[jira] [Commented] (FLINK-9839) End-to-end test: Streaming job with SSL

Mon, 16 Jul 2018 04:35:57 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-9839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16545094#comment-16545094
 ] 

ASF GitHub Bot commented on FLINK-9839:
---------------------------------------

Github user NicoK commented on a diff in the pull request:

    https://github.com/apache/flink/pull/6327#discussion_r202650892
  
    --- Diff: flink-end-to-end-tests/test-scripts/common.sh ---
    @@ -148,6 +151,41 @@ function create_ha_config() {
     EOL
     }
     
    +function set_conf_ssl {
    +
    +    # clean up the dir that will be used for SSL certificates and trust 
stores
    +    if [ -e "${TEST_DATA_DIR}/ssl" ]; then
    +       echo "File ${TEST_DATA_DIR}/ssl exists. Deleting it..."
    +       rm -rf "${TEST_DATA_DIR}/ssl"
    +    fi
    +    mkdir -p "${TEST_DATA_DIR}/ssl"
    +    NODENAME=`hostname -f`
    +    SANSTRING="dns:${NODENAME}"
    +    for NODEIP in `hostname -I | cut -d' ' -f1` ; do
    +        SANSTRING="${SANSTRING},ip:${NODEIP}"
    +    done
    +
    +    # create certificates
    +    keytool -genkeypair -alias ca -keystore 
"${TEST_DATA_DIR}/ssl/ca.keystore" -dname "CN=Sample CA" -storepass password 
-keypass password -keyalg RSA -ext bc=ca:true
    +    keytool -keystore "${TEST_DATA_DIR}/ssl/ca.keystore" -storepass 
password -alias ca -exportcert > "${TEST_DATA_DIR}/ssl/ca.cer"
    +    keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/ca.truststore" 
-alias ca -storepass password -noprompt -file "${TEST_DATA_DIR}/ssl/ca.cer"
    +
    +    keytool -genkeypair -alias node -keystore 
"${TEST_DATA_DIR}/ssl/node.keystore" -dname "CN=${NODENAME}" -ext 
SAN=${SANSTRING} -storepass password -keypass password -keyalg RSA
    +    keytool -certreq -keystore "${TEST_DATA_DIR}/ssl/node.keystore" 
-storepass password -alias node -file "${TEST_DATA_DIR}/ssl/node.csr"
    +    keytool -gencert -keystore "${TEST_DATA_DIR}/ssl/ca.keystore" 
-storepass password -alias ca -ext SAN=${SANSTRING} -infile 
"${TEST_DATA_DIR}/ssl/node.csr" -outfile "${TEST_DATA_DIR}/ssl/node.cer"
    +    keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/node.keystore" 
-storepass password -file "${TEST_DATA_DIR}/ssl/ca.cer" -alias ca -noprompt
    +    keytool -importcert -keystore "${TEST_DATA_DIR}/ssl/node.keystore" 
-storepass password -file "${TEST_DATA_DIR}/ssl/node.cer" -alias node -noprompt
    +
    +    # adapt config
    +    set_conf security.ssl.enabled true
    --- End diff --
    
    That's how `security.ssl.enabled` was specified and should remain to do so 
because of backwards compatibility. However, I can add a comment as well.


> End-to-end test: Streaming job with SSL
> ---------------------------------------
>
>                 Key: FLINK-9839
>                 URL: https://issues.apache.org/jira/browse/FLINK-9839
>             Project: Flink
>          Issue Type: Sub-task
>          Components: Tests
>    Affects Versions: 1.6.0
>            Reporter: Nico Kruber
>            Assignee: Nico Kruber
>            Priority: Blocker
>              Labels: pull-request-available
>             Fix For: 1.6.0
>
>
> None of the existing e2e tests run with an SSL configuration but there should 
> be such a test as well.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to