ACCUMULO-3129 Pass credential provider into client configuration and set non-empty truststore password.
Making a non-empty password for the truststore makes things a bit more reliable to actually work (I think empty passwords are disallowed by the CredentialProvider impls). If the client is also using a CredentialProvider, the ClientConfiguration also needs this property. Adding the extra value to the enum passes it from accumulo-site.xml into the generate client.conf by AbstractMacIT. Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/7f62ec1b Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/7f62ec1b Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/7f62ec1b Branch: refs/heads/master Commit: 7f62ec1b37dc1e8fe7512358360dcb591b0ba224 Parents: e455005 Author: Josh Elser <els...@apache.org> Authored: Mon Sep 15 20:26:02 2014 -0400 Committer: Josh Elser <els...@apache.org> Committed: Mon Sep 15 20:26:02 2014 -0400 ---------------------------------------------------------------------- .../core/client/ClientConfiguration.java | 33 ++++++++++---------- .../accumulo/test/functional/AbstractMacIT.java | 5 ++- .../test/functional/SslWithClientAuthIT.java | 2 +- 3 files changed, 22 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/7f62ec1b/core/src/main/java/org/apache/accumulo/core/client/ClientConfiguration.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/client/ClientConfiguration.java b/core/src/main/java/org/apache/accumulo/core/client/ClientConfiguration.java index b0ae537..b64fab4 100644 --- a/core/src/main/java/org/apache/accumulo/core/client/ClientConfiguration.java +++ b/core/src/main/java/org/apache/accumulo/core/client/ClientConfiguration.java @@ -34,7 +34,7 @@ import org.apache.commons.configuration.PropertiesConfiguration; /** * Contains a list of property keys recognized by the Accumulo client and convenience methods for setting them. - * + * * @since 1.6.0 */ public class ClientConfiguration extends CompositeConfiguration { @@ -50,6 +50,7 @@ public class ClientConfiguration extends CompositeConfiguration { RPC_SSL_KEYSTORE_PASSWORD(Property.RPC_SSL_KEYSTORE_PASSWORD), RPC_SSL_KEYSTORE_TYPE(Property.RPC_SSL_KEYSTORE_TYPE), RPC_USE_JSSE(Property.RPC_USE_JSSE), + GENERAL_SECURITY_CREDENTIAL_PROVIDER_PATHS(Property.GENERAL_SECURITY_CREDENTIAL_PROVIDER_PATHS), INSTANCE_RPC_SSL_CLIENT_AUTH(Property.INSTANCE_RPC_SSL_CLIENT_AUTH), INSTANCE_RPC_SSL_ENABLED(Property.INSTANCE_RPC_SSL_ENABLED), INSTANCE_ZK_HOST(Property.INSTANCE_ZK_HOST), @@ -110,7 +111,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Iterates through the Configuration objects, populating this object. - * + * * @see PropertiesConfiguration * @see #loadDefault() */ @@ -123,10 +124,10 @@ public class ClientConfiguration extends CompositeConfiguration { * Attempts to load a configuration file from the system. Uses the "ACCUMULO_CLIENT_CONF_PATH" environment variable, split on File.pathSeparator, for a list * of target files. If not set, uses the following in this order- ~/.accumulo/config $ACCUMULO_CONF_DIR/client.conf -OR- $ACCUMULO_HOME/conf/client.conf * (depending on whether $ACCUMULO_CONF_DIR is set) /etc/accumulo/client.conf - * + * * A client configuration will then be read from each location using PropertiesConfiguration to construct a configuration. That means the latest item will be * the one in the configuration. - * + * * @see PropertiesConfiguration * @see File#pathSeparator */ @@ -196,7 +197,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Returns the value for prop, the default value if not present. - * + * */ public String get(ClientProperty prop) { if (this.containsKey(prop.getKey())) @@ -207,7 +208,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Sets the value of property to value - * + * */ public void setProperty(ClientProperty prop, String value) { this.setProperty(prop.getKey(), value); @@ -223,7 +224,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #with(ClientProperty, String)} for ClientProperty.INSTANCE_NAME - * + * */ public ClientConfiguration withInstance(String instanceName) { ArgumentChecker.notNull(instanceName); @@ -232,7 +233,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #with(ClientProperty, String)} for ClientProperty.INSTANCE_ID - * + * */ public ClientConfiguration withInstance(UUID instanceId) { ArgumentChecker.notNull(instanceId); @@ -241,7 +242,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #with(ClientProperty, String)} for ClientProperty.INSTANCE_ZK_HOST - * + * */ public ClientConfiguration withZkHosts(String zooKeepers) { ArgumentChecker.notNull(zooKeepers); @@ -250,7 +251,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #with(ClientProperty, String)} for ClientProperty.INSTANCE_ZK_TIMEOUT - * + * */ public ClientConfiguration withZkTimeout(int timeout) { return with(ClientProperty.INSTANCE_ZK_TIMEOUT, String.valueOf(timeout)); @@ -258,7 +259,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #withSsl(boolean, boolean)} with useJsseConfig set to false - * + * */ public ClientConfiguration withSsl(boolean sslEnabled) { return withSsl(sslEnabled, false); @@ -266,7 +267,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #with(ClientProperty, String)} for ClientProperty.INSTANCE_RPC_SSL_ENABLED and ClientProperty.RPC_USE_JSSE - * + * */ public ClientConfiguration withSsl(boolean sslEnabled, boolean useJsseConfig) { return with(ClientProperty.INSTANCE_RPC_SSL_ENABLED, String.valueOf(sslEnabled)).with(ClientProperty.RPC_USE_JSSE, String.valueOf(useJsseConfig)); @@ -274,7 +275,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #withTruststore(String)} with password null and type null - * + * */ public ClientConfiguration withTruststore(String path) { return withTruststore(path, null, null); @@ -283,7 +284,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #with(ClientProperty, String)} for ClientProperty.RPC_SSL_TRUSTORE_PATH, ClientProperty.RPC_SSL_TRUSTORE_PASSWORD, and * ClientProperty.RPC_SSL_TRUSTORE_TYPE - * + * */ public ClientConfiguration withTruststore(String path, String password, String type) { ArgumentChecker.notNull(path); @@ -297,7 +298,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #withKeystore(String, String, String)} with password null and type null - * + * */ public ClientConfiguration withKeystore(String path) { return withKeystore(path, null, null); @@ -306,7 +307,7 @@ public class ClientConfiguration extends CompositeConfiguration { /** * Same as {@link #with(ClientProperty, String)} for ClientProperty.INSTANCE_RPC_SSL_CLIENT_AUTH, ClientProperty.RPC_SSL_KEYSTORE_PATH, * ClientProperty.RPC_SSL_KEYSTORE_PASSWORD, and ClientProperty.RPC_SSL_KEYSTORE_TYPE - * + * */ public ClientConfiguration withKeystore(String path, String password, String type) { ArgumentChecker.notNull(path); http://git-wip-us.apache.org/repos/asf/accumulo/blob/7f62ec1b/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java b/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java index 415682b..22e46ff 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java @@ -102,9 +102,11 @@ public abstract class AbstractMacIT { File rootKeystoreFile = new File(sslDir, "root-" + cfg.getInstanceName() + ".jks"); File localKeystoreFile = new File(sslDir, "local-" + cfg.getInstanceName() + ".jks"); File publicTruststoreFile = new File(sslDir, "public-" + cfg.getInstanceName() + ".jks"); + final String rootKeystorePassword = "root_keystore_password", truststorePassword = "truststore_password"; try { new CertUtils(Property.RPC_SSL_KEYSTORE_TYPE.getDefaultValue(), "o=Apache Accumulo,cn=MiniAccumuloCluster", "RSA", 2048, "sha1WithRSAEncryption") - .createAll(rootKeystoreFile, localKeystoreFile, publicTruststoreFile, cfg.getInstanceName(), "root_keystore_password", cfg.getRootPassword(), ""); + .createAll(rootKeystoreFile, localKeystoreFile, publicTruststoreFile, cfg.getInstanceName(), rootKeystorePassword, cfg.getRootPassword(), + truststorePassword); } catch (Exception e) { throw new RuntimeException("error creating MAC keystore", e); } @@ -113,6 +115,7 @@ public abstract class AbstractMacIT { siteConfig.put(Property.RPC_SSL_KEYSTORE_PATH.getKey(), localKeystoreFile.getAbsolutePath()); siteConfig.put(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey(), cfg.getRootPassword()); siteConfig.put(Property.RPC_SSL_TRUSTSTORE_PATH.getKey(), publicTruststoreFile.getAbsolutePath()); + siteConfig.put(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey(), truststorePassword); cfg.setSiteConfig(siteConfig); } http://git-wip-us.apache.org/repos/asf/accumulo/blob/7f62ec1b/test/src/test/java/org/apache/accumulo/test/functional/SslWithClientAuthIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/SslWithClientAuthIT.java b/test/src/test/java/org/apache/accumulo/test/functional/SslWithClientAuthIT.java index 4c49b1b..8745707 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/SslWithClientAuthIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/SslWithClientAuthIT.java @@ -42,7 +42,7 @@ public class SslWithClientAuthIT extends SslIT { @Override protected int defaultTimeoutSeconds() { - return 6 * 60; + return 8 * 60; } @Override
