Skip to content

Commit

Permalink
Use thrift config for thrift server
Browse files Browse the repository at this point in the history 
Summary:
SRP Emulation failure due to D28695635 (facebook@f1d2779) deleted the GFlag usage for thrift server.

- Replace the GFlag usage with Open/R thrift config;
- Change the SSL enable logic from
```
if (sslContext_) {
```
to
```
if (config_->isSecureThriftServerEnabled()) {
```

Reviewed By: xiangxu1121

Differential Revision: D28977793

fbshipit-source-id: ee9cbfc1704028065d72db27505188e626b47f5c
  • Loading branch information
@yi-xian @facebook-github-bot
yi-xian authored and facebook-github-bot committed Jun 9, 2021
1 parent 497860a commit ecb0d3e
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
2 changes: 1 addition & 1 deletion openr/Main.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -489,7 +489,7 @@ main(int argc, char** argv) {
setupThriftServerTls(
*thriftCtrlServer,
config->getSSLThriftPolicy(),
config->getSSLAcceptablePeers(),
config->getSSLSeedPath(),
sslContext);
}

Expand Down
18 changes: 14 additions & 4 deletions openr/config/Config.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,7 @@ class Config {
}

const std::string
getSSLCertPath() {
getSSLCertPath() const {
auto certPath = getThriftServerConfig().x509_cert_path_ref();
if ((not certPath) && isSecureThriftServerEnabled()) {
throw std::invalid_argument(
Expand All @@ -379,7 +379,7 @@ class Config {
}

const std::string
getSSLEccCurve() {
getSSLEccCurve() const {
auto eccCurve = getThriftServerConfig().ecc_curve_name_ref();
if ((not eccCurve) && isSecureThriftServerEnabled()) {
throw std::invalid_argument(
Expand All @@ -389,7 +389,7 @@ class Config {
}

const std::string
getSSLCaPath() {
getSSLCaPath() const {
auto caPath = getThriftServerConfig().x509_ca_path_ref();
if ((not caPath) && isSecureThriftServerEnabled()) {
throw std::invalid_argument(
Expand All @@ -399,7 +399,7 @@ class Config {
}

const std::string
getSSLKeyPath() {
getSSLKeyPath() const {
std::string keyPath;
const auto& keyPathConfig = getThriftServerConfig().x509_key_path_ref();

Expand All @@ -412,6 +412,16 @@ class Config {
return keyPath;
}

const std::string
getSSLSeedPath() const {
auto seedPath = getThriftServerConfig().ticket_seed_path_ref();
if ((not seedPath) && isSecureThriftServerEnabled()) {
throw std::invalid_argument(
"enable_secure_thrift_server = true, but ticket_seed_path is empty");
}
return seedPath.value();
}

const std::string
getSSLAcceptablePeers() {
// If unspecified, will use accept connection from any authenticated peer
Expand Down

0 comments on commit ecb0d3e

Please sign in to comment.