You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2019/04/19 15:16:28 UTC
[impala] 01/02: IMPALA-8407: Warn when Impala shell fails to
connect due to tlsv1.2
This is an automated email from the ASF dual-hosted git repository.
tarmstrong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
commit 10b9195035a7a8f948c378a09b357deb549c8285
Author: Thomas Tauber-Marshall <tm...@cloudera.com>
AuthorDate: Thu Apr 11 14:06:51 2019 -0700
IMPALA-8407: Warn when Impala shell fails to connect due to tlsv1.2
When impala-shell is used to connect to an impala cluster with
--ssl_minimum_version=tlsv1.2, if the Python version being used is
< 2.7.9 the connection will fail due to a limitation of TSSLSocket.
See IMPALA-6990 for more details.
Currently, when this occurs, the error that gets printed is "EOF
occurred in violation of protocol", which is not very helpful. This
patch detect this situation and prints a more informative warning.
Testing:
- Updated test_tls_v12 so that instead of being skipped on affected
platforms, it runs and checks for the presence of the warning.
Change-Id: I3feddaccb9be3a15220ce9e59aa7ed41d41b8ab6
Reviewed-on: http://gerrit.cloudera.org:8080/13003
Reviewed-by: Thomas Marshall <tm...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
shell/impala_shell.py | 3 +++
tests/custom_cluster/test_client_ssl.py | 10 +++++++---
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/shell/impala_shell.py b/shell/impala_shell.py
index d382c8b..1caeb9a 100755
--- a/shell/impala_shell.py
+++ b/shell/impala_shell.py
@@ -840,6 +840,9 @@ class ImpalaShell(object, cmd.Cmd):
self.ldap_password.endswith('\n'):
print_to_stderr("Warning: LDAP password contains a trailing newline. "
"Did you use 'echo' instead of 'echo -n'?")
+ if self.use_ssl and sys.version_info < (2,7,9) \
+ and "EOF occurred in violation of protocol" in str(e):
+ print_to_stderr("Warning: TLSv1.2 is not supported for Python < 2.7.9")
print_to_stderr("Error connecting: %s, %s" % (type(e).__name__, e))
# A secure connection may still be open. So we explicitly close it.
self.imp_client.close_connection()
diff --git a/tests/custom_cluster/test_client_ssl.py b/tests/custom_cluster/test_client_ssl.py
index 9faf304..c823be9 100644
--- a/tests/custom_cluster/test_client_ssl.py
+++ b/tests/custom_cluster/test_client_ssl.py
@@ -165,10 +165,14 @@ class TestClientSsl(CustomClusterTestSuite):
statestored_args=TLS_V12_ARGS,
catalogd_args=TLS_V12_ARGS)
@pytest.mark.skipif(SKIP_SSL_MSG is not None, reason=SKIP_SSL_MSG)
- @pytest.mark.skipif(sys.version_info < REQUIRED_MIN_PYTHON_VERSION_FOR_TLSV12, \
- reason="Python version too old to allow Thrift client to use TLSv1.2")
def test_tls_v12(self, vector):
- self._validate_positive_cases("%s/server-cert.pem" % self.CERT_DIR)
+ if sys.version_info < REQUIRED_MIN_PYTHON_VERSION_FOR_TLSV12:
+ result = run_impala_shell_cmd_no_expect(
+ "--ssl -q 'select 1 + 2'", wait_until_connected=False)
+ assert "Warning: TLSv1.2 is not supported for Python < 2.7.9" in result.stderr, \
+ result.stderr
+ else:
+ self._validate_positive_cases("%s/server-cert.pem" % self.CERT_DIR)
@pytest.mark.execute_serially
@CustomClusterTestSuite.with_args(impalad_args=SSL_WILDCARD_ARGS,