You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2021/01/14 22:08:07 UTC

[GitHub] [druid] misqos opened a new pull request #10765: Add the ability to supply client certificate to dsql command line tool.

misqos opened a new pull request #10765:
URL: https://github.com/apache/druid/pull/10765


   <!-- Thanks for trying to help us make Apache Druid be the best it can be! Please fill out as much of the following information as is possible (where relevant, and remove it when irrelevant) to help make the intention and scope of this PR clear in order to ease review. -->
   
   <!-- Replace XXXX with the id of the issue fixed in this PR. Remove this section if there is no corresponding issue. Don't reference the issue in the title of this pull-request. -->
   
   <!-- If you are a committer, follow the PR action item checklist for committers:
   https://github.com/apache/druid/blob/master/dev/committer-instructions.md#pr-and-issue-action-item-checklist-for-committers. -->
   
   ### Description
   
   Add the ability to supply client certificate to dsql command line tool.
   If the server is configured to do mutual SSL auth, there is no way of making dsql command line tool to work with Druid set up in this way. This PR adds the possibility to supply client certificate parameters, so that the appropriate cert is presented to server.
   
   <!-- Describe the goal of this PR, what problem are you fixing. If there is a corresponding issue (referenced above), it's not necessary to repeat the description here, however, you may choose to keep one summary sentence. -->
   
   Added three new flags: `--certchain`, `--keyfile` and `--keypass`. Their values are supplied to `SSLContext`'s `load_cert_chain()` method if they're present.
   
   <!-- Describe your patch: what did you change in code? How did you fix the problem? -->
   
   <!-- If there are several relatively logically separate changes in this PR, create a mini-section for each of them. For example: -->
   <!--
   In each section, please describe design decisions made, including:
    - Choice of algorithms
    - Behavioral aspects. What configuration values are acceptable? How are corner cases and error conditions handled, such as when there are insufficient resources?
    - Class organization and design (how the logic is split between classes, inheritance, composition, design patterns)
    - Method organization and design (how the logic is split between methods, parameters and return types)
    - Naming (class, method, API, configuration, HTTP endpoint, names of emitted metrics)
   -->
   
   
   <!-- It's good to describe an alternative design (or mention an alternative name) for every design (or naming) decision point and compare the alternatives with the designs that you've implemented (or the names you've chosen) to highlight the advantages of the chosen designs and names. -->
   
   <!-- If there was a discussion of the design of the feature implemented in this PR elsewhere (e. g. a "Proposal" issue, any other issue, or a thread in the development mailing list), link to that discussion from this PR description and explain what have changed in your final design compared to your original proposal or the consensus version in the end of the discussion. If something hasn't changed since the original discussion, you can omit a detailed discussion of those aspects of the design here, perhaps apart from brief mentioning for the sake of readability of this PR description. -->
   
   <!-- Some of the aspects mentioned above may be omitted for simple and small changes. -->
   
   <hr>
   
   This PR has:
   - [x] been self-reviewed.
   - [x] been tested in a test Druid cluster.
   
   <!-- Check the items by putting "x" in the brackets for the done things. Not all of these items apply to every PR. Remove the items which are not done or not relevant to the PR. None of the items from the checklist above are strictly necessary, but it would be very helpful if you at least self-review the PR. -->
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org


[GitHub] [druid] suneet-s merged pull request #10765: Add the ability to supply client certificate to dsql command line tool.

Posted by GitBox <gi...@apache.org>.
suneet-s merged pull request #10765:
URL: https://github.com/apache/druid/pull/10765


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org


[GitHub] [druid] misqos commented on pull request #10765: Add the ability to supply client certificate to dsql command line tool.

Posted by GitBox <gi...@apache.org>.
misqos commented on pull request #10765:
URL: https://github.com/apache/druid/pull/10765#issuecomment-767478610


   hello @suneet-s
   In terms of documentation I am not convinced we should add those details - if we want to do so, we should probably create the rest of documentation for `dsql`, since even the information about `--host` flag is missing. IMO this is beyond the scope of this PR, but I can do that if that's needed for this PR to be merged.
   I will take a look at tests later this week.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org


[GitHub] [druid] suneet-s commented on pull request #10765: Add the ability to supply client certificate to dsql command line tool.

Posted by GitBox <gi...@apache.org>.
suneet-s commented on pull request #10765:
URL: https://github.com/apache/druid/pull/10765#issuecomment-765574168


   @misqos Thanks for the contribution! I've re-triggered the failed test because I think it's flaky.
   
   Do you think we should add documentation for this in https://github.com/apache/druid/blob/master/docs/tutorials/tutorial-query.md#query-sql-via-dsql ?
   
   Also, do you think we can add an automated test for this by reusing the current integration test cluster that's set up for the security integration tests? See the tests under the group `TestNGGroup.SECURITY` and the cluster set up in https://github.com/apache/druid/blob/master/integration-tests/docker/docker-compose.security.yml


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org


[GitHub] [druid] suneet-s commented on pull request #10765: Add the ability to supply client certificate to dsql command line tool.

Posted by GitBox <gi...@apache.org>.
suneet-s commented on pull request #10765:
URL: https://github.com/apache/druid/pull/10765#issuecomment-767986992


   > hello @suneet-s
   > In terms of documentation I am not convinced we should add those details - if we want to do so, we should probably create the rest of documentation for `dsql`, since even the information about `--host` flag is missing. IMO this is beyond the scope of this PR, but I can do that if that's needed for this PR to be merged.
   > I will take a look at tests later this week.
   
   Thanks @misqos! I don't think you need to update the docs on all the different config options. However writing a line or two on why someone would use these new options would be helpful for new users. Something similar to your PR description would be perfect.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org