diff --git a/dolphinscheduler-alert/dolphinscheduler-alert-server/src/main/resources/application.yaml b/dolphinscheduler-alert/dolphinscheduler-alert-server/src/main/resources/application.yaml index 927cbc3c2ce6..63f192940e3e 100644 --- a/dolphinscheduler-alert/dolphinscheduler-alert-server/src/main/resources/application.yaml +++ b/dolphinscheduler-alert/dolphinscheduler-alert-server/src/main/resources/application.yaml @@ -88,7 +88,9 @@ registry: session-timeout: 60s connection-timeout: 15s block-until-connected: 15s - digest: ~ + authorization: + digest: ~ + metrics: enabled: true diff --git a/dolphinscheduler-api/src/main/resources/application.yaml b/dolphinscheduler-api/src/main/resources/application.yaml index 9b0e94d64451..ee5ca199e6aa 100644 --- a/dolphinscheduler-api/src/main/resources/application.yaml +++ b/dolphinscheduler-api/src/main/resources/application.yaml @@ -126,7 +126,8 @@ registry: session-timeout: 60s connection-timeout: 15s block-until-connected: 15s - digest: ~ + authorization: + digest: ~ api: audit-enable: false diff --git a/dolphinscheduler-master/src/main/resources/application.yaml b/dolphinscheduler-master/src/main/resources/application.yaml index a4ce4b882837..dfd21429854f 100644 --- a/dolphinscheduler-master/src/main/resources/application.yaml +++ b/dolphinscheduler-master/src/main/resources/application.yaml @@ -80,7 +80,8 @@ registry: session-timeout: 60s connection-timeout: 15s block-until-connected: 15s - digest: ~ + authorization: + digest: ~ master: listen-port: 5678 diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/README.md b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/README.md index 7ee512a451d7..3fd0fdfc4fba 100644 --- a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/README.md +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/README.md @@ -20,7 +20,8 @@ registry: connection-timeout: 9s block-until-connected: 600ms # The following options are set according to personal needs - digest: ~ + authorization: + digest: ~ ``` After do this config, you can start your DolphinScheduler cluster, your cluster will use zookeeper as registry center to diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistry.java b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistry.java index d02b5f3c0c0b..e814b8ec45b4 100644 --- a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistry.java +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistry.java @@ -52,8 +52,6 @@ import lombok.NonNull; import lombok.extern.slf4j.Slf4j; -import com.google.common.base.Strings; - @Slf4j final class ZookeeperRegistry implements Registry { @@ -80,9 +78,10 @@ final class ZookeeperRegistry implements Registry { .sessionTimeoutMs(DurationUtils.toMillisInt(properties.getSessionTimeout())) .connectionTimeoutMs(DurationUtils.toMillisInt(properties.getConnectionTimeout())); - final String digest = properties.getDigest(); - if (!Strings.isNullOrEmpty(digest)) { - builder.authorization("digest", digest.getBytes(StandardCharsets.UTF_8)) + if (properties.getAuthorization().size() > 0) { + final String schema = properties.getAuthorization().keySet().stream().findFirst().get(); + final String schemaValue = properties.getAuthorization().get(schema); + builder.authorization(schema.toLowerCase(), schemaValue.getBytes(StandardCharsets.UTF_8)) .aclProvider(new ACLProvider() { @Override @@ -96,6 +95,7 @@ public List getAclForPath(final String path) { } }); } + client = builder.build(); } diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryProperties.java b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryProperties.java index c5b27d8b8807..327f8369b920 100644 --- a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryProperties.java +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryProperties.java @@ -20,6 +20,8 @@ import org.apache.commons.lang3.StringUtils; import java.time.Duration; +import java.util.HashMap; +import java.util.Map; import lombok.AllArgsConstructor; import lombok.Data; @@ -79,6 +81,9 @@ public void validate(Object target, Errors errors) { || zookeeper.getBlockUntilConnected().isNegative()) { errors.rejectValue("zookeeper.blockUntilConnected", "", "zookeeper.blockUntilConnected should be positive"); } + if (zookeeper.getAuthorization() != null && zookeeper.getAuthorization().size() != 1) { + errors.rejectValue("zookeeper.authorization", "", "zookeeper.authorization should be unique"); + } printConfig(); } @@ -88,10 +93,11 @@ private void printConfig() { "\n namespace -> " + zookeeper.getNamespace() + "\n connectString -> " + zookeeper.getConnectString() + "\n retryPolicy -> " + zookeeper.getRetryPolicy() + - "\n digest -> " + zookeeper.getDigest() + + "\n authorization -> " + zookeeper.getAuthorization() + "\n sessionTimeout -> " + zookeeper.getSessionTimeout() + "\n connectionTimeout -> " + zookeeper.getConnectionTimeout() + "\n blockUntilConnected -> " + zookeeper.getBlockUntilConnected() + + "\n authorization -> " + zookeeper.getAuthorization() + "\n****************************ZookeeperRegistryProperties**************************************"; log.info(config); } @@ -102,7 +108,7 @@ public static final class ZookeeperProperties { private String namespace = "dolphinscheduler"; private String connectString; private RetryPolicy retryPolicy = new RetryPolicy(); - private String digest; + private Map authorization = new HashMap<>(); private Duration sessionTimeout = Duration.ofSeconds(60); private Duration connectionTimeout = Duration.ofSeconds(15); private Duration blockUntilConnected = Duration.ofSeconds(15); diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryDigestTestCase.java b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryDigestTestCase.java new file mode 100644 index 000000000000..b3f00f2ca46a --- /dev/null +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryDigestTestCase.java @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.plugin.registry.zookeeper; + +import org.apache.dolphinscheduler.plugin.registry.RegistryTestCase; + +import org.apache.zookeeper.ZooDefs; +import org.apache.zookeeper.ZooKeeper; +import org.apache.zookeeper.client.ZKClientConfig; +import org.apache.zookeeper.data.ACL; +import org.apache.zookeeper.data.Id; +import org.apache.zookeeper.server.DumbWatcher; +import org.apache.zookeeper.server.auth.DigestAuthenticationProvider; + +import java.util.Collections; +import java.util.stream.Stream; + +import lombok.SneakyThrows; + +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ActiveProfiles; +import org.testcontainers.containers.GenericContainer; +import org.testcontainers.containers.Network; +import org.testcontainers.lifecycle.Startables; +import org.testcontainers.utility.DockerImageName; + +@ActiveProfiles("digest") +@SpringBootTest(classes = ZookeeperRegistryProperties.class) +@SpringBootApplication(scanBasePackageClasses = ZookeeperRegistryProperties.class) +public class ZookeeperRegistryDigestTestCase extends RegistryTestCase { + + @Autowired + private ZookeeperRegistryProperties zookeeperRegistryProperties; + + private static GenericContainer zookeeperContainer; + + private static final Network NETWORK = Network.newNetwork(); + + private static ZooKeeper zk; + + private static final String ROOT_USER = "root"; + + private static final String ROOT_PASSWORD = "root_passwd"; + + private static final String ID_PASSWORD = String.format("%s:%s", ROOT_USER, ROOT_PASSWORD); + + private static void setupRootACLForDigest(final ZooKeeper zk) throws Exception { + final String digest = DigestAuthenticationProvider.generateDigest(ID_PASSWORD); + final ACL acl = new ACL(ZooDefs.Perms.ALL, new Id("digest", digest)); + zk.setACL("/", Collections.singletonList(acl), -1); + } + + @SneakyThrows + @BeforeAll + public static void setUpTestingServer() { + zookeeperContainer = new GenericContainer<>(DockerImageName.parse("zookeeper:3.8")) + .withNetwork(NETWORK) + .withExposedPorts(2181); + Startables.deepStart(Stream.of(zookeeperContainer)).join(); + System.clearProperty("registry.zookeeper.connect-string"); + System.setProperty("registry.zookeeper.connect-string", "localhost:" + zookeeperContainer.getMappedPort(2181)); + zk = new ZooKeeper("localhost:" + zookeeperContainer.getMappedPort(2181), + 30000, new DumbWatcher(), new ZKClientConfig()); + setupRootACLForDigest(zk); + } + + @SneakyThrows + @Override + public ZookeeperRegistry createRegistry() { + return new ZookeeperRegistry(zookeeperRegistryProperties); + } + + @SneakyThrows + @AfterAll + public static void tearDownTestingServer() { + zk.close(); + zookeeperContainer.close(); + } +} diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryX509TestCase.java b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryX509TestCase.java new file mode 100644 index 000000000000..b13295469dd8 --- /dev/null +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryX509TestCase.java @@ -0,0 +1,302 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.plugin.registry.zookeeper; + +import org.apache.dolphinscheduler.plugin.registry.RegistryTestCase; + +import java.net.Socket; +import java.nio.charset.StandardCharsets; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeoutException; +import java.util.stream.Stream; + +import lombok.SneakyThrows; + +import org.apache.zookeeper.WatchedEvent; +import org.apache.zookeeper.Watcher; +import org.apache.zookeeper.ZooDefs; +import org.apache.zookeeper.ZooKeeper; +import org.apache.zookeeper.client.ZKClientConfig; +import org.apache.zookeeper.common.ClientX509Util; +import org.apache.zookeeper.common.QuorumX509Util; +import org.apache.zookeeper.common.Time; +import org.apache.zookeeper.common.X509Exception; +import org.apache.zookeeper.data.ACL; +import org.apache.zookeeper.data.Id; +import org.apache.zookeeper.server.DumbWatcher; +import org.apache.zookeeper.server.NettyServerCnxnFactory; +import org.apache.zookeeper.server.ServerCnxnFactory; +import org.apache.zookeeper.server.admin.Commands; +import org.apache.zookeeper.server.auth.DigestAuthenticationProvider; +import org.apache.zookeeper.server.auth.ProviderRegistry; +import org.apache.zookeeper.server.auth.X509AuthenticationProvider; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ActiveProfiles; +import org.testcontainers.containers.GenericContainer; +import org.testcontainers.containers.Network; +import org.testcontainers.lifecycle.Startables; +import org.testcontainers.utility.DockerImageName; + +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.X509KeyManager; +import javax.net.ssl.X509TrustManager; + +import static org.junit.jupiter.api.Assertions.fail; + +@ActiveProfiles("x509") +@SpringBootTest(classes = ZookeeperRegistryProperties.class) +@SpringBootApplication(scanBasePackageClasses = ZookeeperRegistryProperties.class) +class ZookeeperRegistryX509TestCase extends RegistryTestCase { + + @Autowired + private ZookeeperRegistryProperties zookeeperRegistryProperties; + + private static GenericContainer zookeeperContainer; + + private static final Network NETWORK = Network.newNetwork(); + + private static ZooKeeper zk; + + private static final String X509_SCHEMA = "x509"; + + private static final String X509_SUBJECT_PRINCIPAL = "CN=localhost,OU=ZooKeeper,O=Apache,L=Unknown,ST=Unknown,C=Unknown"; + + private static final ClientX509Util clientX509Util = new ClientX509Util(); + + private static final QuorumX509Util quorumX509Util = new QuorumX509Util(); + + public static class CountdownWatcher implements Watcher { + + // TODO this doesn't need to be volatile! (Should probably be final) + volatile CountDownLatch clientConnected; + // Set to true when connected to a read-only server, or a read-write (quorum) server. + volatile boolean connected; + // Set to true when connected to a quorum server. + volatile boolean syncConnected; + // Set to true when connected to a quorum server in read-only mode + volatile boolean readOnlyConnected; + + public CountdownWatcher() { + reset(); + } + public synchronized void reset() { + clientConnected = new CountDownLatch(1); + connected = false; + syncConnected = false; + readOnlyConnected = false; + } + public synchronized void process(WatchedEvent event) { + Event.KeeperState state = event.getState(); + if (state == Event.KeeperState.SyncConnected) { + connected = true; + syncConnected = true; + readOnlyConnected = false; + } else if (state == Event.KeeperState.ConnectedReadOnly) { + connected = true; + syncConnected = false; + readOnlyConnected = true; + } else { + connected = false; + syncConnected = false; + readOnlyConnected = false; + } + + notifyAll(); + if (connected) { + clientConnected.countDown(); + } + } + public synchronized boolean isConnected() { + return connected; + } + + protected synchronized String connectionDescription() { + return String.format("connected(%s), syncConnected(%s), readOnlyConnected(%s)", + connected, syncConnected, readOnlyConnected); + } + + public synchronized void waitForConnected(long timeout) throws InterruptedException, TimeoutException { + long expire = Time.currentElapsedTime() + timeout; + long left = timeout; + while (!connected && left > 0) { + wait(left); + left = expire - Time.currentElapsedTime(); + } + if (!connected) { + throw new TimeoutException("Failed to connect to ZooKeeper server: " + connectionDescription()); + } + } + public synchronized void waitForSyncConnected(long timeout) throws InterruptedException, TimeoutException { + long expire = Time.currentElapsedTime() + timeout; + long left = timeout; + while (!syncConnected && left > 0) { + wait(left); + left = expire - Time.currentElapsedTime(); + } + if (!syncConnected) { + throw new TimeoutException( + "Failed to connect to read-write ZooKeeper server: " + + connectionDescription()); + } + } + public synchronized void waitForReadOnlyConnected(long timeout) throws InterruptedException, TimeoutException { + long expire = Time.currentElapsedTime() + timeout; + long left = timeout; + while (!readOnlyConnected && left > 0) { + wait(left); + left = expire - Time.currentElapsedTime(); + } + if (!readOnlyConnected) { + throw new TimeoutException( + "Failed to connect in read-only mode to ZooKeeper server: " + + connectionDescription()); + } + } + public synchronized void waitForDisconnected(long timeout) throws InterruptedException, TimeoutException { + long expire = Time.currentElapsedTime() + timeout; + long left = timeout; + while (connected && left > 0) { + wait(left); + left = expire - Time.currentElapsedTime(); + } + if (connected) { + throw new TimeoutException("Did not disconnect: " + connectionDescription()); + } + } + + } + + private static void setupTLS() throws Exception { + System.setProperty("zookeeper.authProvider.x509", "org.apache.zookeeper.server.auth.X509AuthenticationProvider"); + String testDataPath = System.getProperty("test.data.dir", "src/test/resources"); + + System.setProperty(clientX509Util.getSslKeystoreLocationProperty(), testDataPath + "/ssl/testKeyStore.jks"); + System.setProperty(clientX509Util.getSslKeystorePasswdProperty(), "testpass"); + System.setProperty(clientX509Util.getSslTruststoreLocationProperty(), testDataPath + "/ssl/testTrustStore.jks"); + System.setProperty(clientX509Util.getSslTruststorePasswdProperty(), "testpass"); + + // client + System.setProperty(ZKClientConfig.ZOOKEEPER_CLIENT_CNXN_SOCKET, "org.apache.zookeeper.ClientCnxnSocketNetty"); + System.setProperty(ZKClientConfig.SECURE_CLIENT, "true"); + + // server + System.setProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY, "org.apache.zookeeper.server.NettyServerCnxnFactory"); + System.setProperty(NettyServerCnxnFactory.PORT_UNIFICATION_KEY, Boolean.TRUE.toString()); + + // admin server + System.setProperty(quorumX509Util.getSslKeystoreLocationProperty(), testDataPath + "/ssl/testKeyStore.jks"); + System.setProperty(quorumX509Util.getSslKeystorePasswdProperty(), "testpass"); + System.setProperty(quorumX509Util.getSslTruststoreLocationProperty(), testDataPath + "/ssl/testTrustStore.jks"); + System.setProperty(quorumX509Util.getSslTruststorePasswdProperty(), "testpass"); + System.setProperty("zookeeper.admin.forceHttps", "true"); + System.setProperty("zookeeper.admin.needClientAuth", "true"); + + // create SSLContext + final SSLContext sslContext = SSLContext.getInstance(ClientX509Util.DEFAULT_PROTOCOL); + final X509AuthenticationProvider authProvider = (X509AuthenticationProvider) ProviderRegistry.getProvider("x509"); + if (authProvider == null) { + throw new X509Exception.SSLContextException("Could not create SSLContext with x509 auth provider"); + } + sslContext.init(new X509KeyManager[]{authProvider.getKeyManager()}, new X509TrustManager[]{authProvider.getTrustManager()}, null); + + // set SSLSocketFactory + HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); + } + + private static void clearTLS() { + System.clearProperty("zookeeper.authProvider.x509"); + + System.clearProperty(clientX509Util.getSslKeystoreLocationProperty()); + System.clearProperty(clientX509Util.getSslKeystorePasswdProperty()); + System.clearProperty(clientX509Util.getSslTruststoreLocationProperty()); + System.clearProperty(clientX509Util.getSslTruststorePasswdProperty()); + + // client side + System.clearProperty(ZKClientConfig.ZOOKEEPER_CLIENT_CNXN_SOCKET); + System.clearProperty(ZKClientConfig.SECURE_CLIENT); + + // server side + System.clearProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY); + System.clearProperty(NettyServerCnxnFactory.PORT_UNIFICATION_KEY); + + // admin server + System.clearProperty(quorumX509Util.getSslKeystoreLocationProperty()); + System.clearProperty(quorumX509Util.getSslKeystorePasswdProperty()); + System.clearProperty(quorumX509Util.getSslTruststoreLocationProperty()); + System.clearProperty(quorumX509Util.getSslTruststorePasswdProperty()); + System.clearProperty("zookeeper.admin.forceHttps"); + System.clearProperty("zookeeper.admin.needClientAuth"); + } + + public static void addAuthInfoForX509(final ZooKeeper zk) { + zk.addAuthInfo(X509_SCHEMA, X509_SUBJECT_PRINCIPAL.getBytes(StandardCharsets.UTF_8)); + } + + private static void setupRootACLForX509(final ZooKeeper zk) throws Exception { + final ACL acl = new ACL(ZooDefs.Perms.ALL, new Id(X509_SCHEMA, X509_SUBJECT_PRINCIPAL)); + zk.setACL("/", Collections.singletonList(acl), -1); + } + + @SneakyThrows + @BeforeAll + public static void setUpTestingServer() { + + + String testDataPath = System.getProperty("test.data.dir", "src/test/resources"); + zookeeperContainer = new GenericContainer<>(DockerImageName.parse("zookeeper:3.8")) + .withNetwork(NETWORK) + .withExposedPorts(2181) + ; + + setupTLS(); + + Startables.deepStart(Stream.of(zookeeperContainer)).join(); + System.clearProperty("registry.zookeeper.connect-string"); + System.setProperty("registry.zookeeper.connect-string", "localhost:" + zookeeperContainer.getMappedPort(2181)); + zk = new ZooKeeper("localhost:" + zookeeperContainer.getMappedPort(2181), + 30000, new CountdownWatcher(), new ZKClientConfig()); + addAuthInfoForX509(zk); + setupRootACLForX509(zk); + + } + + @SneakyThrows + @Override + public ZookeeperRegistry createRegistry() { + return new ZookeeperRegistry(zookeeperRegistryProperties); + } + + @SneakyThrows + @AfterAll + public static void tearDownTestingServer() { + clearTLS(); + zk.close(); + zookeeperContainer.close(); + } +} \ No newline at end of file diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application-digest.yaml b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application-digest.yaml new file mode 100644 index 000000000000..c618466e06d5 --- /dev/null +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application-digest.yaml @@ -0,0 +1,31 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +registry: + type: zookeeper + zookeeper: + namespace: dolphinscheduler + connect-string: 127.0.0.1:2181 + retry-policy: + base-sleep-time: 60ms + max-sleep: 300ms + max-retries: 5 + session-timeout: 30s + connection-timeout: 9s + block-until-connected: 3s + authorization: + digest: root:root_passwd diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application-x509.yaml b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application-x509.yaml new file mode 100644 index 000000000000..e5e57d2ebb85 --- /dev/null +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application-x509.yaml @@ -0,0 +1,31 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +registry: + type: zookeeper + zookeeper: + namespace: dolphinscheduler + connect-string: 127.0.0.1:2181 + retry-policy: + base-sleep-time: 60ms + max-sleep: 300ms + max-retries: 5 + session-timeout: 30s + connection-timeout: 9s + block-until-connected: 3s + authorization: + x509: "CN=localhost,OU=ZooKeeper,O=Apache,L=Unknown,ST=Unknown,C=Unknown" diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application.yaml b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application.yaml index 92902a608cb4..b6ef4efa8901 100644 --- a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application.yaml +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/application.yaml @@ -27,4 +27,5 @@ registry: session-timeout: 30s connection-timeout: 9s block-until-connected: 3s - digest: ~ + authorization: + digest: ~ diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/README.md b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/README.md new file mode 100644 index 000000000000..b8823d8a3de8 --- /dev/null +++ b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/README.md @@ -0,0 +1,10 @@ +SSL test data +=================== + +testKeyStore.jks +--- +Testing keystore, password is "testpass". + +testTrustStore.jks +--- +Testing truststore, password is "testpass". diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/testKeyStore.jks b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/testKeyStore.jks new file mode 100644 index 000000000000..40a7d0b7eae2 Binary files /dev/null and b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/testKeyStore.jks differ diff --git a/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/testTrustStore.jks b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/testTrustStore.jks new file mode 100644 index 000000000000..33f09c11dfaa Binary files /dev/null and b/dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/test/resources/ssl/testTrustStore.jks differ diff --git a/dolphinscheduler-worker/src/main/resources/application.yaml b/dolphinscheduler-worker/src/main/resources/application.yaml index 5cac4c29e5ae..0a2ae9743859 100644 --- a/dolphinscheduler-worker/src/main/resources/application.yaml +++ b/dolphinscheduler-worker/src/main/resources/application.yaml @@ -37,7 +37,8 @@ registry: session-timeout: 60s connection-timeout: 15s block-until-connected: 15s - digest: ~ + authorization: + digest: ~ worker: # worker listener port