-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KSQL-12955 | Introduce KsqlResourceExtensions for plugins configured externally. #10665
base: 7.6.x
Are you sure you want to change the base?
Conversation
🎉 All Contributor License Agreements have been signed. Ready to merge. |
778c81b
to
fb2753f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Refactoring is looking good.
I would strongly recommend to move all FIPS logic out from this repo.
@@ -1792,6 +1792,10 @@ public Map<String, Object> getConsumerClientConfigProps() { | |||
return Collections.unmodifiableMap(map); | |||
} | |||
|
|||
public boolean enableFips() { | |||
return getBoolean(ConfluentConfigs.ENABLE_FIPS_CONFIG); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we can get rid of ConfluentConfigs
, that would be better and will help removing internal depedency and ce-kafka dependency. We can have our own flag also.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we have to get rid of it. I have introduced a new config with the same name.
The only dependency left now is ConfluentConfigs.buildFipsValidator()
import io.confluent.ksql.rest.server.KsqlRestConfig; | ||
import io.confluent.ksql.util.KsqlConfig; | ||
|
||
public interface KsqlResourceContext { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any benefit of building an interface? Avoid if there is exactly one implementation and in future also, there is no rationale for multiple implementations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea behind this is to encapsulate a collection of objects that are useful to the ResourceExtension in future.
|
||
public interface KsqlResourceContext { | ||
|
||
KsqlConfig ksqlConfig(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since KsqlConfig
and KsqlRestConfig
are already available, is an additional Context
class necessary? If not, it should be avoided.
if (getString(KSQL_RESOURCE_EXTENSION).isEmpty()) { | ||
return Collections.emptyList(); | ||
} | ||
return getConfiguredInstances(KSQL_RESOURCE_EXTENSION, KsqlResourceExtension.class); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return getConfiguredInstances(KSQL_RESOURCE_EXTENSION, KsqlResourceExtension.class); | |
return getConfiguredInstances(KSQL_RESOURCE_EXTENSIONS, KsqlResourceExtension.class); |
we can take KSQL_RESOURCE_EXTENSIONS
as comma separated or we can allow prefix based ksql.resource.extension.fipsValidator.class=<className>
with ksql.resource.extension.fipsValidator.enable
etc.
"ksql.resource.extension.class"; | ||
private static final String KSQL_RESOURCE_EXTENSION_DEFAULT = ""; | ||
private static final String KSQL_RESOURCE_EXTENSION_DOC = | ||
"A list of KsqlResourceExtension implementations to register with ksqlDB server."; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"A list of KsqlResourceExtension implementations to register with ksqlDB server."; | |
"A list of KsqlResourceExtension implementations to be registered with the ksqlDB server." |
@@ -444,6 +445,12 @@ public class KsqlRestConfig extends AbstractConfig { | |||
KSQL_COMMAND_TOPIC_MIGRATION_MIGRATING | |||
); | |||
|
|||
public static final String KSQL_RESOURCE_EXTENSION = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one extension or allowing multiple extensions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is for multiple extensions.
@@ -379,6 +380,16 @@ public void shouldConfigureRocksDBConfigSetter() { | |||
verify(rocksDBConfigSetterHandler).accept(ksqlConfig); | |||
} | |||
|
|||
@Test(expected = KsqlException.class) | |||
public void shouldFailIfFipsValidationEnabledButNotConfigured() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can make a generic test.
shouldFailIfExtensionIsEnabledButNotConfigured
if (KsqlConstants.FIPS_VALIDATOR | ||
.equals(resourceExtension.getClass().getCanonicalName())) { | ||
isFipsValidatorConfigured = true; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can get rid of FIPS Specific checks. We can move tests related to that to confluent-security-plugins itself.
ksqldb-rest-app/src/main/java/io/confluent/ksql/rest/extensions/KsqlResourceExtension.java
Show resolved
Hide resolved
6b46758
to
72c7603
Compare
84e811b
to
2b66ad6
Compare
2b66ad6
to
2189e60
Compare
Description
Introduce KsqlResourceExtensions for plugins configured externally.
Testing done
Describe the testing strategy. Unit and integration tests are expected for any behavior changes.
Reviewer checklist