[
https://issues.apache.org/jira/browse/ZOOKEEPER-3689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17046889#comment-17046889
]
Sankalp Bhatia edited comment on ZOOKEEPER-3689 at 2/27/20 6:52 PM:
--------------------------------------------------------------------
Hi [~eolivelli] , [~rndgstn]
Instead of setting system properties, how about we add a simple constructor to
the ZookeeperAdmin class like
{code:java}
public ZooKeeperAdmin(String connectString, int sessionTimeout, Watcher
watcher, boolean canBeReadOnly, ZKClientConfig clientConfig) throws IOException
{
super(connectString, sessionTimeout, watcher, canBeReadOnly, clientConfig);
}
{code}
and then create the ZookeeperAdmin instance with something like
{code:java}
zk = new ZooKeeperAdmin(host, Integer.parseInt(cl.getOption("timeout")), new
MyWatcher(), new ZKClientConfig(cl.getOption("client-configuration-file")),
readOnly);
{code}
I saw an instance where a client had to choose between having the readOnly flag
and setting clientConfig because of not having a constructor with both fields;
clientConfig and canBeReadOnly. Ref:
[https://tiny.amazon.com/k989fzab/githapackafkblob342fcoresrc]
Also, this looks like a good first contribution opportunity for a newbie. Do
you mind if i assign it to myself?
Thanks,
Sankalp
was (Author: sankalpbhatia):
Hi [~eolivelli] , [~rndgstn]
Instead of setting system properties, how about we add a simple constructor to
the ZookeeperAdmin class like
{code:java}
public ZooKeeperAdmin(String connectString, int sessionTimeout, Watcher
watcher, ZKClientConfig clientConfig, boolean canBeReadOnly) throws IOException
{
super(connectString, sessionTimeout, watcher, canBeReadOnly, clientConfig);
}
{code}
and then create the ZookeeperAdmin instance with something like
{code:java}
zk = new ZooKeeperAdmin(host, Integer.parseInt(cl.getOption("timeout")), new
MyWatcher(), new ZKClientConfig(cl.getOption("client-configuration-file")),
readOnly);
{code}
I saw an instance where a client had to choose between having the readOnly flag
and setting clientConfig because of not having a constructor with both fields;
clientConfig and canBeReadOnly. Ref:
[https://tiny.amazon.com/k989fzab/githapackafkblob342fcoresrc]
Also, this looks like a good first contribution opportunity for a newbie. Do
you mind if i assign it to myself?
Thanks,
Sankalp
> zkCli/ZooKeeperMain relies on system properties for TLS config
> --------------------------------------------------------------
>
> Key: ZOOKEEPER-3689
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3689
> Project: ZooKeeper
> Issue Type: New Feature
> Components: security, server
> Affects Versions: 3.6.0, 3.5.5, 3.5.6
> Reporter: Ron Dagostino
> Priority: Major
>
> The command line client to ZooKeeper (org.apache.zookeeper.ZooKeeperMain,
> invoked via bin/zkCli.{bat,sh}) has no facility for accepting TLS client
> configuration (e.g. keystore/truststore location and password) except via
> system properties. System properties must be passed on the command line as
> "-D" arguments and are inherently not secure. There should be a way to pass
> the client TLS configuration to org.apache.zookeeper.ZooKeeperMain in a more
> secure way (e.g. via a file).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
