IMPALA-8332: Remove Impala Shell warnings part 1

bartash · gaallas · commit 14f430c7823f · 2019-06-18T13:17:13.000-07:00
In Thrift 0.9.3 the TSSLSocket initializer TSSLSocket.__init__ prints warnings if positional parameters are used. Change our usage of this initializer to use named parameters. Follow up work on "IMPALA-8333 Remove Impala Shell warnings part 2" will remove one further warning message. TESTING Ran all end-to-end tests. Added tests for the deprecation warnings to test_client_ssl.py. Change-Id: I31f9a0bb12ca6a1da9129eacd29ac105b883e01b Reviewed-on: http://gerrit.cloudera.org:8080/12837 Reviewed-by: Fredy Wijaya <fwijaya@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com> Reviewed-on: https://gerrit.sjc.cloudera.com/c/cdh/impala/+/49283 Reviewed-by: Laszlo Gaal <laszlo.gaal@cloudera.com> Tested-by: Jenkins User <jenkins@cloudera.com> Tested-by: Laszlo Gaal <laszlo.gaal@cloudera.com> CDH-Build: Laszlo Gaal <laszlo.gaal@cloudera.com> Quasar-L0: Laszlo Gaal <laszlo.gaal@cloudera.com>
diff --git a/shell/TSSLSocketWithWildcardSAN.py b/shell/TSSLSocketWithWildcardSAN.py
@@ -42,7 +42,9 @@ def __init__(self,
       validate=True,
       ca_certs=None,
       unix_socket=None):
-    TSSLSocket.TSSLSocket.__init__(self, host, port, validate, ca_certs, unix_socket)
+    cert_reqs = ssl.CERT_REQUIRED if validate else ssl.CERT_NONE
+    TSSLSocket.TSSLSocket.__init__(self, host=host, port=port, cert_reqs=cert_reqs,
+                                   ca_certs=ca_certs, unix_socket=unix_socket)
     # Set client protocol choice to be very permissive, as we rely on servers to enforce
     # good protocol selection. This value is forwarded to the ssl.wrap_socket() API during
     # open(). See https://docs.python.org/2/library/ssl.html#socket-creation for a table
diff --git a/tests/custom_cluster/test_client_ssl.py b/tests/custom_cluster/test_client_ssl.py
@@ -53,6 +53,11 @@ class TestClientSsl(CustomClusterTestSuite):
   SAN_UNSUPPORTED_ERROR = ("Certificate error with remote host: hostname "
                           "'localhost' doesn't match u'badCN'")
 
+  # Deprecation warnings that should not be seen.
+  DEPRECATED_POSITIONAL_WARNING = "positional argument is deprecated"
+  DEPRECATED_VALIDATE_WARNING = "validate is deprecated"
+  # TODO(IMPALA-8333) check for "DeprecationWarning"
+
   SSL_WILDCARD_ARGS = ("--ssl_client_ca_certificate=%s/wildcardCA.pem "
                       "--ssl_server_certificate=%s/wildcard-cert.pem "
                       "--ssl_private_key=%s/wildcard-cert.key"
@@ -219,12 +224,17 @@ def _validate_positive_cases(self, ca_cert=""):
     result = run_impala_shell_cmd(shell_options, wait_until_connected=False)
     for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
       assert msg in result.stderr
+    for warning in [self.DEPRECATED_POSITIONAL_WARNING, self.DEPRECATED_VALIDATE_WARNING]:
+      assert warning not in result.stderr
 
     if ca_cert != "":
       shell_options = shell_options + (" --ca_cert=%s" % ca_cert)
       result = run_impala_shell_cmd(shell_options, wait_until_connected=False)
       for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
         assert msg in result.stderr
+      for warning in [self.DEPRECATED_POSITIONAL_WARNING,
+                      self.DEPRECATED_VALIDATE_WARNING]:
+        assert warning not in result.stderr
 
   def _verify_ssl_webserver(self):
     for port in ["25000", "25010", "25020"]:
