You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by ja...@apache.org on 2023/11/14 00:29:33 UTC

(pinot) branch master updated: add an option to skip controller cert validation in AddTableCommand (#11967)

This is an automated email from the ASF dual-hosted git repository.

jackie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git


The following commit(s) were added to refs/heads/master by this push:
     new 0dd2522afd add an option to skip controller cert validation in AddTableCommand (#11967)
0dd2522afd is described below

commit 0dd2522afdaa6747fc8285b4288258cf26e7d04e
Author: Haitao Zhang <ha...@startree.ai>
AuthorDate: Mon Nov 13 16:29:26 2023 -0800

    add an option to skip controller cert validation in AddTableCommand (#11967)
---
 .../admin/command/AbstractBaseAdminCommand.java    | 13 +++++++++++
 .../pinot/tools/admin/command/AddTableCommand.java | 26 ++++++++++++++++++----
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/AbstractBaseAdminCommand.java b/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/AbstractBaseAdminCommand.java
index a9daa01a01..62f77c72b9 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/AbstractBaseAdminCommand.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/AbstractBaseAdminCommand.java
@@ -31,6 +31,9 @@ import java.nio.charset.StandardCharsets;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import javax.annotation.Nullable;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
 import org.apache.commons.configuration2.ex.ConfigurationException;
 import org.apache.http.Header;
 import org.apache.pinot.tools.AbstractBaseCommand;
@@ -76,6 +79,16 @@ public class AbstractBaseAdminCommand extends AbstractBaseCommand {
 
   public static String sendRequest(String requestMethod, String urlString, String payload, List<Header> headers)
       throws IOException {
+    return sendRequest(requestMethod, urlString, payload, headers, null);
+  }
+
+  public static String sendRequest(String requestMethod, String urlString, String payload, List<Header> headers,
+      @Nullable SSLContext sslContext)
+      throws IOException {
+    if (sslContext != null) {
+      // Set the default SSL socket factory to use the custom SSL context
+      HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
+    }
     final URL url = new URL(urlString);
     final HttpURLConnection conn = (HttpURLConnection) url.openConnection();
 
diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/AddTableCommand.java b/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/AddTableCommand.java
index 898ef86e86..8873c7bf87 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/AddTableCommand.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/AddTableCommand.java
@@ -23,12 +23,15 @@ import com.google.common.base.Preconditions;
 import java.io.File;
 import java.io.IOException;
 import java.util.concurrent.Callable;
+import javax.net.ssl.SSLContext;
 import org.apache.pinot.common.auth.AuthProviderUtils;
+import org.apache.pinot.common.utils.ClientSSLContextGenerator;
 import org.apache.pinot.spi.auth.AuthProvider;
 import org.apache.pinot.spi.config.TableConfigs;
 import org.apache.pinot.spi.config.table.TableConfig;
 import org.apache.pinot.spi.config.table.TableType;
 import org.apache.pinot.spi.data.Schema;
+import org.apache.pinot.spi.env.PinotConfiguration;
 import org.apache.pinot.spi.utils.CommonConstants;
 import org.apache.pinot.spi.utils.JsonUtils;
 import org.apache.pinot.spi.utils.NetUtils;
@@ -76,13 +79,17 @@ public class AddTableCommand extends AbstractBaseAdminCommand implements Command
   @CommandLine.Option(names = {"-controllerProtocol"}, required = false, description = "protocol for controller.")
   private String _controllerProtocol = CommonConstants.HTTP_PROTOCOL;
 
-  @CommandLine.Option(names = {"-update"}, required = false,
-      description = "Update the existing table instead of creating new one")
+  @CommandLine.Option(names = {"-update"}, required = false, description = "Update the existing table instead of "
+      + "creating new one")
   private boolean _update = false;
 
   @CommandLine.Option(names = {"-exec"}, required = false, description = "Execute the command.")
   private boolean _exec;
 
+  @CommandLine.Option(names = {"-skipControllerCertValidation"}, required = false, description = "Whether to skip"
+      + " controller certification validation.")
+  private boolean _skipControllerCertValidation = false;
+
   @CommandLine.Option(names = {"-user"}, required = false, description = "Username for basic auth.")
   private String _user;
 
@@ -190,7 +197,8 @@ public class AddTableCommand extends AbstractBaseAdminCommand implements Command
     String res = AbstractBaseAdminCommand.sendRequest("POST",
         ControllerRequestURLBuilder.baseUrl(_controllerAddress).forTableConfigsCreate(), node.toString(),
         AuthProviderUtils.makeAuthHeaders(
-            AuthProviderUtils.makeAuthProvider(_authProvider, _authTokenUrl, _authToken, _user, _password)));
+            AuthProviderUtils.makeAuthProvider(_authProvider, _authTokenUrl, _authToken, _user, _password)),
+        makeTrustAllSSLContext());
     LOGGER.info(res);
     return res.contains("successfully added");
   }
@@ -200,11 +208,21 @@ public class AddTableCommand extends AbstractBaseAdminCommand implements Command
     String res = AbstractBaseAdminCommand.sendRequest("PUT",
         ControllerRequestURLBuilder.baseUrl(_controllerAddress).forTableConfigsUpdate(tableName), node.toString(),
         AuthProviderUtils.makeAuthHeaders(
-            AuthProviderUtils.makeAuthProvider(_authProvider, _authTokenUrl, _authToken, _user, _password)));
+            AuthProviderUtils.makeAuthProvider(_authProvider, _authTokenUrl, _authToken, _user, _password)),
+        makeTrustAllSSLContext());
     LOGGER.info(res);
     return res.contains("TableConfigs updated");
   }
 
+  private SSLContext makeTrustAllSSLContext() {
+    if (_skipControllerCertValidation) {
+      PinotConfiguration trustAllSslConfig = new PinotConfiguration();
+      return new ClientSSLContextGenerator(trustAllSslConfig).generate();
+    } else {
+      return null;
+    }
+  }
+
   @Override
   public boolean execute()
       throws Exception {


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org