This is an automated email from the ASF dual-hosted git repository.
rbalamohan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tez.git
The following commit(s) were added to refs/heads/master by this push:
new 8c8458f TEZ-4096: SSLFactory should pickup configs from incoming conf
payload (rbalamohan, reviewed by gopalv)
8c8458f is described below
commit 8c8458f69fec315837feede20bcabb1131ab3835
Author: Rajesh Balamohan <[email protected]>
AuthorDate: Sat Nov 9 05:50:09 2019 +0530
TEZ-4096: SSLFactory should pickup configs from incoming conf payload
(rbalamohan, reviewed by gopalv)
---
.../src/main/java/org/apache/tez/http/SSLFactory.java | 6 +++---
.../org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java | 3 ++-
.../apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java | 2 ++
tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java | 4 ++++
4 files changed, 11 insertions(+), 4 deletions(-)
diff --git
a/tez-runtime-library/src/main/java/org/apache/tez/http/SSLFactory.java
b/tez-runtime-library/src/main/java/org/apache/tez/http/SSLFactory.java
index e7a2dd0..203eb40 100644
--- a/tez-runtime-library/src/main/java/org/apache/tez/http/SSLFactory.java
+++ b/tez-runtime-library/src/main/java/org/apache/tez/http/SSLFactory.java
@@ -85,13 +85,13 @@ public class SSLFactory implements ConnectionConfigurator {
this.mode = mode;
requireClientCert = conf.getBoolean(SSL_REQUIRE_CLIENT_CERT_KEY,
DEFAULT_SSL_REQUIRE_CLIENT_CERT);
- Configuration sslConf = readSSLConfiguration(mode);
+ // Rest of ssl configs are pre-populated in incoming conf payload
+ conf.setBoolean(SSL_REQUIRE_CLIENT_CERT_KEY, requireClientCert);
Class<? extends KeyStoresFactory> klass
= conf.getClass(KEYSTORES_FACTORY_CLASS_KEY,
FileBasedKeyStoresFactory.class, KeyStoresFactory.class);
- keystoresFactory = ReflectionUtils.newInstance(klass, sslConf);
-
+ keystoresFactory = ReflectionUtils.newInstance(klass, conf);
enabledProtocols = conf.getStrings(SSL_ENABLED_PROTOCOLS,
DEFAULT_SSL_ENABLED_PROTOCOLS);
}
diff --git
a/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java
b/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java
index 00bb20c..9c2f7c3 100644
---
a/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java
+++
b/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/api/TezRuntimeConfiguration.java
@@ -668,10 +668,11 @@ public class TezRuntimeConfiguration {
}
// Do NOT need all prefixes from the following list. Only specific ones
are allowed
- // "hadoop.", "hadoop.security", "io.", "fs.", "ipc.", "net.", "file.",
"dfs.", "ha.", "s3.", "nfs3.", "rpc."
+ // "hadoop.", "hadoop.security", "io.", "fs.", "ipc.", "net.", "file.",
"dfs.", "ha.", "s3.", "nfs3.", "rpc.", "ssl."
allowedPrefixes.add("io.");
allowedPrefixes.add("file.");
allowedPrefixes.add("fs.");
+ allowedPrefixes.add("ssl.");
umnodifiableTezRuntimeKeySet = Collections.unmodifiableSet(tezRuntimeKeys);
unmodifiableOtherKeySet = Collections.unmodifiableSet(otherKeys);
diff --git
a/tez-runtime-library/src/test/java/org/apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java
b/tez-runtime-library/src/test/java/org/apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java
index bb75442..d04fa6d 100644
---
a/tez-runtime-library/src/test/java/org/apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java
+++
b/tez-runtime-library/src/test/java/org/apache/tez/runtime/library/conf/TestUnorderedKVInputConfig.java
@@ -58,6 +58,7 @@ public class TestUnorderedKVInputConfig {
fromConf.set("test.conf.key.1", "confkey1");
fromConf.setInt(TezRuntimeConfiguration.TEZ_RUNTIME_IFILE_READAHEAD_BYTES,
1111);
fromConf.set("io.shouldExist", "io");
+ fromConf.set("ssl.shouldExist", "ssl");
Map<String, String> additionalConf = new HashMap<String, String>();
additionalConf.put("test.key.2", "key2");
additionalConf.put(TezRuntimeConfiguration.TEZ_RUNTIME_IO_SORT_FACTOR,
"3");
@@ -105,6 +106,7 @@ public class TestUnorderedKVInputConfig {
assertEquals("io", conf.get("io.shouldExist"));
assertEquals("file", conf.get("file.shouldExist"));
assertEquals("fs", conf.get("fs.shouldExist"));
+ assertEquals("ssl", conf.get("ssl.shouldExist"));
assertNull(conf.get("test.conf.key.1"));
assertNull(conf.get("test.key.1"));
assertNull(conf.get("test.key.2"));
diff --git a/tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java
b/tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java
index 0fb07fc..6d34464 100644
--- a/tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java
+++ b/tez-tests/src/test/java/org/apache/tez/test/TestSecureShuffle.java
@@ -18,6 +18,7 @@
package org.apache.tez.test;
+import static org.apache.hadoop.security.ssl.SSLFactory.SSL_CLIENT_CONF_KEY;
import static org.junit.Assert.assertEquals;
import java.io.BufferedWriter;
@@ -133,6 +134,9 @@ public class TestSecureShuffle {
conf.setLong(TezConfiguration.TEZ_AM_SLEEP_TIME_BEFORE_EXIT_MILLIS, 500);
+ String sslConf = conf.get(SSL_CLIENT_CONF_KEY, "ssl-client.xml");
+ conf.addResource(sslConf);
+
miniTezCluster = new MiniTezCluster(TestSecureShuffle.class.getName() +
"-" +
(enableSSLInCluster ? "withssl" : "withoutssl"), 1, 1, 1);
