diff options
author | Dmitriy Rabotyagov <noonedeadpunk@ya.ru> | 2022-11-24 12:40:49 +0100 |
---|---|---|
committer | Dmitriy Rabotyagov <noonedeadpunk@gmail.com> | 2022-12-08 19:54:11 +0000 |
commit | f11666b66c668dd731b59369ad3a62a6d16536c6 (patch) | |
tree | 16c5b7fedb6d553908b470716b46213916449221 | |
parent | 7d50893625bd88d31c181a1c1c6f730ed64c4b3d (diff) | |
download | tooz-f11666b66c668dd731b59369ad3a62a6d16536c6.tar.gz |
Allow to pass ssl-related args for zookeeper
Zookeeper does support TLS encryption and authentication for client
connections. There's no reason not to pass these arguments to the kazoo
to allow encrypted connections.
We bump minimum kazoo version to 2.6.0 since change implementin SSL support
has been merged with [1] and was first released with 2.6.0 tag.
[1] https://github.com/python-zk/kazoo/commit/35ce10669ace9d0d7e787793f0d4937d5d389f69
Change-Id: Ied29512989f477a19753afcb789e5588877fd688
-rw-r--r-- | releasenotes/notes/zookeeper_tls-808355fd2ab1acae.yaml | 17 | ||||
-rw-r--r-- | setup.cfg | 2 | ||||
-rw-r--r-- | tooz/drivers/zookeeper.py | 24 |
3 files changed, 36 insertions, 7 deletions
diff --git a/releasenotes/notes/zookeeper_tls-808355fd2ab1acae.yaml b/releasenotes/notes/zookeeper_tls-808355fd2ab1acae.yaml new file mode 100644 index 0000000..c5ad768 --- /dev/null +++ b/releasenotes/notes/zookeeper_tls-808355fd2ab1acae.yaml @@ -0,0 +1,17 @@ +--- +features: + - | + Added TLS support for Zookeeper. + + TLS-related options can be defined in a connection URL as query parameters + and they will be passed to the Kazoo driver as client arguments. + + * ``ca``: SSL CA file to use for authentication + * ``certfile``: SSL certfile to use for authentication + * ``keyfile``: SSL keyfile to use for authentication + * ``keyfile_password``: keyfile password + * ``use_ssl``: controls whether SSL is used or not. Default to False. + * ``verify_certs``: when use_ssl is True you can control whether to + complete certificate validation + + This also bumps minimum kazoo version to >=2.6.0 @@ -62,7 +62,7 @@ postgresql = mysql = PyMySQL>=0.6.2 # MIT License zookeeper = - kazoo>=2.2 # Apache-2.0 + kazoo>=2.6 # Apache-2.0 memcached = pymemcache!=1.3.0,>=1.2.9 # Apache 2.0 License ipc = diff --git a/tooz/drivers/zookeeper.py b/tooz/drivers/zookeeper.py index 9c17299..92b4a10 100644 --- a/tooz/drivers/zookeeper.py +++ b/tooz/drivers/zookeeper.py @@ -95,11 +95,17 @@ class KazooDriver(coordination.CoordinationDriverCachedRunWatchers): ================ =============================== ==================== Name Source Default ================ =============================== ==================== - hosts url netloc + 'hosts' option key localhost:2181 - timeout 'timeout' options key 10.0 (kazoo default) + ca 'ca' options key None + certfile 'certfile' options key None connection_retry 'connection_retry' options key None command_retry 'command_retry' options key None + hosts url netloc + 'hosts' option key localhost:2181 + keyfile 'keyfile' options key None + keyfile_password 'keyfile_password' options key None randomize_hosts 'randomize_hosts' options key True + timeout 'timeout' options key 10.0 (kazoo default) + use_ssl 'use_ssl' options key False + verify_certs 'verify_certs' options key True ================ =============================== ==================== .. _kazoo: http://kazoo.readthedocs.org/ @@ -472,13 +478,19 @@ class KazooDriver(coordination.CoordinationDriverCachedRunWatchers): hosts = ['localhost:2181'] randomize_hosts = options.get('randomize_hosts', True) client_kwargs = { - 'hosts': ",".join(hosts), - 'timeout': float(options.get('timeout', self.timeout)), + 'auth_data': auth_data, + 'ca': options.get('ca', None), + 'certfile': options.get('certfile', None), 'connection_retry': options.get('connection_retry'), 'command_retry': options.get('command_retry'), - 'randomize_hosts': strutils.bool_from_string(randomize_hosts), - 'auth_data': auth_data, 'default_acl': default_acl, + 'hosts': ",".join(hosts), + 'keyfile': options.get('keyfile', None), + 'keyfile_password': options.get('keyfile_password', None), + 'randomize_hosts': strutils.bool_from_string(randomize_hosts), + 'timeout': float(options.get('timeout', self.timeout)), + 'use_ssl': bool(options.get('use_ssl', False)), + 'verify_certs': bool(options.get('verify_certs', True)), } handler_kind = options.get('handler') if handler_kind: |