Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement-16258][Registry] Add ZK authorization yaml control & add digest auth UT #16277

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

[Improvement-16258][Registry] Add ZK authorization yaml control & add digest auth UT #16277

wants to merge 1 commit into from

Conversation

pegasas
Copy link
Contributor

@pegasas pegasas commented Jul 5, 2024
edited
Loading

…t auth UT

Purpose of the pull request

fix: Improvement

Brief change log

add digest UT and small refactor on ZK registry yaml for future authentication support like #16271 (comment)

Verify this pull request

image

Pull Request Notice

Pull Request Notice

If your pull request contain incompatible change, you should also add it to docs/docs/en/guide/upgrede/incompatible.md

@pegasas pegasas force-pushed the issues/16276 branch 2 times, most recently from d8dcb83 to a2db653 Compare July 5, 2024 04:19
SbloodyS
SbloodyS reviewed Jul 5, 2024
View reviewed changes
Copy link
Member

@SbloodyS SbloodyS left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please follow pull request notice and fix code style.

@pegasas
Copy link
Contributor Author

pegasas commented Jul 5, 2024

Please follow pull request notice and fix code style.

Thanks, Done.
image

@SbloodyS SbloodyS changed the title [Improvement][Registry] Add ZK authorization yaml control & add diges… [Improvement-16258][Registry] Add ZK authorization yaml control & add diges… Jul 6, 2024
@SbloodyS SbloodyS added this to the 3.3.0 milestone Jul 6, 2024
@SbloodyS SbloodyS added the improvement make more easy to user or prompt friendly label Jul 6, 2024
SbloodyS
SbloodyS previously approved these changes Jul 6, 2024
View reviewed changes
Copy link
Member

@SbloodyS SbloodyS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ruanwenjun
ruanwenjun reviewed Jul 6, 2024
View reviewed changes
Copy link
Member

@ruanwenjun ruanwenjun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UT failed.

...a/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryDigestTestCase.java
Comment on lines +79 to +82
zk = new ZooKeeper("localhost:" + zookeeperContainer.getMappedPort(2181),
30000, new DumbWatcher(), new ZKClientConfig());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why create ZooKeeper here?

@pegasas
Copy link
Contributor Author

pegasas commented Jul 6, 2024
edited
Loading

UT failed.

image
It seems ZookeeperRegistryProperties would keep digest which caused curator always use digest between multiple test.
I leverage practise in jdbc-registry to autowire each ZookeeperRegistryProperties to make it right.

It works now.

@ruanwenjun ruanwenjun changed the title [Improvement-16258][Registry] Add ZK authorization yaml control & add diges… [Improvement-16258][Registry] Add ZK authorization yaml control & add digest auth UT Jul 8, 2024
ruanwenjun
ruanwenjun reviewed Jul 8, 2024
View reviewed changes
...a/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryDigestTestCase.java Outdated
Comment on lines 69 to 70
public static void setupRootACLForDigest(final ZooKeeper zk) throws Exception {
final String digest = DigestAuthenticationProvider.generateDigest(ID_PASSWORD);
final ACL acl = new ACL(ZooDefs.Perms.ALL, new Id("digest", digest));
zk.setACL("/", Collections.singletonList(acl), -1);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this method should be public?

...a/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryDigestTestCase.java Outdated
Comment on lines 102 to 103
zk.addAuthInfo("digest", ID_PASSWORD.getBytes(StandardCharsets.UTF_8));
resetRootACL(zk);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to reset?

...r/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistry.java Outdated
@@ -80,7 +80,7 @@ final class ZookeeperRegistry implements Registry {
.sessionTimeoutMs(DurationUtils.toMillisInt(properties.getSessionTimeout()))
.connectionTimeoutMs(DurationUtils.toMillisInt(properties.getConnectionTimeout()));

final String digest = properties.getDigest();
final String digest = properties.getAuthorization().get(ZookeeperRegistryProperties.ZookeeperProperties.DIGEST);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we directly use the key as authorization key, value as authorization value ? otherwise you need to handle multiple authorization type.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jul 8, 2024

Quality Gate Passed Quality Gate passed

Issues
24 New issues
0 Accepted issues

Measures
1 Security Hotspot
64.0% Coverage on New Code
2.0% Duplication on New Code

See analysis details on SonarCloud

@pegasas pegasas force-pushed the issues/16276 branch 2 times, most recently from d53076a to e4ee663 Compare July 9, 2024 14:58
ruanwenjun
ruanwenjun reviewed Jul 10, 2024
View reviewed changes
...src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperAuthSchema.java Outdated
Comment on lines 3 to 5
public enum ZookeeperAuthSchema {
DIGEST,
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing license, and can we removed this enum? We don't need to maintain a enum here.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 24, 2024
View reviewed changes
...r/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistry.java Outdated
if (properties.getAuthorization().size() > 0) {
final String schema = properties.getAuthorization().keySet().stream().findFirst().get();
final String schemaValue = properties.getAuthorization().get(schema);
builder.authorization(schema.toString().toLowerCase(), schemaValue.getBytes(StandardCharsets.UTF_8))

Check notice

Code scanning / CodeQL

Useless toString on String

Redundant call to 'toString' on a String object.
@pegasas @ruanwenjun
[Improvement][Registry] Add ZK authorization yaml control & add diges…
faaac71 
…t auth UT

Update dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryProperties.java

Co-authored-by: Wenjun Ruan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruanwenjun ruanwenjun ruanwenjun left review comments

@SbloodyS SbloodyS SbloodyS left review comments

@caishunfeng caishunfeng Awaiting requested review from caishunfeng caishunfeng is a code owner

@Gallardot Gallardot Awaiting requested review from Gallardot Gallardot is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@pegasas pegasas

Labels
backend document improvement make more easy to user or prompt friendly test
Projects
None yet
Milestone
3.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@pegasas @SbloodyS @ruanwenjun