From 4aef8524e935cad5dc6198d5beeebc3a3c6b7a76 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Wed, 8 Jul 2015 16:19:47 -0400 Subject: [PATCH] Implement specifying an external cfg key file This allows the password to be protected by an external file. With this one can chain confluent's security to another security mechanism. --- confluent_server/confluent/main.py | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/confluent_server/confluent/main.py b/confluent_server/confluent/main.py index 0004d59b..7d9577c1 100644 --- a/confluent_server/confluent/main.py +++ b/confluent_server/confluent/main.py @@ -27,6 +27,7 @@ import atexit import confluent.auth as auth +import confluent.config.configmanager as configmanager import confluent.consoleserver as consoleserver import confluent.core as confluentcore import confluent.httpapi as httpapi @@ -115,8 +116,20 @@ def doexit(): os.remove('/var/run/confluent/pid') +def _initsecurity(config): + if config.has_option('security', 'externalcfgkey'): + keyfile = config.get('security', 'externalcfgkey') + with open(keyfile, 'r') as keyhandle: + key = keyhandle.read() + configmanager.init_masterkey(key) + + def run(): _checkpidfile() + configfile = "/etc/confluent/service.cfg" + config = ConfigParser.ConfigParser() + config.read(configfile) + _initsecurity(config) confluentcore.load_plugins() _daemonize() _updatepidfile() @@ -128,8 +141,8 @@ def run(): #dbgsock = eventlet.listen("/var/run/confluent/dbg.sock", # family=socket.AF_UNIX) #eventlet.spawn_n(backdoor.backdoor_server, dbgsock) - http_bind_host, http_bind_port = _get_connector_config('http') - sock_bind_host, sock_bind_port = _get_connector_config('socket') + http_bind_host, http_bind_port = _get_connector_config(config, 'http') + sock_bind_host, sock_bind_port = _get_connector_config(config, 'socket') consoleserver.start_console_sessions() webservice = httpapi.HttpApi(http_bind_host, http_bind_port) webservice.start() @@ -139,10 +152,8 @@ def run(): while 1: eventlet.sleep(100) -def _get_connector_config(session): - configfile = "/etc/confluent/service.cfg" - config = ConfigParser.ConfigParser() - config.read(configfile) + +def _get_connector_config(config, session): try: host = config.get(session, 'bindhost') port = config.getint(session, 'bindport')