This is an automated email from the ASF dual-hosted git repository. smiklosovic pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push: new 087a4474d8 Remove native_transport_port_ssl 087a4474d8 is described below commit 087a4474d8f6a8a962751e81d84d0f0cb880d947 Author: Stefan Miklosovic <smikloso...@apache.org> AuthorDate: Wed Feb 14 17:41:21 2024 +0100 Remove native_transport_port_ssl patch by Stefan Miklosovic; reviewed by Brandon Williams for CASSANDRA-19397 --- CHANGES.txt | 1 + NEWS.txt | 5 + conf/cassandra.yaml | 9 -- .../pages/managing/operating/security.adoc | 5 + src/java/org/apache/cassandra/config/Config.java | 3 - .../cassandra/config/DatabaseDescriptor.java | 28 ---- .../apache/cassandra/metrics/ClientMetrics.java | 38 ++--- .../cassandra/service/NativeTransportService.java | 65 ++------- .../org/apache/cassandra/tools/LoaderOptions.java | 9 +- .../cassandra/transport/SimpleClientBurnTest.java | 2 +- .../cassandra/transport/SimpleClientPerfTest.java | 2 +- test/conf/unit-test-conf/test-native-port.yaml | 2 +- .../test/NativeTransportEncryptionOptionsTest.java | 159 ++++++++------------- .../cassandra/config/ConfigCompatibilityTest.java | 12 +- test/unit/org/apache/cassandra/cql3/CQLTester.java | 2 +- .../service/NativeTransportServiceTest.java | 104 +------------- .../cassandra/transport/CQLConnectionTest.java | 2 +- .../cassandra/transport/MessageDispatcherTest.java | 3 +- 18 files changed, 125 insertions(+), 326 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index d470d8f813..06520d16dc 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 5.1 + * Remove native_transport_port_ssl (CASSANDRA-19397) * Make nodetool reconfigurecms sync by default and add --cancel to be able to cancel ongoing reconfigurations (CASSANDRA-19216) * Expose auth mode in system_views.clients, nodetool clientstats, metrics (CASSANDRA-19366) * Remove sealed_periods and last_sealed_period tables (CASSANDRA-19189) diff --git a/NEWS.txt b/NEWS.txt index d5a3805968..8dcb8a630f 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -141,6 +141,11 @@ Upgrading which come up during or after an election will learn of the elected first CMS node and direct metadata updates to it. It is important to remember that at the completion of the election, the CMS still only comprises a single member. Just as in the upgrade case, operators should add further members as soon as possible. + - native_transport_port_ssl property was removed. Please transition to using one port only. Encrypted communication + may be optional by setting `optional` flag in `client_encryption_options` to `true` and it should be set only + while in unencrypted or transitional operation. Please consult `client_encryption_options` in cassandra.yaml + for more information. + Deprecation ----------- diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml index 2bb561396d..ecdea7b89d 100644 --- a/conf/cassandra.yaml +++ b/conf/cassandra.yaml @@ -933,15 +933,6 @@ start_native_transport: true # port for the CQL native transport to listen for clients on # For security reasons, you should not expose this port to the internet. Firewall it if needed. native_transport_port: 9042 -# Enabling native transport encryption in client_encryption_options allows you to either use -# encryption for the standard port or to use a dedicated, additional port along with the unencrypted -# standard native_transport_port. -# Enabling client encryption and keeping native_transport_port_ssl disabled will use encryption -# for native_transport_port. Setting native_transport_port_ssl to a different value -# from native_transport_port will use encryption for native_transport_port_ssl while -# keeping native_transport_port unencrypted. -# This feature is deprecated since Cassandra 5.0 and will be removed. Please consult deprecation section in NEWS.txt. -# native_transport_port_ssl: 9142 # The maximum threads for handling requests (note that idle threads are stopped # after 30 seconds so there is not corresponding minimum setting). # native_transport_max_threads: 128 diff --git a/doc/modules/cassandra/pages/managing/operating/security.adoc b/doc/modules/cassandra/pages/managing/operating/security.adoc index 4613932578..a425cab8d0 100644 --- a/doc/modules/cassandra/pages/managing/operating/security.adoc +++ b/doc/modules/cassandra/pages/managing/operating/security.adoc @@ -162,6 +162,11 @@ requirements demand it. To do so, set `optional` to false and use the `native_transport_port_ssl` setting in `cassandra.yaml` to specify the port to be used for secure client communication. +[NOTE] +==== +`native_transport_port_ssl` property was deprecated in Cassandra 5.0. +==== + [[operation-roles]] == Roles diff --git a/src/java/org/apache/cassandra/config/Config.java b/src/java/org/apache/cassandra/config/Config.java index abf2fbc616..1b2ea89512 100644 --- a/src/java/org/apache/cassandra/config/Config.java +++ b/src/java/org/apache/cassandra/config/Config.java @@ -284,9 +284,6 @@ public class Config public boolean start_native_transport = true; public int native_transport_port = 9042; - /** @deprecated See CASSANDRA-19392 */ - @Deprecated(since = "5.0") - public Integer native_transport_port_ssl = null; public int native_transport_max_threads = 128; @Replaces(oldName = "native_transport_max_frame_size_in_mb", converter = Converters.MEBIBYTES_DATA_STORAGE_INT, deprecated = true) public DataStorageSpec.IntMebibytesBound native_transport_max_frame_size = new DataStorageSpec.IntMebibytesBound("16MiB"); diff --git a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java index 1112c4ea53..2d81cf67ba 100644 --- a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java +++ b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java @@ -903,25 +903,8 @@ public class DatabaseDescriptor // native transport encryption options if (conf.client_encryption_options != null) - { conf.client_encryption_options.applyConfig(); - if (conf.native_transport_port_ssl != null) - { - logger.warn("Usage of dual ports (native_transport_port together with native_transport_port_ssl) is " + - "deprecated since Cassandra 5.0 and it will be removed in next releases. Please consider to use one port only " + - "(native_transport_port) which can support unencrypted as well as encrypted traffic. This feature " + - "is effectively not functioning properly except a corner-case of having a cluster " + - "consisting of just one node. For more information, please consult deprecation " + - "section in NEWS.txt"); - if (conf.native_transport_port_ssl != conf.native_transport_port - && (conf.client_encryption_options.tlsEncryptionPolicy() == EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED)) - { - throw new ConfigurationException("Encryption must be enabled in client_encryption_options for native_transport_port_ssl", false); - } - } - } - if (conf.snapshot_links_per_second < 0) throw new ConfigurationException("snapshot_links_per_second must be >= 0"); @@ -2986,17 +2969,6 @@ public class DatabaseDescriptor conf.native_transport_port = port; } - public static int getNativeTransportPortSSL() - { - return conf.native_transport_port_ssl == null ? getNativeTransportPort() : conf.native_transport_port_ssl; - } - - @VisibleForTesting - public static void setNativeTransportPortSSL(Integer port) - { - conf.native_transport_port_ssl = port; - } - public static int getNativeTransportMaxThreads() { return conf.native_transport_max_threads; diff --git a/src/java/org/apache/cassandra/metrics/ClientMetrics.java b/src/java/org/apache/cassandra/metrics/ClientMetrics.java index f0d075bd0c..a8801bad5f 100644 --- a/src/java/org/apache/cassandra/metrics/ClientMetrics.java +++ b/src/java/org/apache/cassandra/metrics/ClientMetrics.java @@ -19,8 +19,6 @@ package org.apache.cassandra.metrics; import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; import java.util.Comparator; import java.util.HashMap; import java.util.List; @@ -54,7 +52,7 @@ public final class ClientMetrics private static final MetricNameFactory factory = new DefaultNameFactory("Client"); private volatile boolean initialized = false; - private Collection<Server> servers = Collections.emptyList(); + private Server server = null; @VisibleForTesting Meter authSuccess; @@ -148,7 +146,7 @@ public final class ClientMetrics { List<ConnectedClient> clients = new ArrayList<>(); - for (Server server : servers) + if (server != null) clients.addAll(server.getConnectedClients()); return clients; @@ -164,12 +162,12 @@ public final class ClientMetrics unknownException.mark(); } - public synchronized void init(Collection<Server> servers) + public synchronized void init(Server servers) { if (initialized) return; - this.servers = servers; + this.server = servers; // deprecated the lower-cased initial letter metric names in 4.0 connectedNativeClients = registerGauge(CONNECTED_NATIVE_CLIENTS, "connectedNativeClients", this::countConnectedClients); @@ -225,23 +223,16 @@ public final class ClientMetrics private int countConnectedClients() { - int count = 0; - - for (Server server : servers) - count += server.countConnectedClients(); - - return count; + return server == null ? 0 : server.countConnectedClients(); } private Map<String, Integer> countConnectedClientsByUser() { Map<String, Integer> counts = new HashMap<>(); - for (Server server : servers) - { + if (server != null) server.countConnectedClientsByUser() .forEach((username, count) -> counts.put(username, counts.getOrDefault(username, 0) + count)); - } return counts; } @@ -250,32 +241,31 @@ public final class ClientMetrics { List<Map<String, String>> clients = new ArrayList<>(); - for (Server server : servers) + if (server != null) + { for (ConnectedClient client : server.getConnectedClients()) clients.add(client.asMap()); + } return clients; } private int countConnectedClients(Predicate<ServerConnection> predicate) { - int count = 0; - - for (Server server : servers) - count += server.countConnectedClients(predicate); - - return count; + return server == null ? 0 : server.countConnectedClients(predicate); } private List<Map<String, String>> recentClientStats() { List<Map<String, String>> stats = new ArrayList<>(); - for (Server server : servers) + if (server != null) + { for (ClientStat stat : server.recentClientStats()) stats.add(new HashMap<>(stat.asMap())); // asMap returns guava, so need to convert to java for jmx - stats.sort(Comparator.comparing(map -> map.get(ClientStat.PROTOCOL_VERSION))); + stats.sort(Comparator.comparing(map -> map.get(ClientStat.PROTOCOL_VERSION))); + } return stats; } diff --git a/src/java/org/apache/cassandra/service/NativeTransportService.java b/src/java/org/apache/cassandra/service/NativeTransportService.java index cc6ee37d49..cfbc638afe 100644 --- a/src/java/org/apache/cassandra/service/NativeTransportService.java +++ b/src/java/org/apache/cassandra/service/NativeTransportService.java @@ -18,9 +18,6 @@ package org.apache.cassandra.service; import java.net.InetAddress; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; import java.util.concurrent.TimeUnit; import com.google.common.annotations.VisibleForTesting; @@ -50,7 +47,7 @@ public class NativeTransportService private static final Logger logger = LoggerFactory.getLogger(NativeTransportService.class); - private Collection<Server> servers = Collections.emptyList(); + private Server server = null; private boolean initialized = false; private EventLoopGroup workerGroup; @@ -76,7 +73,6 @@ public class NativeTransportService } int nativePort = DatabaseDescriptor.getNativeTransportPort(); - int nativePortSSL = DatabaseDescriptor.getNativeTransportPortSSL(); InetAddress nativeAddr = DatabaseDescriptor.getRpcAddress(); org.apache.cassandra.transport.Server.Builder builder = new org.apache.cassandra.transport.Server.Builder() @@ -84,62 +80,30 @@ public class NativeTransportService .withHost(nativeAddr); EncryptionOptions.TlsEncryptionPolicy encryptionPolicy = DatabaseDescriptor.getNativeProtocolEncryptionOptions().tlsEncryptionPolicy(); - Server regularPortServer; - Server tlsPortServer = null; + server = builder.withTlsEncryptionPolicy(encryptionPolicy).withPort(nativePort).build(); - // If an SSL port is separately supplied for the native transport, listen for unencrypted connections on the - // regular port, and encryption / optionally encrypted connections on the ssl port. - if (nativePort != nativePortSSL) - { - regularPortServer = builder.withTlsEncryptionPolicy(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED).withPort(nativePort).build(); - switch(encryptionPolicy) - { - case OPTIONAL: // FALLTHRU - encryption is optional on the regular port, but encrypted on the tls port. - case ENCRYPTED: - tlsPortServer = builder.withTlsEncryptionPolicy(encryptionPolicy).withPort(nativePortSSL).build(); - break; - case UNENCRYPTED: // Should have been caught by DatabaseDescriptor.applySimpleConfig - throw new IllegalStateException("Encryption must be enabled in client_encryption_options for native_transport_port_ssl"); - default: - throw new IllegalStateException("Unrecognized TLS encryption policy: " + encryptionPolicy); - } - } - // Otherwise, if only the regular port is supplied, listen as the encryption policy specifies - else - { - regularPortServer = builder.withTlsEncryptionPolicy(encryptionPolicy).withPort(nativePort).build(); - } - - if (tlsPortServer == null) - { - servers = Collections.singleton(regularPortServer); - } - else - { - servers = Collections.unmodifiableList(Arrays.asList(regularPortServer, tlsPortServer)); - } - - ClientMetrics.instance.init(servers); + ClientMetrics.instance.init(server); initialized = true; } /** - * Starts native transport servers. + * Starts native transport server. */ public void start() { logger.info("Using Netty Version: {}", Version.identify().entrySet()); initialize(); - servers.forEach(Server::start); + server.start(); } /** - * Stops currently running native transport servers. + * Stops currently running native transport server. */ public void stop() { - servers.forEach(Server::stop); + if (server != null) + server.stop(); } /** @@ -148,7 +112,7 @@ public class NativeTransportService public void destroy() { stop(); - servers = Collections.emptyList(); + server = null; // shutdown executors used by netty for native transport server if (workerGroup != null) @@ -175,9 +139,7 @@ public class NativeTransportService */ public boolean isRunning() { - for (Server server : servers) - if (server.isRunning()) return true; - return false; + return server != null && server.isRunning(); } @VisibleForTesting @@ -187,14 +149,13 @@ public class NativeTransportService } @VisibleForTesting - Collection<Server> getServers() + Server getServer() { - return servers; + return server; } public void clearConnectionHistory() { - for (Server server : servers) - server.clearConnectionHistory(); + server.clearConnectionHistory(); } } diff --git a/src/java/org/apache/cassandra/tools/LoaderOptions.java b/src/java/org/apache/cassandra/tools/LoaderOptions.java index 1f368168a7..c3d2072ff4 100644 --- a/src/java/org/apache/cassandra/tools/LoaderOptions.java +++ b/src/java/org/apache/cassandra/tools/LoaderOptions.java @@ -556,16 +556,9 @@ public class LoaderOptions serverEncOptions.applyConfig(); if (cmd.hasOption(NATIVE_PORT_OPTION)) - { nativePort = Integer.parseInt(cmd.getOptionValue(NATIVE_PORT_OPTION)); - } else - { - if (config.native_transport_port_ssl != null && (config.client_encryption_options.getEnabled() || clientEncOptions.getEnabled())) - nativePort = config.native_transport_port_ssl; - else - nativePort = config.native_transport_port; - } + nativePort = config.native_transport_port; if (cmd.hasOption(INITIAL_HOST_ADDRESS_OPTION)) { diff --git a/test/burn/org/apache/cassandra/transport/SimpleClientBurnTest.java b/test/burn/org/apache/cassandra/transport/SimpleClientBurnTest.java index 2d863cf020..d14bf6178d 100644 --- a/test/burn/org/apache/cassandra/transport/SimpleClientBurnTest.java +++ b/test/burn/org/apache/cassandra/transport/SimpleClientBurnTest.java @@ -103,7 +103,7 @@ public class SimpleClientBurnTest .withPort(port) .withPipelineConfigurator(configurator) .build(); - ClientMetrics.instance.init(Collections.singleton(server)); + ClientMetrics.instance.init(server); server.start(); Message.Type.QUERY.unsafeSetCodec(new Message.Codec<QueryMessage>() diff --git a/test/burn/org/apache/cassandra/transport/SimpleClientPerfTest.java b/test/burn/org/apache/cassandra/transport/SimpleClientPerfTest.java index d15c4e56a7..51895c5c11 100644 --- a/test/burn/org/apache/cassandra/transport/SimpleClientPerfTest.java +++ b/test/burn/org/apache/cassandra/transport/SimpleClientPerfTest.java @@ -159,7 +159,7 @@ public class SimpleClientPerfTest .withPort(port) .build(); - ClientMetrics.instance.init(Collections.singleton(server)); + ClientMetrics.instance.init(server); server.start(); Message.Type.QUERY.unsafeSetCodec(new Message.Codec<QueryMessage>() diff --git a/test/conf/unit-test-conf/test-native-port.yaml b/test/conf/unit-test-conf/test-native-port.yaml index 0cf6fb2e97..dc47a560f0 100644 --- a/test/conf/unit-test-conf/test-native-port.yaml +++ b/test/conf/unit-test-conf/test-native-port.yaml @@ -18,7 +18,7 @@ listen_address: 127.0.0.1 storage_port: 7010 ssl_storage_port: 7011 start_native_transport: true -native_transport_port_ssl: 9142 +native_transport_port: 9142 column_index_size: 4KiB saved_caches_directory: build/test/cassandra/saved_caches data_file_directories: diff --git a/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java b/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java index dfb3a6656d..9eb7c7afeb 100644 --- a/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java +++ b/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java @@ -43,7 +43,6 @@ import org.apache.cassandra.distributed.api.Feature; import org.apache.cassandra.transport.TlsTestUtils; import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; public class NativeTransportEncryptionOptionsTest extends AbstractEncryptionOptionsImpl { @@ -83,7 +82,6 @@ public class NativeTransportEncryptionOptionsTest extends AbstractEncryptionOpti } } - @Test public void optionalTlsConnectionAllowedWithKeystoreTest() throws Throwable { @@ -105,57 +103,6 @@ public class NativeTransportEncryptionOptionsTest extends AbstractEncryptionOpti } } - @Test - public void optionalTlsConnectionAllowedToRegularPortTest() throws Throwable - { - try (Cluster cluster = builder().withNodes(1).withConfig(c -> { - c.with(Feature.NATIVE_PROTOCOL); - c.set("native_transport_port_ssl", 9043); - c.set("client_encryption_options", - ImmutableMap.builder().putAll(validKeystore) - .put("enabled", false) - .put("optional", true) - .build()); - }).createWithoutStarting()) - { - InetAddress address = cluster.get(1).config().broadcastAddress().getAddress(); - int unencrypted_port = (int) cluster.get(1).config().get("native_transport_port"); - int ssl_port = (int) cluster.get(1).config().get("native_transport_port_ssl"); - - // Create the connections and prove they cannot connect before server start - TlsConnection connectionToUnencryptedPort = new TlsConnection(address.getHostAddress(), unencrypted_port); - connectionToUnencryptedPort.assertCannotConnect(); - - TlsConnection connectionToEncryptedPort = new TlsConnection(address.getHostAddress(), ssl_port); - connectionToEncryptedPort.assertCannotConnect(); - - cluster.startup(); - - Assert.assertEquals("TLS native connection should be possible to native_transport_port_ssl", - ConnectResult.NEGOTIATED, connectionToEncryptedPort.connect()); - Assert.assertEquals("TLS native connection should not be possible on the regular port if an SSL port is specified", - ConnectResult.FAILED_TO_NEGOTIATE, connectionToUnencryptedPort.connect()); // but did connect - } - } - - @Test - public void unencryptedNativeConnectionNotlisteningOnTlsPortTest() throws Throwable - { - try (Cluster cluster = builder().withNodes(1).withConfig(c -> { - c.with(Feature.NATIVE_PROTOCOL); - c.set("native_transport_port_ssl", 9043); - c.set("client_encryption_options", - ImmutableMap.builder().putAll(validKeystore) - .put("enabled", false) - .put("optional", false) - .build()); - }).createWithoutStarting()) - { - assertCannotStartDueToConfigurationException(cluster); - } - } - - /** * Tests that the negotiated protocol is the highest common protocol between the client and server. * <p> @@ -300,24 +247,30 @@ public class NativeTransportEncryptionOptionsTest extends AbstractEncryptionOpti InetAddress address = cluster.get(1).config().broadcastAddress().getAddress(); // non-ssl connections should succeed - com.datastax.driver.core.Cluster nonSSLDriver = com.datastax.driver.core.Cluster.builder() + try (com.datastax.driver.core.Cluster nonSSLDriver = com.datastax.driver.core.Cluster.builder() .addContactPoint(address.getHostAddress()) - .build(); - assertNotNull(nonSSLDriver.connect()); + .build()) + { + assertNotNull(nonSSLDriver.connect()); + } // ssl connections should succeed - com.datastax.driver.core.Cluster sslDriver = com.datastax.driver.core.Cluster.builder() + try (com.datastax.driver.core.Cluster sslDriver = com.datastax.driver.core.Cluster.builder() .addContactPoint(address.getHostAddress()) .withSSL(sslOptions(false)) - .build(); - assertNotNull(sslDriver.connect()); + .build()) + { + assertNotNull(sslDriver.connect()); + } // mtls connections should succeed - com.datastax.driver.core.Cluster mtlsDriver = com.datastax.driver.core.Cluster.builder() + try (com.datastax.driver.core.Cluster mtlsDriver = com.datastax.driver.core.Cluster.builder() .addContactPoint(address.getHostAddress()) .withSSL(sslOptions(true)) - .build(); - assertNotNull(mtlsDriver.connect()); + .build()) + { + assertNotNull(mtlsDriver.connect()); + } } } @@ -339,25 +292,31 @@ public class NativeTransportEncryptionOptionsTest extends AbstractEncryptionOpti InetAddress address = cluster.get(1).config().broadcastAddress().getAddress(); // ssl connections should succeed - com.datastax.driver.core.Cluster sslDriver = com.datastax.driver.core.Cluster.builder() - .addContactPoint(address.getHostAddress()) - .withSSL(sslOptions(false)) - .build(); - assertNotNull(sslDriver.connect()); + try (com.datastax.driver.core.Cluster sslDriver = com.datastax.driver.core.Cluster.builder() + .addContactPoint(address.getHostAddress()) + .withSSL(sslOptions(false)) + .build()) + { + assertNotNull(sslDriver.connect()); + } // mtls connections should succeed - com.datastax.driver.core.Cluster mtlsDriver = com.datastax.driver.core.Cluster.builder() + try (com.datastax.driver.core.Cluster mtlsDriver = com.datastax.driver.core.Cluster.builder() .addContactPoint(address.getHostAddress()) .withSSL(sslOptions(true)) - .build(); - assertNotNull(mtlsDriver.connect()); + .build()) + { + assertNotNull(mtlsDriver.connect()); + } // non-ssl connections should not succeed - com.datastax.driver.core.Cluster nonSSLDriver = com.datastax.driver.core.Cluster.builder() + try (com.datastax.driver.core.Cluster nonSSLDriver = com.datastax.driver.core.Cluster.builder() .addContactPoint(address.getHostAddress()) - .build(); - expectedException.expect(NoHostAvailableException.class); - assertNull(nonSSLDriver.connect()); + .build()) + { + expectedException.expect(NoHostAvailableException.class); + nonSSLDriver.connect(); + } } } @@ -380,24 +339,30 @@ public class NativeTransportEncryptionOptionsTest extends AbstractEncryptionOpti InetAddress address = cluster.get(1).config().broadcastAddress().getAddress(); // non-ssl connections should succeed - com.datastax.driver.core.Cluster nonSSLDriver = com.datastax.driver.core.Cluster.builder() - .addContactPoint(address.getHostAddress()) - .build(); - assertNotNull(nonSSLDriver.connect()); + try (com.datastax.driver.core.Cluster nonSSLDriver = com.datastax.driver.core.Cluster.builder() + .addContactPoint(address.getHostAddress()) + .build()) + { + assertNotNull(nonSSLDriver.connect()); + } // ssl connections should succeed - com.datastax.driver.core.Cluster sslDriver = com.datastax.driver.core.Cluster.builder() - .addContactPoint(address.getHostAddress()) - .withSSL(sslOptions(false)) - .build(); - assertNotNull(sslDriver.connect()); + try (com.datastax.driver.core.Cluster sslDriver = com.datastax.driver.core.Cluster.builder() + .addContactPoint(address.getHostAddress()) + .withSSL(sslOptions(false)) + .build()) + { + assertNotNull(sslDriver.connect()); + } // mtls connections should succeed - com.datastax.driver.core.Cluster mtlsDriver = com.datastax.driver.core.Cluster.builder() - .addContactPoint(address.getHostAddress()) - .withSSL(sslOptions(true)) - .build(); - assertNotNull(mtlsDriver.connect()); + try (com.datastax.driver.core.Cluster mtlsDriver = com.datastax.driver.core.Cluster.builder() + .addContactPoint(address.getHostAddress()) + .withSSL(sslOptions(true)) + .build()) + { + assertNotNull(mtlsDriver.connect()); + } } } @@ -436,17 +401,19 @@ public class NativeTransportEncryptionOptionsTest extends AbstractEncryptionOpti SslContext sslContext = sslContextBuilder.trustManager(createTrustManagerFactory(TlsTestUtils.SERVER_TRUSTSTORE_PATH, TlsTestUtils.SERVER_TRUSTSTORE_PASSWORD)) .build(); final SSLOptions sslOptions = socketChannel -> sslContext.newHandler(socketChannel.alloc()); - com.datastax.driver.core.Cluster driverCluster = com.datastax.driver.core.Cluster.builder() - .addContactPoint(address.getHostAddress()) - .withSSL(sslOptions) - .build(); - if (!ipInSAN) + try (com.datastax.driver.core.Cluster driverCluster = com.datastax.driver.core.Cluster.builder() + .addContactPoint(address.getHostAddress()) + .withSSL(sslOptions) + .build()) { - expectedException.expect(NoHostAvailableException.class); - } + if (!ipInSAN) + { + expectedException.expect(NoHostAvailableException.class); + } - driverCluster.connect(); + driverCluster.connect(); + } } } diff --git a/test/unit/org/apache/cassandra/config/ConfigCompatibilityTest.java b/test/unit/org/apache/cassandra/config/ConfigCompatibilityTest.java index f965182915..19d7f17d76 100644 --- a/test/unit/org/apache/cassandra/config/ConfigCompatibilityTest.java +++ b/test/unit/org/apache/cassandra/config/ConfigCompatibilityTest.java @@ -96,7 +96,15 @@ public class ConfigCompatibilityTest .add("commitlog_periodic_queue_size") .build(); - private static final Set<String> ALLOW_LIST = Sets.union(REMOVED_IN_40, REMOVED_IN_50); + private static final Set<String> REMOVED_IN_51 = ImmutableSet.<String>builder() + .add("native_transport_port_ssl") + .build(); + + private static final Set<String> ALLOW_LIST = ImmutableSet.<String>builder() + .addAll(REMOVED_IN_40) + .addAll(REMOVED_IN_50) + .addAll(REMOVED_IN_51) + .build(); private static final Set<String> EXPECTED_FOR_50 = ImmutableSet.<String>builder() // Switched to a parameterized class that can construct from a bare string @@ -146,7 +154,7 @@ public class ConfigCompatibilityTest @Test public void diff_5_0() throws IOException { - diff(TEST_DIR + "/version=5.0-alpha1.yml", ImmutableSet.<String>builder() + diff(TEST_DIR + "/version=5.0-alpha1.yml", ImmutableSet.<String>builder().addAll(REMOVED_IN_51) .build(), EXPECTED_FOR_50); } diff --git a/test/unit/org/apache/cassandra/cql3/CQLTester.java b/test/unit/org/apache/cassandra/cql3/CQLTester.java index 5f996e49af..18beee3d2a 100644 --- a/test/unit/org/apache/cassandra/cql3/CQLTester.java +++ b/test/unit/org/apache/cassandra/cql3/CQLTester.java @@ -660,7 +660,7 @@ public abstract class CQLTester Server.Builder serverBuilder = new Server.Builder().withHost(nativeAddr).withPort(nativePort); decorator.accept(serverBuilder); server = serverBuilder.build(); - ClientMetrics.instance.init(Collections.singleton(server)); + ClientMetrics.instance.init(server); server.start(); } diff --git a/test/unit/org/apache/cassandra/service/NativeTransportServiceTest.java b/test/unit/org/apache/cassandra/service/NativeTransportServiceTest.java index 2f45748739..645d5b8f8b 100644 --- a/test/unit/org/apache/cassandra/service/NativeTransportServiceTest.java +++ b/test/unit/org/apache/cassandra/service/NativeTransportServiceTest.java @@ -17,13 +17,10 @@ */ package org.apache.cassandra.service; -import java.util.Arrays; import java.util.function.BooleanSupplier; import java.util.function.Consumer; -import java.util.stream.Collectors; import java.util.stream.IntStream; -import com.google.common.collect.Sets; import org.junit.After; import org.junit.BeforeClass; import org.junit.Test; @@ -31,11 +28,10 @@ import org.junit.Test; import org.apache.cassandra.config.DatabaseDescriptor; import org.apache.cassandra.config.EncryptionOptions; import org.apache.cassandra.transport.Server; -import org.apache.cassandra.transport.TlsTestUtils; -import org.apache.cassandra.utils.Pair; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; public class NativeTransportServiceTest @@ -53,7 +49,6 @@ public class NativeTransportServiceTest public void resetConfig() { DatabaseDescriptor.updateNativeProtocolEncryptionOptions(update -> new EncryptionOptions(defaultOptions).applyConfig()); - DatabaseDescriptor.setNativeTransportPortSSL(null); } @Test @@ -121,8 +116,8 @@ public class NativeTransportServiceTest // default plain settings: client encryption disabled and default native transport port withService((NativeTransportService service) -> { - assertEquals(1, service.getServers().size()); - Server server = service.getServers().iterator().next(); + Server server = service.getServer(); + assertNotNull(server); assertEquals(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED, server.tlsEncryptionPolicy); assertEquals(server.socket.getPort(), DatabaseDescriptor.getNativeTransportPort()); }); @@ -138,8 +133,8 @@ public class NativeTransportServiceTest withService((NativeTransportService service) -> { service.initialize(); - assertEquals(1, service.getServers().size()); - Server server = service.getServers().iterator().next(); + Server server = service.getServer(); + assertNotNull(server); assertEquals(EncryptionOptions.TlsEncryptionPolicy.ENCRYPTED, server.tlsEncryptionPolicy); assertEquals(server.socket.getPort(), DatabaseDescriptor.getNativeTransportPort()); }, false, 1); @@ -155,98 +150,13 @@ public class NativeTransportServiceTest withService((NativeTransportService service) -> { service.initialize(); - assertEquals(1, service.getServers().size()); - Server server = service.getServers().iterator().next(); + Server server = service.getServer(); + assertNotNull(server); assertEquals(EncryptionOptions.TlsEncryptionPolicy.OPTIONAL, server.tlsEncryptionPolicy); assertEquals(server.socket.getPort(), DatabaseDescriptor.getNativeTransportPort()); }, false, 1); } - @Test - public void testSSLPortWithOptionalEncryption() - { - // ssl+non-ssl settings: client encryption enabled and additional ssl port specified - DatabaseDescriptor.updateNativeProtocolEncryptionOptions( - options -> options.withEnabled(true) - .withOptional(true) - .withKeyStore(TlsTestUtils.SERVER_KEYSTORE_PATH)); - DatabaseDescriptor.setNativeTransportPortSSL(8432); - - withService((NativeTransportService service) -> - { - service.initialize(); - assertEquals(2, service.getServers().size()); - assertEquals( - Sets.newHashSet(Arrays.asList( - Pair.create(EncryptionOptions.TlsEncryptionPolicy.OPTIONAL, - DatabaseDescriptor.getNativeTransportPortSSL()), - Pair.create(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED, - DatabaseDescriptor.getNativeTransportPort()) - ) - ), - service.getServers().stream().map((Server s) -> - Pair.create(s.tlsEncryptionPolicy, - s.socket.getPort())).collect(Collectors.toSet()) - ); - }, false, 1); - } - - @Test(expected=java.lang.IllegalStateException.class) - public void testSSLPortWithDisabledEncryption() - { - // ssl+non-ssl settings: client encryption disabled and additional ssl port specified - // should get an illegal state exception - DatabaseDescriptor.updateNativeProtocolEncryptionOptions( - options -> options.withEnabled(false)); - DatabaseDescriptor.setNativeTransportPortSSL(8432); - - withService((NativeTransportService service) -> - { - service.initialize(); - assertEquals(1, service.getServers().size()); - assertEquals( - Sets.newHashSet(Arrays.asList( - Pair.create(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED, - DatabaseDescriptor.getNativeTransportPort()) - ) - ), - service.getServers().stream().map((Server s) -> - Pair.create(s.tlsEncryptionPolicy, - s.socket.getPort())).collect(Collectors.toSet()) - ); - }, false, 1); - } - - @Test - public void testSSLPortWithEnabledSSL() - { - // ssl+non-ssl settings: client encryption enabled and additional ssl port specified - // encryption is enabled and not optional, so listen on both ports requiring encryption - DatabaseDescriptor.updateNativeProtocolEncryptionOptions( - options -> options.withEnabled(true) - .withOptional(false) - .withKeyStore(TlsTestUtils.SERVER_KEYSTORE_PATH)); - DatabaseDescriptor.setNativeTransportPortSSL(8432); - - withService((NativeTransportService service) -> - { - service.initialize(); - assertEquals(2, service.getServers().size()); - assertEquals( - Sets.newHashSet(Arrays.asList( - Pair.create(EncryptionOptions.TlsEncryptionPolicy.ENCRYPTED, - DatabaseDescriptor.getNativeTransportPortSSL()), - Pair.create(EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED, - DatabaseDescriptor.getNativeTransportPort()) - ) - ), - service.getServers().stream().map((Server s) -> - Pair.create(s.tlsEncryptionPolicy, - s.socket.getPort())).collect(Collectors.toSet()) - ); - }, false, 1); - } - private static void withService(Consumer<NativeTransportService> f) { withService(f, true, 1); diff --git a/test/unit/org/apache/cassandra/transport/CQLConnectionTest.java b/test/unit/org/apache/cassandra/transport/CQLConnectionTest.java index 110b58d5eb..4a4d94264d 100644 --- a/test/unit/org/apache/cassandra/transport/CQLConnectionTest.java +++ b/test/unit/org/apache/cassandra/transport/CQLConnectionTest.java @@ -509,7 +509,7 @@ public class CQLConnectionTest .withPort(port) .withPipelineConfigurator(configurator) .build(); - ClientMetrics.instance.init(Collections.singleton(server)); + ClientMetrics.instance.init(server); return server; } diff --git a/test/unit/org/apache/cassandra/transport/MessageDispatcherTest.java b/test/unit/org/apache/cassandra/transport/MessageDispatcherTest.java index 0c70315e25..8e9c7db4b9 100644 --- a/test/unit/org/apache/cassandra/transport/MessageDispatcherTest.java +++ b/test/unit/org/apache/cassandra/transport/MessageDispatcherTest.java @@ -18,7 +18,6 @@ package org.apache.cassandra.transport; -import java.util.Collections; import java.util.concurrent.Callable; import java.util.concurrent.TimeUnit; @@ -51,7 +50,7 @@ public class MessageDispatcherTest public static void init() throws Exception { DatabaseDescriptor.daemonInitialization(); - ClientMetrics.instance.init(Collections.emptyList()); + ClientMetrics.instance.init(null); maxAuthThreadsBeforeTests = DatabaseDescriptor.getNativeTransportMaxAuthThreads(); dispatch = new AuthTestDispatcher(); } --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org