[FLINK-12518][tests][e2e] enable openSSL for test_streaming_file_sink

This test (run nightly) will use a dynamically or statically linked openSSL library at random during runtime, in order to eventually verify both.
synckey · Jun 15, 2019 · e5b4a57 · e5b4a57
1 parent d11be33
commit e5b4a57
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 4 deletions.
diff --git a/flink-end-to-end-tests/test-scripts/common_ssl.sh b/flink-end-to-end-tests/test-scripts/common_ssl.sh
@@ -22,13 +22,25 @@
 
 function _set_conf_ssl_helper {
     local type=$1 # 'internal' or external 'rest'
+    local provider=$2 # 'JDK' or 'OPENSSL'
+    local provider_lib=$3 # if using OPENSSL, choose: 'dynamic' or 'static' (how openSSL is linked to our packaged jar)
     local ssl_dir="${TEST_DATA_DIR}/ssl/${type}"
     local password="${type}.password"
 
     if [ "${type}" != "internal" ] && [ "${type}" != "rest" ]; then
         echo "Unknown type of ssl connectivity: ${type}. It can be either 'internal' or external 'rest'"
         exit 1
     fi
+    if [ "${provider}" != "JDK" ] && [ "${provider}" != "OPENSSL" ]; then
+        echo "Unknown SSL provider: ${provider}. It can be either 'JDK' or 'OPENSSL'"
+        exit 1
+    fi
+    if [ "${provider_lib}" != "dynamic" ] && [ "${provider_lib}" != "static" ]; then
+        echo "Unknown library type for openSSL: ${provider_lib}. It can be either 'dynamic' or 'static'"
+        exit 1
+    fi
+
+    echo "Setting up SSL with: ${type} ${provider} ${provider_lib}"
 
     # clean up the dir that will be used for SSL certificates and trust stores
     if [ -e "${ssl_dir}" ]; then
@@ -58,7 +70,24 @@ function _set_conf_ssl_helper {
     # keystore is converted into a pem format to use it as node.pem with curl in Flink REST API queries, see also $CURL_SSL_ARGS
     openssl pkcs12 -passin pass:${password} -in "${ssl_dir}/node.keystore" -out "${ssl_dir}/node.pem" -nodes
 
+    if [ "${provider}" = "OPENSSL" -a "${provider_lib}" = "dynamic" ]; then
+        cp $FLINK_DIR/opt/flink-shaded-netty-tcnative-dynamic-*.jar $FLINK_DIR/lib/
+    elif [ "${provider}" = "OPENSSL" -a "${provider_lib}" = "static" ]; then
+        # Flink is not providing the statically-linked library because of potential licensing issues
+        # -> we need to build it ourselves
+        FLINK_SHADED_VERSION=$(cat ${END_TO_END_DIR}/../pom.xml | sed -n 's/.*<flink.shaded.version>\(.*\)<\/flink.shaded.version>/\1/p')
+        echo "BUILDING flink-shaded-netty-tcnative-static"
+        git clone https://github.com/apache/flink-shaded.git
+        cd flink-shaded
+        git checkout "release-${FLINK_SHADED_VERSION}"
+        mvn clean package -Pinclude-netty-tcnative-static -pl flink-shaded-netty-tcnative-static
+        cp flink-shaded-netty-tcnative-static/target/flink-shaded-netty-tcnative-static-*.jar $FLINK_DIR/lib/
+        cd ..
+        rm -rf flink-shaded
+    fi
+
     # adapt config
+    set_config_key security.ssl.provider ${provider}
     set_config_key security.ssl.${type}.enabled true
     set_config_key security.ssl.${type}.keystore ${ssl_dir}/node.keystore
     set_config_key security.ssl.${type}.keystore-password ${password}
@@ -81,15 +110,23 @@ function _set_conf_mutual_rest_ssl {
 
 function set_conf_rest_ssl {
     local auth="${1:-server}" # only 'server' or 'mutual'
+    local provider="${2:-JDK}" # 'JDK' or 'OPENSSL'
+    local provider_lib="${3:-dynamic}" # for OPENSSL: 'dynamic' or 'static'
     local ssl_dir="${TEST_DATA_DIR}/ssl/rest"
-    _set_conf_ssl_helper "rest"
+    _set_conf_ssl_helper "rest" "${provider}" "${provider_lib}"
     _set_conf_mutual_rest_ssl ${auth}
     REST_PROTOCOL="https"
     CURL_SSL_ARGS="${CURL_SSL_ARGS} --cacert ${ssl_dir}/node.pem"
 }
 
 function set_conf_ssl {
     local auth="${1:-server}" # only 'server' or 'mutual'
-    _set_conf_ssl_helper "internal"
-    set_conf_rest_ssl ${auth}
+    local provider="${2:-JDK}" # 'JDK' or 'OPENSSL'
+    local provider_lib="${3:-dynamic}" # for OPENSSL: 'dynamic' or 'static'
+    _set_conf_ssl_helper "internal" "${provider}" "${provider_lib}"
+    set_conf_rest_ssl ${auth} "${provider}" "${provider_lib}"
+}
+
+function rollback_openssl_lib() {
+  rm $FLINK_DIR/lib/flink-shaded-netty-tcnative-{dynamic,static}-*.jar
 }
diff --git a/flink-end-to-end-tests/test-scripts/test_streaming_file_sink.sh b/flink-end-to-end-tests/test-scripts/test_streaming_file_sink.sh
@@ -22,8 +22,12 @@ OUT_TYPE="${1:-local}" # other type: s3
 source "$(dirname "$0")"/common.sh
 source "$(dirname "$0")"/common_s3.sh
 
+# randomly set up openSSL with dynamically/statically linked libraries
+OPENSSL_LINKAGE=$(if (( RANDOM % 2 )) ; then echo "dynamic"; else echo "static"; fi)
+echo "Executing test with ${OPENSSL_LINKAGE} openSSL linkage (random selection between 'dynamic' and 'static')"
+
 s3_setup hadoop
-set_conf_ssl "mutual"
+set_conf_ssl "mutual" "OPENSSL" "${OPENSSL_LINKAGE}"
 set_config_key "metrics.fetcher.update-interval" "2000"
 
 OUT=temp/test_streaming_file_sink-$(uuidgen)
@@ -46,6 +50,7 @@ fi
 # make sure we delete the file at the end
 function out_cleanup {
   s3_delete_by_full_path_prefix $OUT
+  rollback_openssl_lib
 }
 if [ "${OUT_TYPE}" == "s3" ]; then
   on_exit out_cleanup