From a10c2273146c74a1a7025003b36363f90e30283f Mon Sep 17 00:00:00 2001 From: Anton Ivashkin Date: Wed, 20 Dec 2023 19:05:56 +0200 Subject: [PATCH 1/2] Add '--secure' flag in 'chadmin zookeeper' commands --- ch_tools/chadmin/cli/zookeeper_group.py | 20 +++++++++++++++++++- ch_tools/chadmin/internal/zookeeper.py | 9 ++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/ch_tools/chadmin/cli/zookeeper_group.py b/ch_tools/chadmin/cli/zookeeper_group.py index 154106c5..1d79e8ae 100644 --- a/ch_tools/chadmin/cli/zookeeper_group.py +++ b/ch_tools/chadmin/cli/zookeeper_group.py @@ -23,6 +23,13 @@ @group("zookeeper") @option("--port", help="ZooKeeper port.", type=int, default=2181) @option("--host", help="ZooKeeper host.", type=str) +@option("--secure", help="Use secure connection.", default=False, is_flag=True) +@option( + "--no-verify-ssl-certs", + help="Do not check SSL Certificates in secure connection.", + default=False, + is_flag=True, +) @option("--timeout", help="ZooKeeper timeout.", default=10) @option( "--zkcli-identity", @@ -52,7 +59,16 @@ ) @pass_context def zookeeper_group( - ctx, host, port, timeout, zkcli_identity, no_chroot, no_ch_config, zk_root_path + ctx, + host, + secure, + no_verify_ssl_certs, + port, + timeout, + zkcli_identity, + no_chroot, + no_ch_config, + zk_root_path, ): """ZooKeeper management commands. @@ -64,6 +80,8 @@ def zookeeper_group( ctx.obj["zk_client_args"] = { "port": port, "host": host, + "use_ssl": secure, + "no_verify_ssl_certs": no_verify_ssl_certs, "timeout": timeout, "zkcli_identity": zkcli_identity, "no_chroot": no_chroot, diff --git a/ch_tools/chadmin/internal/zookeeper.py b/ch_tools/chadmin/internal/zookeeper.py index 9116128b..4ff6cf83 100644 --- a/ch_tools/chadmin/internal/zookeeper.py +++ b/ch_tools/chadmin/internal/zookeeper.py @@ -303,6 +303,8 @@ def _get_zk_client(ctx): args = ctx.obj.get("zk_client_args", {}) host = args.get("host") port = args.get("port", 2181) + use_ssl = args.get("use_ssl", False) + no_verify_ssl_certs = args.get("no_verify_ssl_certs", False) timeout = args.get("timeout", 10) zkcli_identity = args.get("zkcli_identity") no_chroot = args.get("no_chroot", False) @@ -334,5 +336,10 @@ def _get_zk_client(ctx): auth_data = [("digest", zkcli_identity)] return KazooClient( - connect_str, auth_data=auth_data, timeout=timeout, logger=logging.getLogger() + connect_str, + auth_data=auth_data, + timeout=timeout, + logger=logging.getLogger(), + use_ssl=use_ssl, + verify_certs=not no_verify_ssl_certs, ) From 00073d9a983e0cb41aa238d26ea6fb3aefec5d12 Mon Sep 17 00:00:00 2001 From: Anton Ivashkin Date: Mon, 25 Dec 2023 13:50:17 +0200 Subject: [PATCH 2/2] change '--verify-ssl-certs' option for chadmin --- ch_tools/chadmin/cli/zookeeper_group.py | 11 +++++------ ch_tools/chadmin/internal/zookeeper.py | 4 ++-- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/ch_tools/chadmin/cli/zookeeper_group.py b/ch_tools/chadmin/cli/zookeeper_group.py index 1d79e8ae..df258eff 100644 --- a/ch_tools/chadmin/cli/zookeeper_group.py +++ b/ch_tools/chadmin/cli/zookeeper_group.py @@ -25,10 +25,9 @@ @option("--host", help="ZooKeeper host.", type=str) @option("--secure", help="Use secure connection.", default=False, is_flag=True) @option( - "--no-verify-ssl-certs", - help="Do not check SSL Certificates in secure connection.", - default=False, - is_flag=True, + "--verify-ssl-certs/--no-verify-ssl-certs", + help="Check or not SSL Certificates in secure connection.", + default=True, ) @option("--timeout", help="ZooKeeper timeout.", default=10) @option( @@ -62,7 +61,7 @@ def zookeeper_group( ctx, host, secure, - no_verify_ssl_certs, + verify_ssl_certs, port, timeout, zkcli_identity, @@ -81,7 +80,7 @@ def zookeeper_group( "port": port, "host": host, "use_ssl": secure, - "no_verify_ssl_certs": no_verify_ssl_certs, + "verify_ssl_certs": verify_ssl_certs, "timeout": timeout, "zkcli_identity": zkcli_identity, "no_chroot": no_chroot, diff --git a/ch_tools/chadmin/internal/zookeeper.py b/ch_tools/chadmin/internal/zookeeper.py index 4ff6cf83..13e1f768 100644 --- a/ch_tools/chadmin/internal/zookeeper.py +++ b/ch_tools/chadmin/internal/zookeeper.py @@ -304,7 +304,7 @@ def _get_zk_client(ctx): host = args.get("host") port = args.get("port", 2181) use_ssl = args.get("use_ssl", False) - no_verify_ssl_certs = args.get("no_verify_ssl_certs", False) + verify_ssl_certs = args.get("verify_ssl_certs", True) timeout = args.get("timeout", 10) zkcli_identity = args.get("zkcli_identity") no_chroot = args.get("no_chroot", False) @@ -341,5 +341,5 @@ def _get_zk_client(ctx): timeout=timeout, logger=logging.getLogger(), use_ssl=use_ssl, - verify_certs=not no_verify_ssl_certs, + verify_certs=verify_ssl_certs, )