From 689ab5920cb276b798da7a8290ab062efa27e5c1 Mon Sep 17 00:00:00 2001 From: Heng Qin Date: Wed, 6 Dec 2023 20:25:51 +0800 Subject: [PATCH] [#950] improvment(common): Add a method in ConfigEntry called create to support configurations with no default value --- .../gravitino/config/ConfigEntry.java | 22 +++++++++++++++ docs/security.md | 28 +++++++++---------- .../gravitino/server/auth/OAuthConfig.java | 6 ++-- .../server/web/JettyServerConfig.java | 10 +++---- 4 files changed, 44 insertions(+), 22 deletions(-) diff --git a/common/src/main/java/com/datastrato/gravitino/config/ConfigEntry.java b/common/src/main/java/com/datastrato/gravitino/config/ConfigEntry.java index 49989175678..430a1640aba 100644 --- a/common/src/main/java/com/datastrato/gravitino/config/ConfigEntry.java +++ b/common/src/main/java/com/datastrato/gravitino/config/ConfigEntry.java @@ -37,6 +37,7 @@ public class ConfigEntry { @Getter private boolean isDeprecated; private boolean isOptional; + private boolean isNoDefault; /** * Creates a new ConfigEntry instance. @@ -101,6 +102,11 @@ void setOptional() { this.isOptional = true; } + /** Marks this configuration as no default value. */ + void setNoDefault() { + this.isNoDefault = true; + } + /** * Creates a new ConfigEntry instance based on this configuration entry with a default value. * @@ -134,6 +140,20 @@ public ConfigEntry> createWithOptional() { return conf; } + /** + * Creates a new ConfigEntry instance based on this configuration entry with no default value. + * + * @return A new ConfigEntry instance with no default value. + */ + public ConfigEntry createWithNoDefault() { + ConfigEntry conf = + new ConfigEntry<>(key, version, doc, alternatives, isPublic, isDeprecated); + conf.setValueConverter(valueConverter); + conf.setStringConverter(stringConverter); + conf.setNoDefault(); + return conf; + } + /** * Reads the configuration value. * @@ -155,6 +175,8 @@ public T readFrom(Map properties) throws NoSuchElementException if (value == null) { if (defaultValue != null) { return defaultValue; + } else if (isNoDefault) { + return null; } else if (!isOptional) { throw new NoSuchElementException("No configuration found for key " + key); } diff --git a/docs/security.md b/docs/security.md index 190bf7abb0e..95b50ef7d87 100644 --- a/docs/security.md +++ b/docs/security.md @@ -26,7 +26,7 @@ GravitinoClient client = GravitinoClient.builder(uri) Gravitino only supports external OAuth 2.0 servers. First, users need to guarantee that the external correctly configured OAuth 2.0 server supports Bearer JWT. -Then, on the server side, users should set `gravitino.authenticator` as `oauth` and give `gravitino.authenticator.oauth.defaultSignKey`, `gravitino.authenticator.oauth.serverURI` and `gravitino.authenticator.oauth.tokenPath` a proper value. +Then, on the server side, users should set `gravitino.authenticator` as `oauth` and give `gravitino.authenticator.oauth.defaultSignKey`, `gravitino.authenticator.oauth.serverUri` and `gravitino.authenticator.oauth.tokenPath` a proper value. Next, for the client side, users can enable `OAuth` mode by the following code: ```java @@ -49,9 +49,9 @@ GravitinoClient client = GravitinoClient.builder(uri) | `gravitino.authenticator` | The authenticator which Gravitino uses, setting as `simple` or `oauth` | `simple` | 0.3.0 | | `gravitino.authenticator.oauth.serviceAudience` | The audience name when Gravitino uses OAuth as the authenticator | `GravitinoServer` | 0.3.0 | | `gravitino.authenticator.oauth.allowSkewSecs` | The JWT allows skew seconds when Gravitino uses OAuth as the authenticator | `0` | 0.3.0 | -| `gravitino.authenticator.oauth.defaultSignKey` | The signing key of JWT when Gravitino uses OAuth as the authenticator | `` | 0.3.0 | -| `gravitino.authenticator.oauth.serverUri` | The uri of the default OAuth server | `` | 0.3.0 | -| `gravitino.authenticator.oauth.tokenPath` | The path for token of the default OAuth server | `` | 0.3.0 | +| `gravitino.authenticator.oauth.defaultSignKey` | The signing key of JWT when Gravitino uses OAuth as the authenticator | none | 0.3.0 | +| `gravitino.authenticator.oauth.serverUri` | The uri of the default OAuth server | none | 0.3.0 | +| `gravitino.authenticator.oauth.tokenPath` | The path for token of the default OAuth server | none | 0.3.0 | The signature algorithms that Gravitino supports follows: @@ -81,15 +81,15 @@ Both Gravitino server and Iceberg REST service can configure HTTPS. |-----------------------------------------------------|------------------------------------------------------------|---------------|---------------| | `gravitino.server.webserver.enableHttps` | Enables https | `false` | 0.3.0 | | `gravitino.server.webserver.httpsPort` | The https port number of the Jetty web server | `8433` | 0.3.0 | -| `gravitino.server.webserver.keyStorePath` | Path to the key store file | `` | 0.3.0 | -| `gravitino.server.webserver.keyStorePassword` | Password to the key store | `` | 0.3.0 | +| `gravitino.server.webserver.keyStorePath` | Path to the key store file | none | 0.3.0 | +| `gravitino.server.webserver.keyStorePassword` | Password to the key store | none | 0.3.0 | | `gravitino.server.webserver.keyStoreType` | The type to the key store | `JKS` | 0.3.0 | -| `gravitino.server.webserver.managerPassword` | Manager password to the key store | `` | 0.3.0 | +| `gravitino.server.webserver.managerPassword` | Manager password to the key store | none | 0.3.0 | | `gravitino.server.webserver.tlsProtocol` | TLS protocol to use. The protocol must be supported by JVM | none | 0.3.0 | | `gravitino.server.webserver.enableCipherAlgorithms` | The collection of the cipher algorithms which are enabled. | `` | 0.3.0 | | `gravitino.server.webserver.enableClientAuth` | Enables the authentication of the client | `false` | 0.3.0 | -| `gravitino.server.webserver.trustStorePath` | Path to the trust store file | `` | 0.3.0 | -| `gravitino.server.webserver.trustStorePassword` | Password to the trust store | `` | 0.3.0 | +| `gravitino.server.webserver.trustStorePath` | Path to the trust store file | none | 0.3.0 | +| `gravitino.server.webserver.trustStorePassword` | Password to the trust store | none | 0.3.0 | | `gravitino.server.webserver.trustStoreType` | The type to the trust store | `JKS` | 0.3.0 | ### Iceberg REST service's configuration @@ -97,15 +97,15 @@ Both Gravitino server and Iceberg REST service can configure HTTPS. |------------------------------------------------------------|------------------------------------------------------------|---------------|---------------| | `gravitino.auxService.iceberg-rest.enableHttps` | Enables https | `false` | 0.3.0 | | `gravitino.auxService.iceberg-rest.httpsPort` | The https port number of the Jetty web server | `8433` | 0.3.0 | -| `gravitino.auxService.iceberg-rest.keyStorePath` | Path to the key store file | `` | 0.3.0 | -| `gravitino.auxService.iceberg-rest.keyStorePassword` | Password to the key store | `` | 0.3.0 | +| `gravitino.auxService.iceberg-rest.keyStorePath` | Path to the key store file | none | 0.3.0 | +| `gravitino.auxService.iceberg-rest.keyStorePassword` | Password to the key store | none | 0.3.0 | | `gravitino.uxService.iceberg-rest.keyStoreType` | The type to the key store | `JKS` | 0.3.0 | -| `gravitino.auxService.iceberg-rest.managerPassword` | Manager password to the key store | `` | 0.3.0 | +| `gravitino.auxService.iceberg-rest.managerPassword` | Manager password to the key store | none | 0.3.0 | | `gravitino.auxService.iceberg-rest.tlsProtocol` | TLS protocol to use. The protocol must be supported by JVM | none | 0.3.0 | | `gravitino.auxService.iceberg-rest.enableCipherAlgorithms` | The collection of the cipher algorithms which are enabled | `` | 0.3.0 | | `gravitino.auxService.iceberg-rest.enableClientAuth` | Enables the authentication of the client | `false` | 0.3.0 | -| `gravitino.auxService.iceberg-rest.trustStorePath` | Path to the trust store file | `` | 0.3.0 | -| `gravitino.auxService.iceberg-rest.trustStorePassword` | Password to the trust store | `` | 0.3.0 | +| `gravitino.auxService.iceberg-rest.trustStorePath` | Path to the trust store file | none | 0.3.0 | +| `gravitino.auxService.iceberg-rest.trustStorePassword` | Password to the trust store | none | 0.3.0 | | `gravitino.auxService.iceberg-rest.trustStoreType` | The type to the trust store | `JKS` | 0.3.0 | About `tlsProtocol`, the reference list of protocols can be found in the "Additional JSSE Standard Names" section of the Java security guide. The list for Java 8 can be found at [this](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#jssenames). diff --git a/server-common/src/main/java/com/datastrato/gravitino/server/auth/OAuthConfig.java b/server-common/src/main/java/com/datastrato/gravitino/server/auth/OAuthConfig.java index b4a4d7dcdca..4008dd7460d 100644 --- a/server-common/src/main/java/com/datastrato/gravitino/server/auth/OAuthConfig.java +++ b/server-common/src/main/java/com/datastrato/gravitino/server/auth/OAuthConfig.java @@ -33,7 +33,7 @@ public interface OAuthConfig extends Configs { .doc("The sign key of jwt when Gravitino uses oauth as the authenticator") .version("0.3.0") .stringConf() - .createWithDefault(""); + .createWithNoDefault(); ConfigEntry SIGNATURE_ALGORITHM_TYPE = new ConfigBuilder(OAUTH_CONFIG_PREFIX + "signAlgorithmType") @@ -47,12 +47,12 @@ public interface OAuthConfig extends Configs { .doc("The uri of the default OAuth server") .version("0.3.0") .stringConf() - .createWithDefault(""); + .createWithNoDefault(); ConfigEntry DEFAULT_TOKEN_PATH = new ConfigBuilder(OAUTH_CONFIG_PREFIX + "tokenPath") .doc("The path for token of the default OAuth server") .version("0.3.0") .stringConf() - .createWithDefault(""); + .createWithNoDefault(); } diff --git a/server-common/src/main/java/com/datastrato/gravitino/server/web/JettyServerConfig.java b/server-common/src/main/java/com/datastrato/gravitino/server/web/JettyServerConfig.java index dd75003df2c..b6de686724f 100644 --- a/server-common/src/main/java/com/datastrato/gravitino/server/web/JettyServerConfig.java +++ b/server-common/src/main/java/com/datastrato/gravitino/server/web/JettyServerConfig.java @@ -107,21 +107,21 @@ public final class JettyServerConfig { .doc("Path to the key store file") .version("0.3.0") .stringConf() - .createWithDefault(""); + .createWithNoDefault(); public static final ConfigEntry SSL_KEYSTORE_PASSWORD = new ConfigBuilder("keyStorePassword") .doc("Password to the key store") .version("0.3.0") .stringConf() - .createWithDefault(""); + .createWithNoDefault(); public static final ConfigEntry SSL_MANAGER_PASSWORD = new ConfigBuilder("managerPassword") .doc("Manager password to the key store") .version("0.3.0") .stringConf() - .createWithDefault(""); + .createWithNoDefault(); public static final ConfigEntry SSL_KEYSTORE_TYPE = new ConfigBuilder("keyStoreType") @@ -155,14 +155,14 @@ public final class JettyServerConfig { .doc("Path to the trust store file") .version("0.3.0") .stringConf() - .createWithDefault(""); + .createWithNoDefault(); public static final ConfigEntry SSL_TRUST_STORE_PASSWORD = new ConfigBuilder("trustStorePassword") .doc("Password to the trust store") .version("0.3.0") .stringConf() - .createWithDefault(""); + .createWithNoDefault(); public static final ConfigEntry SSL_TRUST_STORE_TYPE = new ConfigBuilder("trustStoreType")