lordgamez commented on code in PR #1882:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1882#discussion_r1856169529
##########
docker/test/integration/cluster/containers/CouchbaseServerContainer.py:
##########
@@ -12,19 +12,72 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+import os
+import OpenSSL.crypto
+import tempfile
+import docker
+import requests
+import logging
+from requests.auth import HTTPBasicAuth
from .Container import Container
from utils import retry_check
+from ssl_utils.SSL_cert_utils import make_server_cert
class CouchbaseServerContainer(Container):
- def __init__(self, feature_context, name, vols, network, image_store,
command=None):
- super().__init__(feature_context, name, 'couchbase-server', vols,
network, image_store, command)
+ def __init__(self, feature_context, name, vols, network, image_store,
command=None, ssl=False):
+ self.ssl = ssl
+ engine = "couchbase-server" if not ssl else "couchbase-server-ssl"
+ super().__init__(feature_context, name, engine, vols, network,
image_store, command)
+ couchbase_cert, couchbase_key =
make_server_cert(f"couchbase-server-{feature_context.id}",
feature_context.root_ca_cert, feature_context.root_ca_key)
+
+ self.root_ca_file = tempfile.NamedTemporaryFile(delete=False)
+
self.root_ca_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
cert=feature_context.root_ca_cert))
+ self.root_ca_file.close()
+ os.chmod(self.root_ca_file.name, 0o666)
+
+ self.couchbase_cert_file = tempfile.NamedTemporaryFile(delete=False)
+
self.couchbase_cert_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
cert=couchbase_cert))
+ self.couchbase_cert_file.close()
+ os.chmod(self.couchbase_cert_file.name, 0o666)
+
+ self.couchbase_key_file = tempfile.NamedTemporaryFile(delete=False)
+
self.couchbase_key_file.write(OpenSSL.crypto.dump_privatekey(type=OpenSSL.crypto.FILETYPE_PEM,
pkey=couchbase_key))
+ self.couchbase_key_file.close()
+ os.chmod(self.couchbase_key_file.name, 0o666)
Review Comment:
The ssl flag should not be needed anymore, as the couchbase server is
configured to serve both ssl and non-ssl clients, removed the ssl flag in
https://github.com/apache/nifi-minifi-cpp/pull/1882/commits/c3519585ea81b9d4c89383e5138be9d37980a99e
##########
docker/test/integration/cluster/containers/CouchbaseServerContainer.py:
##########
@@ -12,19 +12,72 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+import os
+import OpenSSL.crypto
+import tempfile
+import docker
+import requests
+import logging
+from requests.auth import HTTPBasicAuth
from .Container import Container
from utils import retry_check
+from ssl_utils.SSL_cert_utils import make_server_cert
class CouchbaseServerContainer(Container):
- def __init__(self, feature_context, name, vols, network, image_store,
command=None):
- super().__init__(feature_context, name, 'couchbase-server', vols,
network, image_store, command)
+ def __init__(self, feature_context, name, vols, network, image_store,
command=None, ssl=False):
+ self.ssl = ssl
+ engine = "couchbase-server" if not ssl else "couchbase-server-ssl"
+ super().__init__(feature_context, name, engine, vols, network,
image_store, command)
+ couchbase_cert, couchbase_key =
make_server_cert(f"couchbase-server-{feature_context.id}",
feature_context.root_ca_cert, feature_context.root_ca_key)
+
+ self.root_ca_file = tempfile.NamedTemporaryFile(delete=False)
+
self.root_ca_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
cert=feature_context.root_ca_cert))
+ self.root_ca_file.close()
+ os.chmod(self.root_ca_file.name, 0o666)
+
+ self.couchbase_cert_file = tempfile.NamedTemporaryFile(delete=False)
+
self.couchbase_cert_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
cert=couchbase_cert))
+ self.couchbase_cert_file.close()
+ os.chmod(self.couchbase_cert_file.name, 0o666)
+
+ self.couchbase_key_file = tempfile.NamedTemporaryFile(delete=False)
+
self.couchbase_key_file.write(OpenSSL.crypto.dump_privatekey(type=OpenSSL.crypto.FILETYPE_PEM,
pkey=couchbase_key))
+ self.couchbase_key_file.close()
+ os.chmod(self.couchbase_key_file.name, 0o666)
def get_startup_finished_log_entry(self):
# after startup the logs are only available in the container, only
this message is shown
return "logs available in"
+ @retry_check(12, 5)
Review Comment:
Updated in
https://github.com/apache/nifi-minifi-cpp/pull/1882/commits/c3519585ea81b9d4c89383e5138be9d37980a99e
##########
docker/test/integration/cluster/containers/CouchbaseServerContainer.py:
##########
@@ -12,19 +12,72 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+import os
+import OpenSSL.crypto
+import tempfile
+import docker
+import requests
+import logging
+from requests.auth import HTTPBasicAuth
from .Container import Container
from utils import retry_check
+from ssl_utils.SSL_cert_utils import make_server_cert
class CouchbaseServerContainer(Container):
- def __init__(self, feature_context, name, vols, network, image_store,
command=None):
- super().__init__(feature_context, name, 'couchbase-server', vols,
network, image_store, command)
+ def __init__(self, feature_context, name, vols, network, image_store,
command=None, ssl=False):
+ self.ssl = ssl
+ engine = "couchbase-server" if not ssl else "couchbase-server-ssl"
+ super().__init__(feature_context, name, engine, vols, network,
image_store, command)
+ couchbase_cert, couchbase_key =
make_server_cert(f"couchbase-server-{feature_context.id}",
feature_context.root_ca_cert, feature_context.root_ca_key)
+
+ self.root_ca_file = tempfile.NamedTemporaryFile(delete=False)
+
self.root_ca_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
cert=feature_context.root_ca_cert))
+ self.root_ca_file.close()
+ os.chmod(self.root_ca_file.name, 0o666)
+
+ self.couchbase_cert_file = tempfile.NamedTemporaryFile(delete=False)
+
self.couchbase_cert_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
cert=couchbase_cert))
+ self.couchbase_cert_file.close()
+ os.chmod(self.couchbase_cert_file.name, 0o666)
+
+ self.couchbase_key_file = tempfile.NamedTemporaryFile(delete=False)
+
self.couchbase_key_file.write(OpenSSL.crypto.dump_privatekey(type=OpenSSL.crypto.FILETYPE_PEM,
pkey=couchbase_key))
+ self.couchbase_key_file.close()
+ os.chmod(self.couchbase_key_file.name, 0o666)
def get_startup_finished_log_entry(self):
# after startup the logs are only available in the container, only
this message is shown
return "logs available in"
+ @retry_check(12, 5)
+ def _run_couchbase_cli_command(self, command):
+ (code, _) = self.client.containers.get(self.name).exec_run(command)
+ if code != 0:
+ logging.error(f"Failed to run command '{command}', returned error
code: {code}")
+ return False
+ return True
+
+ def _run_couchbase_cli_commands(self, commands):
+ for command in commands:
+ if not self._run_couchbase_cli_command(command):
+ return False
+ return True
Review Comment:
Updated in
https://github.com/apache/nifi-minifi-cpp/pull/1882/commits/c3519585ea81b9d4c89383e5138be9d37980a99e
##########
docker/test/integration/features/steps/steps.py:
##########
@@ -1384,6 +1384,34 @@ def step_impl(context, service_name):
container.add_controller(couchbase_cluster_controller_service)
+@given("a CouchbaseClusterService is setup up with SSL connection with the
name \"{service_name}\"")
Review Comment:
Updated in
https://github.com/apache/nifi-minifi-cpp/pull/1882/commits/c3519585ea81b9d4c89383e5138be9d37980a99e
##########
extensions/couchbase/controllerservices/CouchbaseClusterService.cpp:
##########
@@ -50,6 +50,50 @@ CouchbaseErrorType getErrorType(const std::error_code&
error_code) {
} // namespace
+CouchbaseClient::CouchbaseClient(std::string connection_string, std::string
username, std::string password, minifi::controllers::SSLContextService*
ssl_context_service,
+ const std::shared_ptr<core::logging::Logger>& logger)
+ : connection_string_(std::move(connection_string)), logger_(logger),
cluster_options_(buildClusterOptions(std::move(username), std::move(password),
ssl_context_service)) {
+}
+
+::couchbase::cluster_options CouchbaseClient::buildClusterOptions(std::string
username, std::string password, minifi::controllers::SSLContextService*
ssl_context_service) {
+ if (username.empty() && (!ssl_context_service || (ssl_context_service &&
ssl_context_service->getCertificateFile().empty()))) {
+ throw minifi::Exception(ExceptionType::PROCESS_SCHEDULE_EXCEPTION,
"Neither username and password nor SSLContextService is provided for Couchbase
authentication");
+ }
+
+ if (!username.empty() && ssl_context_service &&
!ssl_context_service->getCertificateFile().empty()) {
+ throw minifi::Exception(ExceptionType::PROCESS_SCHEDULE_EXCEPTION,
"Username and password authentication or mTLS authentication using certificate
defined in SSLContextService "
+ "linked service should be provided exclusively for Couchbase");
Review Comment:
Updated in
https://github.com/apache/nifi-minifi-cpp/pull/1882/commits/c3519585ea81b9d4c89383e5138be9d37980a99e
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
