Re: [PR] MINIFICPP-2470 Add SSL and mTLS authentication support to CouchbaseClusterService [nifi-minifi-cpp]

via GitHub Mon, 25 Nov 2024 01:13:40 -0800


fgerlits commented on code in PR #1882:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1882#discussion_r1856195255



##########
docker/test/integration/cluster/containers/CouchbaseServerContainer.py:
##########
@@ -12,19 +12,72 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import os
+import OpenSSL.crypto
+import tempfile
+import docker
+import requests
+import logging
+from requests.auth import HTTPBasicAuth
 from .Container import Container
 from utils import retry_check
+from ssl_utils.SSL_cert_utils import make_server_cert
 
 
 class CouchbaseServerContainer(Container):
-    def __init__(self, feature_context, name, vols, network, image_store, 
command=None):
-        super().__init__(feature_context, name, 'couchbase-server', vols, 
network, image_store, command)
+    def __init__(self, feature_context, name, vols, network, image_store, 
command=None, ssl=False):
+        self.ssl = ssl
+        engine = "couchbase-server" if not ssl else "couchbase-server-ssl"
+        super().__init__(feature_context, name, engine, vols, network, 
image_store, command)
+        couchbase_cert, couchbase_key = 
make_server_cert(f"couchbase-server-{feature_context.id}", 
feature_context.root_ca_cert, feature_context.root_ca_key)
+
+        self.root_ca_file = tempfile.NamedTemporaryFile(delete=False)
+        
self.root_ca_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
 cert=feature_context.root_ca_cert))
+        self.root_ca_file.close()
+        os.chmod(self.root_ca_file.name, 0o666)
+
+        self.couchbase_cert_file = tempfile.NamedTemporaryFile(delete=False)
+        
self.couchbase_cert_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
 cert=couchbase_cert))
+        self.couchbase_cert_file.close()
+        os.chmod(self.couchbase_cert_file.name, 0o666)
+
+        self.couchbase_key_file = tempfile.NamedTemporaryFile(delete=False)
+        
self.couchbase_key_file.write(OpenSSL.crypto.dump_privatekey(type=OpenSSL.crypto.FILETYPE_PEM,
 pkey=couchbase_key))
+        self.couchbase_key_file.close()
+        os.chmod(self.couchbase_key_file.name, 0o666)
 
     def get_startup_finished_log_entry(self):
         # after startup the logs are only available in the container, only 
this message is shown
         return "logs available in"
 
+    @retry_check(12, 5)

Review Comment:
   can you make the same change at `_load_couchbase_certs()`, too, please?



##########
docker/test/integration/cluster/containers/CouchbaseServerContainer.py:
##########
@@ -12,19 +12,72 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import os
+import OpenSSL.crypto
+import tempfile
+import docker
+import requests
+import logging
+from requests.auth import HTTPBasicAuth
 from .Container import Container
 from utils import retry_check
+from ssl_utils.SSL_cert_utils import make_server_cert
 
 
 class CouchbaseServerContainer(Container):
-    def __init__(self, feature_context, name, vols, network, image_store, 
command=None):
-        super().__init__(feature_context, name, 'couchbase-server', vols, 
network, image_store, command)
+    def __init__(self, feature_context, name, vols, network, image_store, 
command=None, ssl=False):
+        self.ssl = ssl
+        engine = "couchbase-server" if not ssl else "couchbase-server-ssl"
+        super().__init__(feature_context, name, engine, vols, network, 
image_store, command)
+        couchbase_cert, couchbase_key = 
make_server_cert(f"couchbase-server-{feature_context.id}", 
feature_context.root_ca_cert, feature_context.root_ca_key)
+
+        self.root_ca_file = tempfile.NamedTemporaryFile(delete=False)
+        
self.root_ca_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
 cert=feature_context.root_ca_cert))
+        self.root_ca_file.close()
+        os.chmod(self.root_ca_file.name, 0o666)
+
+        self.couchbase_cert_file = tempfile.NamedTemporaryFile(delete=False)
+        
self.couchbase_cert_file.write(OpenSSL.crypto.dump_certificate(type=OpenSSL.crypto.FILETYPE_PEM,
 cert=couchbase_cert))
+        self.couchbase_cert_file.close()
+        os.chmod(self.couchbase_cert_file.name, 0o666)
+
+        self.couchbase_key_file = tempfile.NamedTemporaryFile(delete=False)
+        
self.couchbase_key_file.write(OpenSSL.crypto.dump_privatekey(type=OpenSSL.crypto.FILETYPE_PEM,
 pkey=couchbase_key))
+        self.couchbase_key_file.close()
+        os.chmod(self.couchbase_key_file.name, 0o666)

Review Comment:
   the `ssl=False` parameter could be removed, as well



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] MINIFICPP-2470 Add SSL and mTLS authentication support to CouchbaseClusterService [nifi-minifi-cpp]

Reply via email to