You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by yu...@apache.org on 2016/05/24 19:49:48 UTC
[04/10] cassandra git commit: Enable client encryption in
sstableloader with cli options
Enable client encryption in sstableloader with cli options
patch by yukim; reviewed by Alex Petrov for CASSANDRA-11708
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/148f369d
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/148f369d
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/148f369d
Branch: refs/heads/trunk
Commit: 148f369d7658c60620c28f18442fcc4024dbb32a
Parents: ffd10a9
Author: Yuki Morishita <yu...@apache.org>
Authored: Tue May 24 13:38:29 2016 -0500
Committer: Yuki Morishita <yu...@apache.org>
Committed: Tue May 24 13:38:29 2016 -0500
----------------------------------------------------------------------
CHANGES.txt | 1 +
.../org/apache/cassandra/tools/BulkLoader.java | 30 ++++++++++++--------
2 files changed, 19 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/148f369d/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index d7ca9e5..acdf2e9 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
2.2.7
+ * Enable client encryption in sstableloader with cli options (CASSANDRA-11708)
* Possible memory leak in NIODataInputStream (CASSANDRA-11867)
* Fix commit log replay after out-of-order flush completion (CASSANDRA-9669)
* Add seconds to cqlsh tracing session duration (CASSANDRA-11753)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/148f369d/src/java/org/apache/cassandra/tools/BulkLoader.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/tools/BulkLoader.java b/src/java/org/apache/cassandra/tools/BulkLoader.java
index 6d19f5e..7d0fdc8 100644
--- a/src/java/org/apache/cassandra/tools/BulkLoader.java
+++ b/src/java/org/apache/cassandra/tools/BulkLoader.java
@@ -80,7 +80,7 @@ public class BulkLoader
options.storagePort,
options.sslStoragePort,
options.serverEncOptions,
- buildSSLOptions((EncryptionOptions.ClientEncryptionOptions)options.encOptions)),
+ buildSSLOptions(options.clientEncOptions)),
handler,
options.connectionsPerHost);
DatabaseDescriptor.setStreamThroughputOutboundMegabitsPerSec(options.throttle);
@@ -313,7 +313,7 @@ public class BulkLoader
public int interDcThrottle = 0;
public int storagePort;
public int sslStoragePort;
- public EncryptionOptions encOptions = new EncryptionOptions.ClientEncryptionOptions();
+ public EncryptionOptions.ClientEncryptionOptions clientEncOptions = new EncryptionOptions.ClientEncryptionOptions();
public int connectionsPerHost = 1;
public EncryptionOptions.ServerEncryptionOptions serverEncOptions = new EncryptionOptions.ServerEncryptionOptions();
@@ -442,7 +442,7 @@ public class BulkLoader
opts.sslStoragePort = config.ssl_storage_port;
opts.throttle = config.stream_throughput_outbound_megabits_per_sec;
opts.interDcThrottle = config.inter_dc_stream_throughput_outbound_megabits_per_sec;
- opts.encOptions = config.client_encryption_options;
+ opts.clientEncOptions = config.client_encryption_options;
opts.serverEncOptions = config.server_encryption_options;
if (cmd.hasOption(THROTTLE_MBITS))
@@ -455,46 +455,52 @@ public class BulkLoader
opts.interDcThrottle = Integer.parseInt(cmd.getOptionValue(INTER_DC_THROTTLE_MBITS));
}
+ if (cmd.hasOption(SSL_TRUSTSTORE) || cmd.hasOption(SSL_TRUSTSTORE_PW) ||
+ cmd.hasOption(SSL_KEYSTORE) || cmd.hasOption(SSL_KEYSTORE_PW))
+ {
+ opts.clientEncOptions.enabled = true;
+ }
+
if (cmd.hasOption(SSL_TRUSTSTORE))
{
- opts.encOptions.truststore = cmd.getOptionValue(SSL_TRUSTSTORE);
+ opts.clientEncOptions.truststore = cmd.getOptionValue(SSL_TRUSTSTORE);
}
if (cmd.hasOption(SSL_TRUSTSTORE_PW))
{
- opts.encOptions.truststore_password = cmd.getOptionValue(SSL_TRUSTSTORE_PW);
+ opts.clientEncOptions.truststore_password = cmd.getOptionValue(SSL_TRUSTSTORE_PW);
}
if (cmd.hasOption(SSL_KEYSTORE))
{
- opts.encOptions.keystore = cmd.getOptionValue(SSL_KEYSTORE);
+ opts.clientEncOptions.keystore = cmd.getOptionValue(SSL_KEYSTORE);
// if a keystore was provided, lets assume we'll need to use it
- opts.encOptions.require_client_auth = true;
+ opts.clientEncOptions.require_client_auth = true;
}
if (cmd.hasOption(SSL_KEYSTORE_PW))
{
- opts.encOptions.keystore_password = cmd.getOptionValue(SSL_KEYSTORE_PW);
+ opts.clientEncOptions.keystore_password = cmd.getOptionValue(SSL_KEYSTORE_PW);
}
if (cmd.hasOption(SSL_PROTOCOL))
{
- opts.encOptions.protocol = cmd.getOptionValue(SSL_PROTOCOL);
+ opts.clientEncOptions.protocol = cmd.getOptionValue(SSL_PROTOCOL);
}
if (cmd.hasOption(SSL_ALGORITHM))
{
- opts.encOptions.algorithm = cmd.getOptionValue(SSL_ALGORITHM);
+ opts.clientEncOptions.algorithm = cmd.getOptionValue(SSL_ALGORITHM);
}
if (cmd.hasOption(SSL_STORE_TYPE))
{
- opts.encOptions.store_type = cmd.getOptionValue(SSL_STORE_TYPE);
+ opts.clientEncOptions.store_type = cmd.getOptionValue(SSL_STORE_TYPE);
}
if (cmd.hasOption(SSL_CIPHER_SUITES))
{
- opts.encOptions.cipher_suites = cmd.getOptionValue(SSL_CIPHER_SUITES).split(",");
+ opts.clientEncOptions.cipher_suites = cmd.getOptionValue(SSL_CIPHER_SUITES).split(",");
}
return opts;