From a5905655e94d717c53c8a89835c3eb244ddb8b33 Mon Sep 17 00:00:00 2001 From: Arjan Bal Date: Wed, 27 Dec 2023 12:22:01 +0530 Subject: [PATCH] Disable SSL verification for internal clients in system services and combine https configuration for internal router with existing config --- .../cdap/app/services/AbstractServiceDiscoverer.java | 7 ++++--- .../app/runtime/monitor/InternalRouterService.java | 2 +- .../main/java/io/cdap/cdap/common/conf/Constants.java | 1 - cdap-common/src/main/resources/cdap-default.xml | 9 --------- 4 files changed, 5 insertions(+), 14 deletions(-) diff --git a/cdap-app-fabric/src/main/java/io/cdap/cdap/app/services/AbstractServiceDiscoverer.java b/cdap-app-fabric/src/main/java/io/cdap/cdap/app/services/AbstractServiceDiscoverer.java index 6e9d9e77046f..08d53383da7b 100644 --- a/cdap-app-fabric/src/main/java/io/cdap/cdap/app/services/AbstractServiceDiscoverer.java +++ b/cdap-app-fabric/src/main/java/io/cdap/cdap/app/services/AbstractServiceDiscoverer.java @@ -24,7 +24,6 @@ import io.cdap.cdap.common.service.ServiceDiscoverable; import io.cdap.cdap.proto.ProgramType; import io.cdap.cdap.proto.id.ProgramId; -import io.cdap.common.http.HttpRequestConfig; import java.io.IOException; import java.net.HttpURLConnection; import java.net.URL; @@ -85,6 +84,8 @@ public HttpURLConnection openConnection(String namespaceId, String applicationId } /** + * Gets a factory for creating clients for CDAP services. + * * @return the {@link RemoteClientFactory} */ protected abstract RemoteClientFactory getRemoteClientFactory(); @@ -103,7 +104,7 @@ private RemoteClient createRemoteClient(String namespaceId, String applicationId ProgramType.SERVICE, serviceId); String basePath = String.format("%s/namespaces/%s/apps/%s/services/%s/methods/", Constants.Gateway.API_VERSION_3_TOKEN, namespaceId, applicationId, serviceId); - return getRemoteClientFactory().createRemoteClient(discoveryName, HttpRequestConfig.DEFAULT, - basePath); + return getRemoteClientFactory().createRemoteClient(discoveryName, + RemoteClientFactory.NO_VERIFY_HTTP_REQUEST_CONFIG, basePath); } } diff --git a/cdap-app-fabric/src/main/java/io/cdap/cdap/internal/app/runtime/monitor/InternalRouterService.java b/cdap-app-fabric/src/main/java/io/cdap/cdap/internal/app/runtime/monitor/InternalRouterService.java index 53806c63402c..cd867aa8ccc6 100644 --- a/cdap-app-fabric/src/main/java/io/cdap/cdap/internal/app/runtime/monitor/InternalRouterService.java +++ b/cdap-app-fabric/src/main/java/io/cdap/cdap/internal/app/runtime/monitor/InternalRouterService.java @@ -66,7 +66,7 @@ public void modify(ChannelPipeline pipeline) { .setHost(cConf.get(Constants.InternalRouter.BIND_ADDRESS)) .setPort(cConf.getInt(Constants.InternalRouter.BIND_PORT)); - if (cConf.getBoolean(Constants.InternalRouter.SSL_ENABLED)) { + if (cConf.getBoolean(Constants.Security.SSL.INTERNAL_ENABLED)) { new HttpsEnabler().configureKeyStore(cConf, sConf).enable(builder); } diff --git a/cdap-common/src/main/java/io/cdap/cdap/common/conf/Constants.java b/cdap-common/src/main/java/io/cdap/cdap/common/conf/Constants.java index 67d2bc248cd7..e63d4857a665 100644 --- a/cdap-common/src/main/java/io/cdap/cdap/common/conf/Constants.java +++ b/cdap-common/src/main/java/io/cdap/cdap/common/conf/Constants.java @@ -2495,7 +2495,6 @@ public static final class InternalRouter { public static final String BIND_ADDRESS = "internal.router.service.bind.address"; public static final String BIND_PORT = "internal.router.service.bind.port"; - public static final String SSL_ENABLED = "internal.router.service.ssl.enabled"; public static final String CLIENT_ENABLED = "internal.router.client.enabled"; public static final String SERVER_ENABLED = "internal.router.server.enabled"; } diff --git a/cdap-common/src/main/resources/cdap-default.xml b/cdap-common/src/main/resources/cdap-default.xml index 9ad9e3e0e48d..1f097f7fa48a 100644 --- a/cdap-common/src/main/resources/cdap-default.xml +++ b/cdap-common/src/main/resources/cdap-default.xml @@ -6063,15 +6063,6 @@ - - internal.router.service.ssl.enabled - ${ssl.internal.enabled} - - Enable usage of SSL for the internal router service. By default, it is - disabled. - - - internal.router.client.enabled false