This is an automated email from the ASF dual-hosted git repository.
sarath pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/master by this push:
new 85a5eeb ATLAS-3481 - Fix for trustore.password for Kafka in SSL
85a5eeb is described below
commit 85a5eeba1701abf6ff8f852174194307f4a892ae
Author: nixonrodrigues <[email protected]>
AuthorDate: Mon Oct 21 17:08:04 2019 +0530
ATLAS-3481 - Fix for trustore.password for Kafka in SSL
Change-Id: I9908e250afa98d7469e7f4b629e9cfab5923aff3
Signed-off-by: Sarath Subramanian <[email protected]>
---
.../org/apache/atlas/security/SecurityUtil.java | 68 ++++++++++++++++++++++
.../org/apache/atlas/kafka/KafkaNotification.java | 15 +++++
.../atlas/web/service/SecureEmbeddedServer.java | 33 +----------
3 files changed, 85 insertions(+), 31 deletions(-)
diff --git a/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
b/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
new file mode 100644
index 0000000..082c637
--- /dev/null
+++ b/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.security;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+
+import static
org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
+
+public class SecurityUtil {
+
+ public static final Logger LOG =
LoggerFactory.getLogger(SecurityUtil.class);
+
+ /**
+ * Retrieves a password from a configured credential provider or prompts
for the password and stores it in the
+ * configured credential provider.
+ * @param config application configuration
+ * @param key the key/alias for the password.
+ * @return the password.
+ * @throws IOException
+ */
+ public static String
getPassword(org.apache.commons.configuration.Configuration config, String key)
throws IOException {
+
+ String password;
+
+ String provider =
config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
+ if (provider != null) {
+ LOG.info("Attempting to retrieve password for key {} from
configured credential provider path {}", key, provider);
+ Configuration c = new Configuration();
+ c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
provider);
+ CredentialProvider credentialProvider =
CredentialProviderFactory.getProviders(c).get(0);
+ CredentialProvider.CredentialEntry entry =
credentialProvider.getCredentialEntry(key);
+ if (entry == null) {
+ throw new IOException(String.format("No credential entry found
for %s. "
+ + "Please create an entry in the configured credential
provider", key));
+ } else {
+ password = String.valueOf(entry.getCredential());
+ }
+
+ } else {
+ throw new IOException("No credential provider path configured for
storage of certificate store passwords");
+ }
+
+ return password;
+ }
+
+
+}
diff --git
a/notification/src/main/java/org/apache/atlas/kafka/KafkaNotification.java
b/notification/src/main/java/org/apache/atlas/kafka/KafkaNotification.java
index 46c68be..11a29b9 100644
--- a/notification/src/main/java/org/apache/atlas/kafka/KafkaNotification.java
+++ b/notification/src/main/java/org/apache/atlas/kafka/KafkaNotification.java
@@ -28,6 +28,8 @@ import org.apache.atlas.service.Service;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationConverter;
import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.kafka.clients.consumer.ConsumerConfig;
import org.apache.kafka.clients.producer.KafkaProducer;
import org.apache.kafka.clients.producer.Producer;
@@ -41,9 +43,14 @@ import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.inject.Inject;
+import java.io.IOException;
import java.util.*;
import java.util.concurrent.Future;
+import static
org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
+import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
+import static org.apache.atlas.security.SecurityUtil.getPassword;
+
/**
* Kafka specific access point to the Atlas notification framework.
*/
@@ -116,6 +123,14 @@ public class KafkaNotification extends
AbstractNotification implements Service {
properties.put("enable.auto.commit",
kafkaConf.getBoolean("enable.auto.commit", oldApiCommitEnableFlag));
properties.put("session.timeout.ms",
kafkaConf.getString("session.timeout.ms", "30000"));
+ if(applicationProperties.getBoolean(TLS_ENABLED, false)) {
+ try {
+ properties.put("ssl.truststore.password",
getPassword(applicationProperties, TRUSTSTORE_PASSWORD_KEY));
+ } catch (Exception e) {
+ LOG.error("Exception while getpassword truststore.password ",
e);
+ }
+ }
+
// if no value is specified for max.poll.records, set to 1
properties.put("max.poll.records",
kafkaConf.getInt("max.poll.records", 1));
diff --git
a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index 4ee8526..34086ae 100755
---
a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++
b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -21,6 +21,7 @@ package org.apache.atlas.web.service;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasConfiguration;
import org.apache.atlas.AtlasException;
+import org.apache.atlas.security.SecurityUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.alias.CredentialProvider;
@@ -68,6 +69,7 @@ import static
org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
import static
org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
import static
org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_PROTOCOLS;
import static
org.apache.atlas.security.SecurityProperties.DEFAULT_EXCLUDE_PROTOCOLS;
+import static org.apache.atlas.security.SecurityUtil.getPassword;
/**
@@ -142,38 +144,7 @@ public class SecureEmbeddedServer extends EmbeddedServer {
return sslConnector;
}
- /**
- * Retrieves a password from a configured credential provider or prompts
for the password and stores it in the
- * configured credential provider.
- * @param config application configuration
- * @param key the key/alias for the password.
- * @return the password.
- * @throws IOException
- */
- private String getPassword(org.apache.commons.configuration.Configuration
config, String key) throws IOException {
-
- String password;
-
- String provider =
config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
- if (provider != null) {
- LOG.info("Attempting to retrieve password from configured
credential provider path");
- Configuration c = new Configuration();
- c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
provider);
- CredentialProvider credentialProvider =
CredentialProviderFactory.getProviders(c).get(0);
- CredentialProvider.CredentialEntry entry =
credentialProvider.getCredentialEntry(key);
- if (entry == null) {
- throw new IOException(String.format("No credential entry found
for %s. "
- + "Please create an entry in the configured credential
provider", key));
- } else {
- password = String.valueOf(entry.getCredential());
- }
- } else {
- throw new IOException("No credential provider path configured for
storage of certificate store passwords");
- }
-
- return password;
- }
/**
* Returns the application configuration.
