You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tez.apache.org by rb...@apache.org on 2019/11/09 00:20:26 UTC
[tez] branch master updated: TEZ-4096: SSLFactory should pickup
configs from incoming conf payload (rbalamohan, reviewed by gopalv)
This is an automated email from the ASF dual-hosted git repository.
rbalamohan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tez.git
The following commit(s) were added to refs/heads/master by this push:
new 8c8458f TEZ-4096: SSLFactory should pickup configs from incoming conf payload (rbalamohan, reviewed by gopalv)
8c8458f is described below
commit 8c8458f69fec315837feede20bcabb1131ab3835
Author: Rajesh Balamohan <rb...@apache.org>
AuthorDate: Sat Nov 9 05:50:09 2019 +0530
TEZ-4096: SSLFactory should pickup configs from incoming conf payload (rbalamohan, reviewed by gopalv)
---
.../src/main/java/org/apache/tez/http/SSLFactory.java | 6 +++---
.../org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java | 3 ++-
.../apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java | 2 ++
tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java | 4 ++++
4 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/tez-runtime-library/src/main/java/org/apache/tez/http/SSLFactory.java b/tez-runtime-library/src/main/java/org/apache/tez/http/SSLFactory.java
index e7a2dd0..203eb40 100644
--- a/tez-runtime-library/src/main/java/org/apache/tez/http/SSLFactory.java
+++ b/tez-runtime-library/src/main/java/org/apache/tez/http/SSLFactory.java
@@ -85,13 +85,13 @@ public class SSLFactory implements ConnectionConfigurator {
this.mode = mode;
requireClientCert = conf.getBoolean(SSL_REQUIRE_CLIENT_CERT_KEY,
DEFAULT_SSL_REQUIRE_CLIENT_CERT);
- Configuration sslConf = readSSLConfiguration(mode);
+ // Rest of ssl configs are pre-populated in incoming conf payload
+ conf.setBoolean(SSL_REQUIRE_CLIENT_CERT_KEY, requireClientCert);
Class<? extends KeyStoresFactory> klass
= conf.getClass(KEYSTORES_FACTORY_CLASS_KEY,
FileBasedKeyStoresFactory.class, KeyStoresFactory.class);
- keystoresFactory = ReflectionUtils.newInstance(klass, sslConf);
-
+ keystoresFactory = ReflectionUtils.newInstance(klass, conf);
enabledProtocols = conf.getStrings(SSL_ENABLED_PROTOCOLS, DEFAULT_SSL_ENABLED_PROTOCOLS);
}
diff --git a/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java b/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java
index 00bb20c..9c2f7c3 100644
--- a/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java
+++ b/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java
@@ -668,10 +668,11 @@ public class TezRuntimeConfiguration {
}
// Do NOT need all prefixes from the following list. Only specific ones are allowed
- // "hadoop.", "hadoop.security", "io.", "fs.", "ipc.", "net.", "file.", "dfs.", "ha.", "s3.", "nfs3.", "rpc."
+ // "hadoop.", "hadoop.security", "io.", "fs.", "ipc.", "net.", "file.", "dfs.", "ha.", "s3.", "nfs3.", "rpc.", "ssl."
allowedPrefixes.add("io.");
allowedPrefixes.add("file.");
allowedPrefixes.add("fs.");
+ allowedPrefixes.add("ssl.");
umnodifiableTezRuntimeKeySet = Collections.unmodifiableSet(tezRuntimeKeys);
unmodifiableOtherKeySet = Collections.unmodifiableSet(otherKeys);
diff --git a/tez-runtime-library/src/test/java/org/apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java b/tez-runtime-library/src/test/java/org/apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java
index bb75442..d04fa6d 100644
--- a/tez-runtime-library/src/test/java/org/apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java
+++ b/tez-runtime-library/src/test/java/org/apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java
@@ -58,6 +58,7 @@ public class TestUnorderedKVInputConfig {
fromConf.set("test.conf.key.1", "confkey1");
fromConf.setInt(TezRuntimeConfiguration.TEZ_RUNTIME_IFILE_READAHEAD_BYTES, 1111);
fromConf.set("io.shouldExist", "io");
+ fromConf.set("ssl.shouldExist", "ssl");
Map<String, String> additionalConf = new HashMap<String, String>();
additionalConf.put("test.key.2", "key2");
additionalConf.put(TezRuntimeConfiguration.TEZ_RUNTIME_IO_SORT_FACTOR, "3");
@@ -105,6 +106,7 @@ public class TestUnorderedKVInputConfig {
assertEquals("io", conf.get("io.shouldExist"));
assertEquals("file", conf.get("file.shouldExist"));
assertEquals("fs", conf.get("fs.shouldExist"));
+ assertEquals("ssl", conf.get("ssl.shouldExist"));
assertNull(conf.get("test.conf.key.1"));
assertNull(conf.get("test.key.1"));
assertNull(conf.get("test.key.2"));
diff --git a/tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java b/tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java
index 0fb07fc..6d34464 100644
--- a/tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java
+++ b/tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java
@@ -18,6 +18,7 @@
package org.apache.tez.test;
+import static org.apache.hadoop.security.ssl.SSLFactory.SSL_CLIENT_CONF_KEY;
import static org.junit.Assert.assertEquals;
import java.io.BufferedWriter;
@@ -133,6 +134,9 @@ public class TestSecureShuffle {
conf.setLong(TezConfiguration.TEZ_AM_SLEEP_TIME_BEFORE_EXIT_MILLIS, 500);
+ String sslConf = conf.get(SSL_CLIENT_CONF_KEY, "ssl-client.xml");
+ conf.addResource(sslConf);
+
miniTezCluster = new MiniTezCluster(TestSecureShuffle.class.getName() + "-" +
(enableSSLInCluster ? "withssl" : "withoutssl"), 1, 1, 1);