[Feature][Registry] Connecting to the ZooKeeper with SSL&ACL

dolphinscheduler-alert/dolphinscheduler-alert-server/src/main/resources/application.yaml

@@ -89,6 +89,7 @@ registry:
     connection-timeout: 15s
     block-until-connected: 15s
     digest: ~
+    x509-subject_principal: ~
 
 metrics:
   enabled: true

dolphinscheduler-api/src/main/resources/application.yaml

@@ -127,6 +127,7 @@ registry:
     connection-timeout: 15s
     block-until-connected: 15s
     digest: ~
+    x509-subject_principal: ~
 
 api:
   audit-enable: false

dolphinscheduler-master/src/main/resources/application.yaml

@@ -81,6 +81,7 @@ registry:
     connection-timeout: 15s
     block-until-connected: 15s
     digest: ~
+    x509-subject_principal: ~
 
 master:
   listen-port: 5678

dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/README.md

@@ -21,6 +21,7 @@ registry:
     block-until-connected: 600ms
     # The following options are set according to personal needs    
     digest: ~
+    x509-subject_principal: ~
 ```
 
 After do this config, you can start your DolphinScheduler cluster, your cluster will use zookeeper as registry center to

dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistry.java

@@ -96,6 +96,24 @@ public List<ACL> getAclForPath(final String path) {
                         }
                     });
         }
+
+        final String x509SubjectPrincipal = properties.getX509SubjectPrincipal();
+        if (!Strings.isNullOrEmpty(x509SubjectPrincipal)) {
+            builder.authorization("x509", digest.getBytes(StandardCharsets.UTF_8))
+                    .aclProvider(new ACLProvider() {
+
+                        @Override
+                        public List<ACL> getDefaultAcl() {
+                            return ZooDefs.Ids.CREATOR_ALL_ACL;
+                        }
+
+                        @Override
+                        public List<ACL> getAclForPath(final String path) {
+                            return ZooDefs.Ids.CREATOR_ALL_ACL;
+                        }
+                    });
+        }
+
         client = builder.build();
     }
 

dolphinscheduler-registry/dolphinscheduler-registry-plugins/dolphinscheduler-registry-zookeeper/src/main/java/org/apache/dolphinscheduler/plugin/registry/zookeeper/ZookeeperRegistryProperties.java

@@ -87,6 +87,7 @@ private void printConfig() {
                         "\n  connectString -> " + zookeeper.getConnectString() +
                         "\n  retryPolicy -> " + zookeeper.getRetryPolicy() +
                         "\n  digest -> " + zookeeper.getDigest() +
+                        "\n  x5099SubjectPrincipal -> " + zookeeper.getX509SubjectPrincipal() +
                         "\n  sessionTimeout -> " + zookeeper.getSessionTimeout() +
                         "\n  connectionTimeout -> " + zookeeper.getConnectionTimeout() +
                         "\n  blockUntilConnected -> " + zookeeper.getBlockUntilConnected() +
@@ -101,6 +102,7 @@ public static final class ZookeeperProperties {
         private String connectString;
         private RetryPolicy retryPolicy = new RetryPolicy();
         private String digest;
+        private String x509SubjectPrincipal;
         private Duration sessionTimeout = Duration.ofSeconds(60);
         private Duration connectionTimeout = Duration.ofSeconds(15);
         private Duration blockUntilConnected = Duration.ofSeconds(15);

dolphinscheduler-worker/src/main/resources/application.yaml

@@ -38,6 +38,7 @@ registry:
     connection-timeout: 15s
     block-until-connected: 15s
     digest: ~
+    x509-subject_principal: ~
 
 worker:
   # worker listener port