.withEnabled(false));
- DatabaseDescriptor.setNativeTransportPortSSL(8432);
-
- withService((NativeTransportService service) ->
- {
- service.initialize();
- assertEquals(1, service.getServers().size());
- assertEquals(
- Sets.newHashSet(Arrays.asList(
-
Pair.create(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED,
-
DatabaseDescriptor.getNativeTransportPort())
- )
- ),
- service.getServers().stream().map((Server s) ->
-
Pair.create(s.tlsEncryptionPolicy,
-
s.socket.getPort())).collect(Collectors.toSet())
- );
- }, false, 1);
- }
-
- @Test
- public void testSSLPortWithEnabledSSL()
- {
- // ssl+non-ssl settings: client encryption enabled and additional ssl
port specified
- // encryption is enabled and not optional, so listen on both ports
requiring encryption
- DatabaseDescriptor.updateNativeProtocolEncryptionOptions(
- options -> options.withEnabled(true)
- .withOptional(false)
- .withKeyStore(TlsTestUtils.SERVER_KEYSTORE_PATH));
- DatabaseDescriptor.setNativeTransportPortSSL(8432);
-
- withService((NativeTransportService service) ->
- {
- service.initialize();
- assertEquals(2, service.getServers().size());
- assertEquals(
- Sets.newHashSet(Arrays.asList(
-
Pair.create(EncryptionOptions.TlsEncryptionPolicy.ENCRYPTED,
-
DatabaseDescriptor.getNativeTransportPortSSL()),
-
Pair.create(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED,
-
DatabaseDescriptor.getNativeTransportPort())
- )
- ),
- service.getServers().stream().map((Server s) ->
-
Pair.create(s.tlsEncryptionPolicy,
-
s.socket.getPort())).collect(Collectors.toSet())
- );
- }, false, 1);
- }
-
private static void withService(Consumer<NativeTransportService> f)
{
withService(f, true, 1);
diff --git a/test/unit/org/apache/cassandra/transport/CQLConnectionTest.java
b/test/unit/org/apache/cassandra/transport/CQLConnectionTest.java
index 110b58d5eb..4a4d94264d 100644
--- a/test/unit/org/apache/cassandra/transport/CQLConnectionTest.java
+++ b/test/unit/org/apache/cassandra/transport/CQLConnectionTest.java
@@ -509,7 +509,7 @@ public class CQLConnectionTest
.withPort(port)
.withPipelineConfigurator(configurator)
.build();
- ClientMetrics.instance.init(Collections.singleton(server));
+ ClientMetrics.instance.init(server);
return server;
}
diff --git
a/test/unit/org/apache/cassandra/transport/MessageDispatcherTest.java
b/test/unit/org/apache/cassandra/transport/MessageDispatcherTest.java
index 0c70315e25..8e9c7db4b9 100644
--- a/test/unit/org/apache/cassandra/transport/MessageDispatcherTest.java
+++ b/test/unit/org/apache/cassandra/transport/MessageDispatcherTest.java
@@ -18,7 +18,6 @@
package org.apache.cassandra.transport;
-import java.util.Collections;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
@@ -51,7 +50,7 @@ public class MessageDispatcherTest
public static void init() throws Exception
{
DatabaseDescriptor.daemonInitialization();
- ClientMetrics.instance.init(Collections.emptyList());
+ ClientMetrics.instance.init(null);
maxAuthThreadsBeforeTests =
DatabaseDescriptor.getNativeTransportMaxAuthThreads();
dispatch = new AuthTestDispatcher();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
