apache-ignite

1
# Licensed to the Apache Software Foundation (ASF) under one or more
2
# contributor license agreements.  See the NOTICE file distributed with
3
# this work for additional information regarding copyright ownership.
4
# The ASF licenses this file to You under the Apache License, Version 2.0
5
# (the "License"); you may not use this file except in compliance with
6
# the License.  You may obtain a copy of the License at
7
#
8
#    http://www.apache.org/licenses/LICENSE-2.0
9
#
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS,
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
# See the License for the specific language governing permissions and
14
# limitations under the License
15

16
"""
17
This module contains classes and utilities for Ignite SslContextFactory.
18
"""
19
import os
20

21
IGNITE_SERVER_ALIAS = 'server'
22
IGNITE_CLIENT_ALIAS = 'client'
23
IGNITE_ADMIN_ALIAS = 'admin'
24

25
DEFAULT_SERVER_KEYSTORE = 'server.jks'
26
DEFAULT_CLIENT_KEYSTORE = 'client.jks'
27
DEFAULT_ADMIN_KEYSTORE = 'admin.jks'
28
DEFAULT_PASSWORD = "123456"
29
DEFAULT_TRUSTSTORE = "truststore.jks"
30

31
SSL_PARAMS_KEY = "params"
32
SSL_KEY = "ssl"
33
ENABLED_KEY = "enabled"
34

35
default_keystore = {
36
    IGNITE_SERVER_ALIAS: DEFAULT_SERVER_KEYSTORE,
37
    IGNITE_CLIENT_ALIAS: DEFAULT_CLIENT_KEYSTORE,
38
    IGNITE_ADMIN_ALIAS: DEFAULT_ADMIN_KEYSTORE
39
}
40

41

42
class SslParams:
43
    """
44
    Params for Ignite SslContextFactory.
45
    """
46

47
    def __init__(self, root_dir: str, key_store_jks: str = None, key_store_password: str = DEFAULT_PASSWORD,
48
                 trust_store_jks: str = DEFAULT_TRUSTSTORE, trust_store_password: str = DEFAULT_PASSWORD,
49
                 key_store_path: str = None, trust_store_path: str = None, cipher_suites: str = None,
50
                 trust_managers: str = None):
51
        if not key_store_jks and not key_store_path:
52
            raise Exception("Keystore must be specified to init SslParams")
53

54
        self.key_store_path = key_store_path if key_store_path else os.path.join(root_dir, key_store_jks)
55
        self.key_store_password = key_store_password
56
        self.trust_store_path = trust_store_path if trust_store_path else os.path.join(root_dir, trust_store_jks)
57
        self.trust_store_password = trust_store_password
58
        self.cipher_suites = cipher_suites
59
        self.trust_managers = trust_managers
60

61

62
def get_ssl_params(_globals: dict, shared_root: str, alias: str):
63
    """
64
    Gets SSL params from Globals
65
    Structure may be found in modules/ducktests/tests/checks/utils/check_get_ssl_params.py
66

67
    There are three possible interactions with a cluster in a ducktape, each of them has its own alias,
68
    which corresponds to keystore:
69
    Ignite(clientMode = False) - server
70
    Ignite(clientMode = True) - client
71
    ControlUtility - admin
72

73
    If we enable SSL in globals, these SSL params will be injected in corresponding
74
    configuration
75
    You can also override keystore corresponding to alias throw globals
76

77
    Default keystores for these services are generated automaticaly on creating envoriment
78
    If you specyfy ssl_params in test, you override globals
79
    """
80

81
    if SSL_PARAMS_KEY in _globals[SSL_KEY] and alias in _globals[SSL_KEY][SSL_PARAMS_KEY]:
82
        ssl_param = _globals[SSL_KEY][SSL_PARAMS_KEY][alias]
83
    elif alias in default_keystore:
84
        ssl_param = {'key_store_jks': default_keystore[alias]}
85
    else:
86
        raise Exception("We don't have SSL params for: " + alias)
87

88
    return SslParams(shared_root, **ssl_param) if ssl_param else None
89

90

91
def is_ssl_enabled(_globals: dict):
92
    """
93
    Return True if SSL enabled throw globals
94
    :param _globals:
95
    :return: bool
96
    """
97
    return SSL_KEY in _globals and _globals[SSL_KEY][ENABLED_KEY]
98