apache-ignite
97 строк · 3.7 Кб
1# Licensed to the Apache Software Foundation (ASF) under one or more
2# contributor license agreements. See the NOTICE file distributed with
3# this work for additional information regarding copyright ownership.
4# The ASF licenses this file to You under the Apache License, Version 2.0
5# (the "License"); you may not use this file except in compliance with
6# the License. You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License
15
16"""
17This module contains classes and utilities for Ignite SslContextFactory.
18"""
19import os
20
21IGNITE_SERVER_ALIAS = 'server'
22IGNITE_CLIENT_ALIAS = 'client'
23IGNITE_ADMIN_ALIAS = 'admin'
24
25DEFAULT_SERVER_KEYSTORE = 'server.jks'
26DEFAULT_CLIENT_KEYSTORE = 'client.jks'
27DEFAULT_ADMIN_KEYSTORE = 'admin.jks'
28DEFAULT_PASSWORD = "123456"
29DEFAULT_TRUSTSTORE = "truststore.jks"
30
31SSL_PARAMS_KEY = "params"
32SSL_KEY = "ssl"
33ENABLED_KEY = "enabled"
34
35default_keystore = {
36IGNITE_SERVER_ALIAS: DEFAULT_SERVER_KEYSTORE,
37IGNITE_CLIENT_ALIAS: DEFAULT_CLIENT_KEYSTORE,
38IGNITE_ADMIN_ALIAS: DEFAULT_ADMIN_KEYSTORE
39}
40
41
42class SslParams:
43"""
44Params for Ignite SslContextFactory.
45"""
46
47def __init__(self, root_dir: str, key_store_jks: str = None, key_store_password: str = DEFAULT_PASSWORD,
48trust_store_jks: str = DEFAULT_TRUSTSTORE, trust_store_password: str = DEFAULT_PASSWORD,
49key_store_path: str = None, trust_store_path: str = None, cipher_suites: str = None,
50trust_managers: str = None):
51if not key_store_jks and not key_store_path:
52raise Exception("Keystore must be specified to init SslParams")
53
54self.key_store_path = key_store_path if key_store_path else os.path.join(root_dir, key_store_jks)
55self.key_store_password = key_store_password
56self.trust_store_path = trust_store_path if trust_store_path else os.path.join(root_dir, trust_store_jks)
57self.trust_store_password = trust_store_password
58self.cipher_suites = cipher_suites
59self.trust_managers = trust_managers
60
61
62def get_ssl_params(_globals: dict, shared_root: str, alias: str):
63"""
64Gets SSL params from Globals
65Structure may be found in modules/ducktests/tests/checks/utils/check_get_ssl_params.py
66
67There are three possible interactions with a cluster in a ducktape, each of them has its own alias,
68which corresponds to keystore:
69Ignite(clientMode = False) - server
70Ignite(clientMode = True) - client
71ControlUtility - admin
72
73If we enable SSL in globals, these SSL params will be injected in corresponding
74configuration
75You can also override keystore corresponding to alias throw globals
76
77Default keystores for these services are generated automaticaly on creating envoriment
78If you specyfy ssl_params in test, you override globals
79"""
80
81if SSL_PARAMS_KEY in _globals[SSL_KEY] and alias in _globals[SSL_KEY][SSL_PARAMS_KEY]:
82ssl_param = _globals[SSL_KEY][SSL_PARAMS_KEY][alias]
83elif alias in default_keystore:
84ssl_param = {'key_store_jks': default_keystore[alias]}
85else:
86raise Exception("We don't have SSL params for: " + alias)
87
88return SslParams(shared_root, **ssl_param) if ssl_param else None
89
90
91def is_ssl_enabled(_globals: dict):
92"""
93Return True if SSL enabled throw globals
94:param _globals:
95:return: bool
96"""
97return SSL_KEY in _globals and _globals[SSL_KEY][ENABLED_KEY]
98