hasnain-db opened a new pull request, #43998:
URL: https://github.com/apache/spark/pull/43998
### What changes were proposed in this pull request?
This PR adds a separate way of configuring the private key for RPC SSL
support when using openssl.
### Why are the changes needed?
Right now with config inheritance we support:
* JKS with password A, PEM with password B
* JKS with no password, PEM with password A
* JKS and PEM with no password
But we do not support the case where JKS has a password and PEM does not. If
we set `keyPassword` we will attempt to use it, and cannot set
`spark.ssl.rpc.keyPassword` to null to override the password. So let's make it
a separate flag as the easiest workaround.
This was noticed while migrating some existing deployments to the RPC SSL
support where we use openssl support for RPC and use a key with no password
### Does this PR introduce _any_ user-facing change?
Yes, this affects how the (currently unreleased) RPC SSL feature is
configured going forward
### How was this patch tested?
Updated test configs to match the issue I saw, which would fail
`SSLFactory.init()` saying key was invalid. Tests now pass.
```
build/sbt
> project network-common
> testOnly
> project network-shuffle
> testOnly
> project core
> test *Ssl*
```
### Was this patch authored or co-authored using generative AI tooling?
No
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
