Fixing updating auth info whenever mapping is updated to TLS connecti…

…on on unified port. (#84) * Fixing updating auth info whenever mapping is updated to TLS connection on unified port. Co-authored-by: Rahul Rane <rrane@linkedin.com>
linkedin · Jul 1, 2022 · f14fe9e · f14fe9e
1 parent ade1f26
commit f14fe9e
Showing 1 changed file with 15 additions and 3 deletions.
diff --git a/.../java/org/apache/zookeeper/server/auth/znode/groupacl/ZkClientUriDomainMappingHelper.java b/.../java/org/apache/zookeeper/server/auth/znode/groupacl/ZkClientUriDomainMappingHelper.java
@@ -144,14 +144,26 @@ public void process(WatchedEvent event) {
     LOG.info("Processing watched event: {}", event.toString());
     parseZNodeMapping();
     // Update AuthInfo for all the known connections.
+    // Note : It is not ideal to iterate over all plaintext connections which are connected over non-TLS but right now
+    // there is no way to find out if connection on unified port is using SSLHandler or nonSSLHandler. Anyways, we
+    // should not ideally have any nonSSLHandler connections on unified port after complete rollout.
+
     // TODO Change to read SecureServerCnxnFactory only. The current logic is to support unit test who is not creating
     // a secured server cnxn factory. It won't cause any problem but is not technically correct.
-    ServerCnxnFactory factory =
-        zks.getSecureServerCnxnFactory() == null ? zks.getServerCnxnFactory() : zks.getSecureServerCnxnFactory();
+
+    // Since port unification is supported, TLS requests could be made on unified as well as secure port. Hence iterate
+    // over all connections to update auth info.
+    ServerCnxnFactory factory = zks.getServerCnxnFactory();
+    LOG.info("Updating auth info for connections");
+    // TODO Evaluate performance impact and potentially use thread pool to parallelize the AuthInfo update.
     if (factory != null) {
-      // TODO Evaluate performance impact and potentially use thread pool to parallelize the AuthInfo update.
       factory.getConnections().forEach(cnxn -> updateDomainBasedAuthInfo(cnxn));
     }
+    ServerCnxnFactory secureFactory = zks.getSecureServerCnxnFactory();
+    LOG.info("Updating auth info for TLS connections");
+    if (secureFactory != null) {
+      secureFactory.getConnections().forEach(cnxn -> updateDomainBasedAuthInfo(cnxn));
+    }
   }
 
   @Override