Class DefaultTLSConfigurer
java.lang.Object
org.apache.flink.runtime.util.datafabric.DefaultTLSConfigurer
DEP Flink specific helper class to apply default TLS configuration.
bin/generate-default-keystores.sh script is responsible for generating user's individual default keystores
when any Flink CLI tool is used and pushing them to MapRFS. This class, in its turn, is responsible for
pulling them to local filesystem (we can run on a different host than the CLI tool that generated the keystores ran)
and configuring a given Configuration object to use them, if needed.
Similar to the script, this class is NO-OP if:
1. Not in Data Fabric environment (determined by
DataFabricUtil.isDataFabricAvailable())
2. TLS is explicitly disabled by user
3. Keystore path is explicitly specified by user
4. Default keystores already exist in local filesystem
5. An error occurred
Keystores for different connectivity types (internal|rest) are processed separately.
After pulling a keystore to local filesystem, its permissions must be set to be only readable by owner.
Keystore passwords are extracted using Hadoop Credential API.
Usage: DefaultTLSConfigurer.apply(configuration);
Implementation notes: To avoid writing similar code for different keystore variations, the class uses generalized approach and accepts such parameters: - connectivity - internal|rest - keystoreRole - keystore|truststore This, however, makes us rely on raw strings as configuration keys... The shell script does it anyway.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic voidapply(org.apache.flink.configuration.Configuration configuration) voidapplyInstance(org.apache.flink.configuration.Configuration configuration)
-
Constructor Details
-
DefaultTLSConfigurer
public DefaultTLSConfigurer()
-
-
Method Details
-
apply
public static void apply(org.apache.flink.configuration.Configuration configuration) -
applyInstance
public void applyInstance(org.apache.flink.configuration.Configuration configuration)
-