[kudu] branch master updated: [python] KUDU-1921 Add ability to require auth/encryption

Wed, 18 Aug 2021 11:41:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

abukor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new 679c90c  [python] KUDU-1921 Add ability to require auth/encryption
679c90c is described below

commit 679c90c81492d1ba46964a5258679fd4ed028d6c
Author: Attila Bukor <[email protected]>
AuthorDate: Tue Jul 27 20:30:34 2021 +0200

    [python] KUDU-1921 Add ability to require auth/encryption
    
    Change-Id: I10173145611ad2991c0a1b173ecadc7141ae6f5e
    Reviewed-on: http://gerrit.cloudera.org:8080/17733
    Tested-by: Kudu Jenkins
    Reviewed-by: Alexey Serbin <[email protected]>
---
 python/kudu/__init__.py          | 16 +++++++++++++---
 python/kudu/client.pyx           | 20 +++++++++++++++++++-
 python/kudu/libkudu_client.pxd   |  9 +++++++++
 python/kudu/tests/test_client.py | 17 +++++++++++++----
 4 files changed, 54 insertions(+), 8 deletions(-)

diff --git a/python/kudu/__init__.py b/python/kudu/__init__.py
index ece031c..200d5ce 100644
--- a/python/kudu/__init__.py
+++ b/python/kudu/__init__.py
@@ -32,7 +32,10 @@ from kudu.client import (Client, Table, Scanner, Session,  # 
noqa
                          EXCLUSIVE_BOUND,
                          INCLUSIVE_BOUND,
                          CLIENT_SUPPORTS_DECIMAL,
-                         CLIENT_SUPPORTS_PANDAS)
+                         CLIENT_SUPPORTS_PANDAS,
+                         ENCRYPTION_REQUIRED_REMOTE,
+                         ENCRYPTION_REQUIRED,
+                         ENCRYPTION_OPTIONAL)
 
 from kudu.errors import (KuduException, KuduBadStatus, KuduNotFound,  # noqa
                          KuduNotSupported,
@@ -57,7 +60,8 @@ from kudu.schema import (int8, int16, int32, int64, string_ 
as string,  # noqa
                          ENCODING_DICT)
 
 
-def connect(host, port=7051, admin_timeout_ms=None, rpc_timeout_ms=None):
+def connect(host, port=7051, admin_timeout_ms=None, rpc_timeout_ms=None,
+            require_authentication=False, 
encryption_policy=ENCRYPTION_OPTIONAL):
     """
     Connect to a Kudu master server
 
@@ -72,6 +76,10 @@ def connect(host, port=7051, admin_timeout_ms=None, 
rpc_timeout_ms=None):
       Admin timeout in milliseconds
     rpc_timeout_ms : int, optional
       RPC timeout in milliseconds
+    require_authentication : bool, optional
+      Whether to require authentication
+    encryption_policy : enum, optional
+      Whether to require encryption
 
     Returns
     -------
@@ -95,7 +103,9 @@ def connect(host, port=7051, admin_timeout_ms=None, 
rpc_timeout_ms=None):
             addresses.append('{0}:{1}'.format(host, port))
 
     return Client(addresses, admin_timeout_ms=admin_timeout_ms,
-                  rpc_timeout_ms=rpc_timeout_ms)
+                  rpc_timeout_ms=rpc_timeout_ms,
+                  encryption_policy=encryption_policy,
+                  require_authentication=require_authentication)
 
 
 def timedelta(seconds=0, millis=0, micros=0, nanos=0):
diff --git a/python/kudu/client.pyx b/python/kudu/client.pyx
index f26fafc..1a09fbb 100644
--- a/python/kudu/client.pyx
+++ b/python/kudu/client.pyx
@@ -75,6 +75,16 @@ cdef dict _read_modes = {
     'read_your_writes': ReadMode_ReadYourWrites
 }
 
+ENCRYPTION_OPTIONAL = EncryptionPolicy_Optional
+ENCRYPTION_REQUIRED_REMOTE = EncryptionPolicy_RequiredRemote
+ENCRYPTION_REQUIRED = EncryptionPolicy_Required
+
+cdef dict _encryption_policies = {
+    'optional': EncryptionPolicy_Optional,
+    'required_remote': EncryptionPolicy_RequiredRemote,
+    'required': EncryptionPolicy_Required
+}
+
 cdef dict _type_names = {
     KUDU_INT8 : "KUDU_INT8",
     KUDU_INT16 : "KUDU_INT16",
@@ -281,7 +291,9 @@ cdef class Client:
     """
 
     def __cinit__(self, addr_or_addrs, admin_timeout_ms=None,
-                  rpc_timeout_ms=None, sasl_protocol_name=None):
+                  rpc_timeout_ms=None, sasl_protocol_name=None,
+                  require_authentication=False,
+                  encryption_policy=ENCRYPTION_OPTIONAL):
         cdef:
             string c_addr
             vector[string] c_addrs
@@ -326,6 +338,12 @@ cdef class Client:
         if sasl_protocol_name is not None:
             builder.sasl_protocol_name(sasl_protocol_name)
 
+        if require_authentication:
+            builder.require_authentication(require_authentication)
+
+        builder.encryption_policy(encryption_policy)
+
+
         check_status(builder.Build(&self.client))
 
         # A convenience
diff --git a/python/kudu/libkudu_client.pxd b/python/kudu/libkudu_client.pxd
index aa91cd7..22cb249 100644
--- a/python/kudu/libkudu_client.pxd
+++ b/python/kudu/libkudu_client.pxd
@@ -538,6 +538,11 @@ cdef extern from "kudu/client/client.h" namespace 
"kudu::client" nogil:
         PartitionType_Exclusive " 
kudu::client::KuduTableCreator::EXCLUSIVE_BOUND"
         PartitionType_Inclusive " 
kudu::client::KuduTableCreator::INCLUSIVE_BOUND"
 
+    enum EncryptionPolicy" kudu::client::KuduClientBuilder::EncryptionPolicy":
+        EncryptionPolicy_Optional " 
kudu::client::KuduClientBuilder::EncryptionPolicy::OPTIONAL"
+        EncryptionPolicy_RequiredRemote " 
kudu::client::KuduClientBuilder::EncryptionPolicy::REQUIRED_REMOTE"
+        EncryptionPolicy_Required " 
kudu::client::KuduClientBuilder::EncryptionPolicy::REQUIRED"
+
     Status DisableOpenSSLInitialization()
 
     cdef cppclass KuduClient:
@@ -579,6 +584,10 @@ cdef extern from "kudu/client/client.h" namespace 
"kudu::client" nogil:
 
         KuduClientBuilder& sasl_protocol_name(const string& sasl_protocol_name)
 
+        KuduClientBuilder& require_authentication(c_bool 
require_authentication)
+
+        KuduClientBuilder& encryption_policy(EncryptionPolicy 
encryption_policy)
+
         Status Build(shared_ptr[KuduClient]* client)
 
     cdef cppclass KuduTabletServer:
diff --git a/python/kudu/tests/test_client.py b/python/kudu/tests/test_client.py
index 6305285..184eca6 100755
--- a/python/kudu/tests/test_client.py
+++ b/python/kudu/tests/test_client.py
@@ -18,7 +18,8 @@
 
 from kudu.compat import unittest, long
 from kudu.tests.common import KuduTestBase
-from kudu.client import Partitioning
+from kudu.client import (Partitioning, ENCRYPTION_OPTIONAL, 
ENCRYPTION_REQUIRED,
+                         ENCRYPTION_REQUIRED_REMOTE)
 import kudu
 import datetime
 from pytz import utc
@@ -338,9 +339,7 @@ class TestClient(KuduTestBase, unittest.TestCase):
 
     def test_connect_timeouts(self):
         # it works! any other way to check
-        kudu.connect(self.master_hosts, self.master_ports,
-                     admin_timeout_ms=1000,
-                     rpc_timeout_ms=1000)
+        kudu.connect(self.master_hosts, self.master_ports, 
admin_timeout_ms=1000, rpc_timeout_ms=1000)
 
     def test_capture_kudu_error(self):
         pass
@@ -501,6 +500,16 @@ class TestClient(KuduTestBase, unittest.TestCase):
         alterer.add_range_partition()
         table = alterer.alter()
 
+    def test_require_encryption(self):
+        client = kudu.connect(self.master_hosts, self.master_ports,
+                              encryption_policy=ENCRYPTION_REQUIRED)
+
+    def test_require_authn(self):
+        # Kerberos is not enabled on the cluster, so requiring
+        # authentication is expected to fail.
+        with self.assertRaises(kudu.KuduBadStatus):
+            client = kudu.connect(self.master_hosts, self.master_ports,
+                     require_authentication=True)
 
 class TestMonoDelta(unittest.TestCase):

Reply via email to