You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by su...@apache.org on 2023/05/05 09:02:35 UTC
[shardingsphere] branch master updated: Remove unnecessary configuration from properties (#25466)
This is an automated email from the ASF dual-hosted git repository.
sunnianjun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new bc035ddbf71 Remove unnecessary configuration from properties (#25466)
bc035ddbf71 is described below
commit bc035ddbf716b39c1b3a03efb7d4de7ce98b465c
Author: 吴伟杰 <wu...@apache.org>
AuthorDate: Fri May 5 17:02:21 2023 +0800
Remove unnecessary configuration from properties (#25466)
---
.../shardingsphere-proxy/yaml-config/props.cn.md | 2 --
.../shardingsphere-proxy/yaml-config/props.en.md | 2 --
.../config/props/ConfigurationPropertyKey.java | 10 ------
.../queryable/ShowDistVariablesExecutorTest.java | 2 +-
.../bootstrap/src/main/resources/conf/server.yaml | 3 --
.../proxy/frontend/ssl/ProxySSLContext.java | 25 ++++----------
.../proxy/frontend/ssl/ProxySSLContextTest.java | 39 ----------------------
7 files changed, 8 insertions(+), 75 deletions(-)
diff --git a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/props.cn.md b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/props.cn.md
index 7b2e6eaa939..a708e0b3e0c 100644
--- a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/props.cn.md
+++ b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/props.cn.md
@@ -28,8 +28,6 @@ Apache ShardingSphere 提供了丰富的系统配置属性,用户可通过 `se
| proxy-netty-backlog (?) | int | Proxy 通过配置文件指定默认netty back_log参数。 | 1024 | 否 |
| proxy-frontend-database-protocol-type (?) | String | Proxy 前端协议类型,支持 MySQL,PostgreSQL 和 openGauss | \"\" | 否 |
| proxy-frontend-ssl-enabled (?) | boolean | Proxy 前端启用 SSL/TLS。 | false | 否 |
-| proxy-frontend-ssl-cert-file (?) | String | PEM 格式的 X.509 证书链文件。当没有设置证书和私钥文件时,ShardingSphere-Proxy 会生成一个临时的 RSA 密钥对和一个自签名的 X.509 证书。 | \"\" | 否 |
-| proxy-frontend-ssl-key-file (?) | String | PEM 格式的 PKCS#8 私钥文件。 | \"\" | 否 |
| proxy-frontend-ssl-version (?) | String | 要启用的 SSL/TLS 协议。空白以使用默认值。 | TLSv1.2,TLSv1.3 | 否 |
| proxy-frontend-ssl-cipher (?) | String | 按偏好顺序启用的密码套件。用逗号分隔的多密码套件。空白以使用默认值。 | \"\" | 否 |
diff --git a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/props.en.md b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/props.en.md
index 903336c8ea1..ba538fcb3d7 100644
--- a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/props.en.md
+++ b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/props.en.md
@@ -28,8 +28,6 @@ Apache ShardingSphere provides a wealth of system configuration properties, whic
| proxy-netty-backlog (?) | int | Proxy specifies the default netty back_log parameter through configuration files. | 1024 | False |
| proxy-frontend-database-protocol-type (?) | String | Proxy front-end protocol type, supports MySQL, PostgreSQL, openGauss | \"\" | False |
| proxy-frontend-ssl-enabled (?) | boolean | Enable SSL/TLS for ShardingSphere-Proxy frontend. | false | False |
-| proxy-frontend-ssl-cert-file (?) | String | An X.509 certificate chain file in PEM format. When certificate and private key files not set, ShardingSphere-Proxy will generate a temporary RSA key pair and a self-signed X.509 certificate. | \"\" | False |
-| proxy-frontend-ssl-key-file (?) | String | a PKCS#8 private key file in PEM format. | \"\" | False |
| proxy-frontend-ssl-version (?) | String | The SSL/TLS protocols to enable. Blank to use default. | TLSv1.2,TLSv1.3 | False |
| proxy-frontend-ssl-cipher (?) | String | The cipher suites to enable, in the order of preference. Multi cipher suites separated by comma. Blank to use default. | \"\" | False |
diff --git a/infra/common/src/main/java/org/apache/shardingsphere/infra/config/props/ConfigurationPropertyKey.java b/infra/common/src/main/java/org/apache/shardingsphere/infra/config/props/ConfigurationPropertyKey.java
index b95cbe4b5dc..4b193791504 100644
--- a/infra/common/src/main/java/org/apache/shardingsphere/infra/config/props/ConfigurationPropertyKey.java
+++ b/infra/common/src/main/java/org/apache/shardingsphere/infra/config/props/ConfigurationPropertyKey.java
@@ -123,16 +123,6 @@ public enum ConfigurationPropertyKey implements TypedPropertyKey {
*/
PROXY_FRONTEND_SSL_ENABLED("proxy-frontend-ssl-enabled", String.valueOf(Boolean.FALSE), boolean.class, true),
- /**
- * Proxy frontend SSL certificate file.
- */
- PROXY_FRONTEND_SSL_CERT_FILE("proxy-frontend-ssl-cert-file", "", String.class, true),
-
- /**
- * Proxy frontend SSL private key file.
- */
- PROXY_FRONTEND_SSL_KEY_FILE("proxy-frontend-ssl-key-file", "", String.class, true),
-
/**
* Proxy frontend SSL protocol version.
*/
diff --git a/proxy/backend/core/src/test/java/org/apache/shardingsphere/proxy/backend/handler/distsql/ral/queryable/ShowDistVariablesExecutorTest.java b/proxy/backend/core/src/test/java/org/apache/shardingsphere/proxy/backend/handler/distsql/ral/queryable/ShowDistVariablesExecutorTest.java
index 13196355585..f463637b6b5 100644
--- a/proxy/backend/core/src/test/java/org/apache/shardingsphere/proxy/backend/handler/distsql/ral/queryable/ShowDistVariablesExecutorTest.java
+++ b/proxy/backend/core/src/test/java/org/apache/shardingsphere/proxy/backend/handler/distsql/ral/queryable/ShowDistVariablesExecutorTest.java
@@ -63,7 +63,7 @@ class ShowDistVariablesExecutorTest {
when(metaData.getGlobalRuleMetaData()).thenReturn(new ShardingSphereRuleMetaData(Collections.singleton(new LoggingRule(new DefaultLoggingRuleConfigurationBuilder().build()))));
ShowDistVariablesExecutor executor = new ShowDistVariablesExecutor();
Collection<LocalDataQueryResultRow> actual = executor.getRows(metaData, connectionSession, mock(ShowDistVariablesStatement.class));
- assertThat(actual.size(), is(26));
+ assertThat(actual.size(), is(24));
LocalDataQueryResultRow row = actual.iterator().next();
assertThat(row.getCell(1), is("agent_plugins_enabled"));
assertThat(row.getCell(2), is("true"));
diff --git a/proxy/bootstrap/src/main/resources/conf/server.yaml b/proxy/bootstrap/src/main/resources/conf/server.yaml
index 0d1e1b2115f..862b722c8ab 100644
--- a/proxy/bootstrap/src/main/resources/conf/server.yaml
+++ b/proxy/bootstrap/src/main/resources/conf/server.yaml
@@ -83,8 +83,5 @@
# proxy-netty-backlog: 1024 # Proxy netty backlog.
# cdc-server-port: 33071 # CDC server port
# proxy-frontend-ssl-enabled: false
-# # When certificate and private key files not set, Proxy will generate a temporary RSA key pair and a self-signed X.509 certificate.
-# proxy-frontend-ssl-cert-file: ''
-# proxy-frontend-ssl-key-file: ''
# proxy-frontend-ssl-cipher: ''
# proxy-frontend-ssl-version: TLSv1.2,TLSv1.3
diff --git a/proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContext.java b/proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContext.java
index 65bb89f3dbd..b2947f8d712 100644
--- a/proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContext.java
+++ b/proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContext.java
@@ -17,7 +17,6 @@
package org.apache.shardingsphere.proxy.frontend.ssl;
-import com.google.common.base.Preconditions;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
@@ -27,7 +26,6 @@ import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
-import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Arrays;
@@ -52,18 +50,7 @@ public final class ProxySSLContext {
log.info("Proxy frontend SSL/TLS is not enabled.");
return;
}
- String certFile = ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CERT_FILE).trim();
- String keyFile = ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_KEY_FILE).trim();
- SslContextBuilder sslContextBuilder;
- if (isUserProvidedCertificate(certFile, keyFile)) {
- sslContextBuilder = SslContextBuilder.forServer(Paths.get(certFile).toFile(), Paths.get(keyFile).toFile());
- log.info("Using X.509 certificate chain file [{}] and private key file [{}]", certFile, keyFile);
- } else {
- KeyPair keyPair = SSLUtils.generateRSAKeyPair();
- X509Certificate x509Certificate = SSLUtils.generateSelfSignedX509Certificate(keyPair);
- sslContextBuilder = SslContextBuilder.forServer(keyPair.getPrivate(), x509Certificate);
- log.warn("RSA key pair and CA certificate are generated by ShardingSphere-Proxy and self-signed.");
- }
+ SslContextBuilder sslContextBuilder = prepareSslContextBuilder();
String versions = ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_VERSION).trim();
sslContextBuilder.protocols(versions.split(","));
String ciphers = ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CIPHER).trim();
@@ -74,10 +61,12 @@ public final class ProxySSLContext {
log.info("Proxy frontend SSL/TLS is enabled. Supported protocols: {}", versions);
}
- private static boolean isUserProvidedCertificate(final String keyFile, final String certFile) {
- Preconditions.checkArgument(keyFile.isEmpty() && certFile.isEmpty() || !keyFile.isEmpty() && !certFile.isEmpty(), "%s and %s must be either both empty or both non-empty",
- ConfigurationPropertyKey.PROXY_FRONTEND_SSL_KEY_FILE.getKey(), ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CERT_FILE.getKey());
- return !keyFile.isEmpty();
+ private static SslContextBuilder prepareSslContextBuilder() {
+ KeyPair keyPair = SSLUtils.generateRSAKeyPair();
+ X509Certificate x509Certificate = SSLUtils.generateSelfSignedX509Certificate(keyPair);
+ SslContextBuilder result = SslContextBuilder.forServer(keyPair.getPrivate(), x509Certificate);
+ log.warn("RSA key pair and CA certificate are generated by ShardingSphere-Proxy and self-signed.");
+ return result;
}
/**
diff --git a/proxy/frontend/core/src/test/java/org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContextTest.java b/proxy/frontend/core/src/test/java/org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContextTest.java
index 579f58f134a..87a81e728cd 100644
--- a/proxy/frontend/core/src/test/java/org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContextTest.java
+++ b/proxy/frontend/core/src/test/java/org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContextTest.java
@@ -35,21 +35,17 @@ import org.mockito.internal.configuration.plugins.Plugins;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
-import java.io.File;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
-import java.util.Arrays;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockStatic;
-import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@ExtendWith(AutoMockExtension.class)
@@ -69,44 +65,9 @@ class ProxySSLContextTest {
assertNull(getSslContext());
}
- @Test
- void assertInitWithIllegalConfig() {
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<Boolean>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_ENABLED)).thenReturn(true);
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CERT_FILE)).thenReturn("");
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_KEY_FILE)).thenReturn("key");
- assertThrows(IllegalArgumentException.class, ProxySSLContext::init);
- }
-
- @Test
- void assertInitWithUserProvidedCertificate() throws SSLException {
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<Boolean>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_ENABLED)).thenReturn(true);
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CERT_FILE)).thenReturn("cert");
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_KEY_FILE)).thenReturn("key");
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_VERSION))
- .thenReturn("TLSv1.2,TLSv1.3");
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CIPHER))
- .thenReturn("CIPHER1,CIPHER2");
- SslContextBuilder builder = mock(SslContextBuilder.class);
- SslContext expectedSslContext = mock(SslContext.class);
- when(builder.build()).thenReturn(expectedSslContext);
- SSLEngine expectedSSLEngine = mock(SSLEngine.class);
- when(expectedSslContext.newEngine(UnpooledByteBufAllocator.DEFAULT)).thenReturn(expectedSSLEngine);
- try (MockedStatic<SslContextBuilder> mockedStatic = mockStatic(SslContextBuilder.class)) {
- mockedStatic.when(() -> SslContextBuilder.forServer(any(File.class), any(File.class))).thenReturn(builder);
- ProxySSLContext.init();
- }
- verify(builder).protocols("TLSv1.2", "TLSv1.3");
- verify(builder).ciphers(Arrays.asList("CIPHER1", "CIPHER2"));
- assertThat(getSslContext(), is(expectedSslContext));
- assertTrue(ProxySSLContext.getInstance().isSSLEnabled());
- assertThat(ProxySSLContext.getInstance().newSSLEngine(UnpooledByteBufAllocator.DEFAULT), is(expectedSSLEngine));
- }
-
@Test
void assertInitWithGeneratedSelfSignedCertificate() throws SSLException {
when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<Boolean>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_ENABLED)).thenReturn(true);
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CERT_FILE)).thenReturn("");
- when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_KEY_FILE)).thenReturn("");
when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_VERSION))
.thenReturn("TLSv1.2,TLSv1.3");
when(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().<String>getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CIPHER))