Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
atlas
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
dataplatform
atlas
Commits
85a5eeba
Commit
85a5eeba
authored
5 years ago
by
nixonrodrigues
Committed by
Sarath Subramanian
5 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ATLAS-3481 - Fix for trustore.password for Kafka in SSL
Change-Id: I9908e250afa98d7469e7f4b629e9cfab5923aff3 Signed-off-by:
Sarath Subramanian
<
sarath@apache.org
>
parent
e0afb12d
master
No related merge requests found
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
85 additions
and
31 deletions
+85
-31
SecurityUtil.java
...src/main/java/org/apache/atlas/security/SecurityUtil.java
+68
-0
KafkaNotification.java
...c/main/java/org/apache/atlas/kafka/KafkaNotification.java
+15
-0
SecureEmbeddedServer.java
...va/org/apache/atlas/web/service/SecureEmbeddedServer.java
+2
-31
No files found.
intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
0 → 100644
View file @
85a5eeba
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org
.
apache
.
atlas
.
security
;
import
org.apache.hadoop.conf.Configuration
;
import
org.apache.hadoop.security.alias.CredentialProvider
;
import
org.apache.hadoop.security.alias.CredentialProviderFactory
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
java.io.IOException
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
CERT_STORES_CREDENTIAL_PROVIDER_PATH
;
public
class
SecurityUtil
{
public
static
final
Logger
LOG
=
LoggerFactory
.
getLogger
(
SecurityUtil
.
class
);
/**
* Retrieves a password from a configured credential provider or prompts for the password and stores it in the
* configured credential provider.
* @param config application configuration
* @param key the key/alias for the password.
* @return the password.
* @throws IOException
*/
public
static
String
getPassword
(
org
.
apache
.
commons
.
configuration
.
Configuration
config
,
String
key
)
throws
IOException
{
String
password
;
String
provider
=
config
.
getString
(
CERT_STORES_CREDENTIAL_PROVIDER_PATH
);
if
(
provider
!=
null
)
{
LOG
.
info
(
"Attempting to retrieve password for key {} from configured credential provider path {}"
,
key
,
provider
);
Configuration
c
=
new
Configuration
();
c
.
set
(
CredentialProviderFactory
.
CREDENTIAL_PROVIDER_PATH
,
provider
);
CredentialProvider
credentialProvider
=
CredentialProviderFactory
.
getProviders
(
c
).
get
(
0
);
CredentialProvider
.
CredentialEntry
entry
=
credentialProvider
.
getCredentialEntry
(
key
);
if
(
entry
==
null
)
{
throw
new
IOException
(
String
.
format
(
"No credential entry found for %s. "
+
"Please create an entry in the configured credential provider"
,
key
));
}
else
{
password
=
String
.
valueOf
(
entry
.
getCredential
());
}
}
else
{
throw
new
IOException
(
"No credential provider path configured for storage of certificate store passwords"
);
}
return
password
;
}
}
This diff is collapsed.
Click to expand it.
notification/src/main/java/org/apache/atlas/kafka/KafkaNotification.java
View file @
85a5eeba
...
@@ -28,6 +28,8 @@ import org.apache.atlas.service.Service;
...
@@ -28,6 +28,8 @@ import org.apache.atlas.service.Service;
import
org.apache.commons.configuration.Configuration
;
import
org.apache.commons.configuration.Configuration
;
import
org.apache.commons.configuration.ConfigurationConverter
;
import
org.apache.commons.configuration.ConfigurationConverter
;
import
org.apache.commons.lang.StringUtils
;
import
org.apache.commons.lang.StringUtils
;
import
org.apache.hadoop.security.alias.CredentialProvider
;
import
org.apache.hadoop.security.alias.CredentialProviderFactory
;
import
org.apache.kafka.clients.consumer.ConsumerConfig
;
import
org.apache.kafka.clients.consumer.ConsumerConfig
;
import
org.apache.kafka.clients.producer.KafkaProducer
;
import
org.apache.kafka.clients.producer.KafkaProducer
;
import
org.apache.kafka.clients.producer.Producer
;
import
org.apache.kafka.clients.producer.Producer
;
...
@@ -41,9 +43,14 @@ import org.springframework.core.annotation.Order;
...
@@ -41,9 +43,14 @@ import org.springframework.core.annotation.Order;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
import
javax.inject.Inject
;
import
javax.inject.Inject
;
import
java.io.IOException
;
import
java.util.*
;
import
java.util.*
;
import
java.util.concurrent.Future
;
import
java.util.concurrent.Future
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
TRUSTSTORE_PASSWORD_KEY
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
TLS_ENABLED
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityUtil
.
getPassword
;
/**
/**
* Kafka specific access point to the Atlas notification framework.
* Kafka specific access point to the Atlas notification framework.
*/
*/
...
@@ -116,6 +123,14 @@ public class KafkaNotification extends AbstractNotification implements Service {
...
@@ -116,6 +123,14 @@ public class KafkaNotification extends AbstractNotification implements Service {
properties
.
put
(
"enable.auto.commit"
,
kafkaConf
.
getBoolean
(
"enable.auto.commit"
,
oldApiCommitEnableFlag
));
properties
.
put
(
"enable.auto.commit"
,
kafkaConf
.
getBoolean
(
"enable.auto.commit"
,
oldApiCommitEnableFlag
));
properties
.
put
(
"session.timeout.ms"
,
kafkaConf
.
getString
(
"session.timeout.ms"
,
"30000"
));
properties
.
put
(
"session.timeout.ms"
,
kafkaConf
.
getString
(
"session.timeout.ms"
,
"30000"
));
if
(
applicationProperties
.
getBoolean
(
TLS_ENABLED
,
false
))
{
try
{
properties
.
put
(
"ssl.truststore.password"
,
getPassword
(
applicationProperties
,
TRUSTSTORE_PASSWORD_KEY
));
}
catch
(
Exception
e
)
{
LOG
.
error
(
"Exception while getpassword truststore.password "
,
e
);
}
}
// if no value is specified for max.poll.records, set to 1
// if no value is specified for max.poll.records, set to 1
properties
.
put
(
"max.poll.records"
,
kafkaConf
.
getInt
(
"max.poll.records"
,
1
));
properties
.
put
(
"max.poll.records"
,
kafkaConf
.
getInt
(
"max.poll.records"
,
1
));
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
View file @
85a5eeba
...
@@ -21,6 +21,7 @@ package org.apache.atlas.web.service;
...
@@ -21,6 +21,7 @@ package org.apache.atlas.web.service;
import
org.apache.atlas.ApplicationProperties
;
import
org.apache.atlas.ApplicationProperties
;
import
org.apache.atlas.AtlasConfiguration
;
import
org.apache.atlas.AtlasConfiguration
;
import
org.apache.atlas.AtlasException
;
import
org.apache.atlas.AtlasException
;
import
org.apache.atlas.security.SecurityUtil
;
import
org.apache.commons.lang.StringUtils
;
import
org.apache.commons.lang.StringUtils
;
import
org.apache.hadoop.conf.Configuration
;
import
org.apache.hadoop.conf.Configuration
;
import
org.apache.hadoop.security.alias.CredentialProvider
;
import
org.apache.hadoop.security.alias.CredentialProvider
;
...
@@ -68,6 +69,7 @@ import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
...
@@ -68,6 +69,7 @@ import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
TRUSTSTORE_PASSWORD_KEY
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
TRUSTSTORE_PASSWORD_KEY
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
ATLAS_SSL_EXCLUDE_PROTOCOLS
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
ATLAS_SSL_EXCLUDE_PROTOCOLS
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
DEFAULT_EXCLUDE_PROTOCOLS
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
DEFAULT_EXCLUDE_PROTOCOLS
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityUtil
.
getPassword
;
/**
/**
...
@@ -142,38 +144,7 @@ public class SecureEmbeddedServer extends EmbeddedServer {
...
@@ -142,38 +144,7 @@ public class SecureEmbeddedServer extends EmbeddedServer {
return
sslConnector
;
return
sslConnector
;
}
}
/**
* Retrieves a password from a configured credential provider or prompts for the password and stores it in the
* configured credential provider.
* @param config application configuration
* @param key the key/alias for the password.
* @return the password.
* @throws IOException
*/
private
String
getPassword
(
org
.
apache
.
commons
.
configuration
.
Configuration
config
,
String
key
)
throws
IOException
{
String
password
;
String
provider
=
config
.
getString
(
CERT_STORES_CREDENTIAL_PROVIDER_PATH
);
if
(
provider
!=
null
)
{
LOG
.
info
(
"Attempting to retrieve password from configured credential provider path"
);
Configuration
c
=
new
Configuration
();
c
.
set
(
CredentialProviderFactory
.
CREDENTIAL_PROVIDER_PATH
,
provider
);
CredentialProvider
credentialProvider
=
CredentialProviderFactory
.
getProviders
(
c
).
get
(
0
);
CredentialProvider
.
CredentialEntry
entry
=
credentialProvider
.
getCredentialEntry
(
key
);
if
(
entry
==
null
)
{
throw
new
IOException
(
String
.
format
(
"No credential entry found for %s. "
+
"Please create an entry in the configured credential provider"
,
key
));
}
else
{
password
=
String
.
valueOf
(
entry
.
getCredential
());
}
}
else
{
throw
new
IOException
(
"No credential provider path configured for storage of certificate store passwords"
);
}
return
password
;
}
/**
/**
* Returns the application configuration.
* Returns the application configuration.
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment