Zookeeper backend SSL support

Bump kazoo version to 2.6.0 that supports SSL. Allow to configure ssl config options via conf * keyfile * keyfile_password * certfile * use_ssl * verify_certs https://kazoo.readthedocs.io/en/latest/api/client.html#kazoo.client.KazooClient This should be done in conformance with Redis jobboard backend, that already allows SSL settings. Change-Id: Ic2670c3c4caa93f69bc2d541c3701df2b6037d2e
2020-03-02 16:41:40 +04:00 · 2020-03-02 16:41:40 +04:00 · b46cf94a25
parent fc401959ec
commit b46cf94a25
5 changed files with 22 additions and 3 deletions
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -22,7 +22,7 @@ imagesize==0.7.1
 iso8601==0.1.11
 Jinja2==2.10
 jsonschema==2.6.0
-kazoo==2.2
+kazoo==2.6.0
 keystoneauth1==3.4.0
 kombu==4.0.0
 linecache2==1.0.0
--- a/releasenotes/notes/zookeeper-ssl-support-b9abf24a39096b62.yaml
+++ b/releasenotes/notes/zookeeper-ssl-support-b9abf24a39096b62.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    SSL support for zookeeper backend (kazoo client). Now the following options
+    can be passed to zookeeper config: *keyfile*, *keyfile_password*,
+    *certfile*, *use_ssl*, *verify_certs*.
--- a/setup.cfg
+++ b/setup.cfg
@ -57,7 +57,7 @@ taskflow.engines =
 # NOTE(dhellmann): The entries in this section of the file need to be
 # kept consistent with the entries in test-requirements.txt.
 zookeeper =
-  kazoo>=2.2 # Apache-2.0
+  kazoo>=2.6.0 # Apache-2.0
  zake>=0.1.6 # Apache-2.0
 redis =
  redis>=2.10.0 # MIT
--- a/taskflow/utils/kazoo_utils.py
+++ b/taskflow/utils/kazoo_utils.py
@ -175,6 +175,13 @@ def make_client(conf):
    - ``handler``: a kazoo handler object that can be used to provide the
      client with alternate async strategies (the default is `thread`_
      based, but `gevent`_, or `eventlet`_ ones can be provided as needed)
+    - ``keyfile`` : SSL keyfile to use for authentication
+    - ``keyfile_password``: SSL keyfile password
+    -  ``certfile``: SSL certfile to use for authentication
+    - ``ca``: SSL CA file to use for authentication
+    - ``use_ssl``: argument to control whether SSL is used or not
+    - ``verify_certs``: when using SSL, argument to bypass
+        certs verification

    .. _client: https://kazoo.readthedocs.io/en/latest/api/client.html
    .. _kazoo: https://kazoo.readthedocs.io/
@ -191,6 +198,12 @@ def make_client(conf):
        'read_only': bool(conf.get('read_only')),
        'randomize_hosts': bool(conf.get('randomize_hosts')),
        'logger': LOG,
+        'keyfile': conf.get('keyfile', None),
+        'keyfile_password': conf.get('keyfile_password', None),
+        'certfile': conf.get('certfile', None),
+        'use_ssl': conf.get('use_ssl', False),
+        'verify_certs': conf.get('verify_certs', True),
+
    }
    # See: https://kazoo.readthedocs.io/en/latest/api/retry.html
    if 'command_retry' in conf:
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -3,7 +3,7 @@
 # entries need to be kept consistent.

 # zookeeper
-kazoo>=2.2 # Apache-2.0
+kazoo>=2.6.0 # Apache-2.0
 zake>=0.1.6 # Apache-2.0

 # redis