This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new ef943ecb3 [KYUUBI #6524] Trino engine supports insecure configuration
ef943ecb3 is described below
commit ef943ecb3bdcebd87d8e005189b3e8ebf4808dca
Author: jiaoqingbo <[email protected]>
AuthorDate: Thu Jul 4 22:41:13 2024 +0800
[KYUUBI #6524] Trino engine supports insecure configuration
# :mag: Description
## Issue References ๐
This pull request fixes #6524
## Describe Your Solution ๐ง
Trino engine supports insecure configuration, just as trino client supports
--insecure parameter
## Types of changes :bookmark:
- [x] Bugfix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
## Test Plan ๐งช
#### Behavior Without This Pull Request :coffin:
#### Behavior With This Pull Request :tada:
#### Related Unit Tests
---
# Checklist ๐
- [x] This patch was not authored or co-authored using [Generative
Tooling](https://www.apache.org/legal/generative-tooling.html)
**Be nice. Be informative.**
Closes #6525 from jiaoqingbo/6524.
Closes #6524
b414b2e05 [jiaoqingbo] update settings.md
129d40742 [jiaoqingbo] [KYUUBI #6524] Trino engine supports insecure
configuration
24f374b38 [jiaoqingbo] Merge branch 'master' of
https://github.com/jiaoqingbo/incubator-kyuubi
e89268e4b [jiaoqingbo] [KYUUBI #6508] Add the key-value pairs in
optimizedConf to session conf
Authored-by: jiaoqingbo <[email protected]>
Signed-off-by: Cheng Pan <[email protected]>
---
docs/configuration/settings.md | 1 +
.../engine/trino/session/TrinoSessionImpl.scala | 45 ++++++++++++----------
.../org/apache/kyuubi/config/KyuubiConf.scala | 7 ++++
3 files changed, 32 insertions(+), 21 deletions(-)
diff --git a/docs/configuration/settings.md b/docs/configuration/settings.md
index 3d4177e86..bc652794b 100644
--- a/docs/configuration/settings.md
+++ b/docs/configuration/settings.md
@@ -193,6 +193,7 @@ You can configure the Kyuubi properties in
`$KYUUBI_HOME/conf/kyuubi-defaults.co
| kyuubi.engine.spark.python.env.archive.exec.path | bin/python
| The Python exec path under the Python env archive.
[...]
| kyuubi.engine.spark.python.home.archive | <undefined>
| Spark archive containing $SPARK_HOME/python directory, which is used
to init session Python worker for Python language mode.
[...]
| kyuubi.engine.submit.timeout | PT30S
| Period to tolerant Driver Pod ephemerally invisible after submitting.
In some Resource Managers, e.g. K8s, the Driver Pod is not visible immediately
after `spark-submit` is returned.
[...]
+| kyuubi.engine.trino.connection.insecure.enabled | false
| Skip certificate validation when connecting with TLS/HTTPS enabled
trino cluster
[...]
| kyuubi.engine.trino.connection.keystore.password | <undefined>
| The keystore password used for connecting to trino cluster
[...]
| kyuubi.engine.trino.connection.keystore.path | <undefined>
| The keystore path used for connecting to trino cluster
[...]
| kyuubi.engine.trino.connection.keystore.type | <undefined>
| The keystore type used for connecting to trino cluster
[...]
diff --git
a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
index 2bfec299a..817e68423 100644
---
a/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
+++
b/externals/kyuubi-trino-engine/src/main/scala/org/apache/kyuubi/engine/trino/session/TrinoSessionImpl.scala
@@ -25,8 +25,7 @@ import java.util.concurrent.TimeUnit
import scala.collection.JavaConverters._
import io.airlift.units.Duration
-import io.trino.client.ClientSession
-import io.trino.client.OkHttpUtil
+import io.trino.client.{ClientSession, OkHttpUtil}
import okhttp3.OkHttpClient
import org.apache.kyuubi.KyuubiSQLException
@@ -37,7 +36,7 @@ import org.apache.kyuubi.engine.trino.{TrinoConf,
TrinoContext, TrinoStatement}
import org.apache.kyuubi.engine.trino.event.TrinoSessionEvent
import org.apache.kyuubi.events.EventBus
import org.apache.kyuubi.operation.{Operation, OperationHandle}
-import org.apache.kyuubi.session.{AbstractSession, SessionHandle,
SessionManager, USE_CATALOG, USE_DATABASE}
+import org.apache.kyuubi.session._
import org.apache.kyuubi.shaded.hive.service.rpc.thrift.{TGetInfoType,
TGetInfoValue, TProtocolVersion}
class TrinoSessionImpl(
@@ -112,27 +111,31 @@ class TrinoSessionImpl(
}
private def createHttpClient(): OkHttpClient = {
- val keystorePath =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_PATH)
- val keystorePassword =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_PASSWORD)
- val keystoreType =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_TYPE)
- val truststorePath =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_PATH)
- val truststorePassword =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_PASSWORD)
- val truststoreType =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_TYPE)
-
val serverScheme = clientSession.getServer.getScheme
-
val builder = new OkHttpClient.Builder()
- OkHttpUtil.setupSsl(
- builder,
- Optional.ofNullable(keystorePath.orNull),
- Optional.ofNullable(keystorePassword.orNull),
- Optional.ofNullable(keystoreType.orNull),
- Optional.ofNullable(truststorePath.orNull),
- Optional.ofNullable(truststorePassword.orNull),
- Optional.ofNullable(truststoreType.orNull),
- true)
-
+ val insecureEnabled =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_INSECURE_ENABLED)
+ if (insecureEnabled) {
+ OkHttpUtil.setupInsecureSsl(builder)
+ } else {
+ val keystorePath =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_PATH)
+ val keystorePassword =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_PASSWORD)
+ val keystoreType =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_KEYSTORE_TYPE)
+ val truststorePath =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_PATH)
+ val truststorePassword =
+ sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_PASSWORD)
+ val truststoreType =
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_TRUSTSTORE_TYPE)
+
+ OkHttpUtil.setupSsl(
+ builder,
+ Optional.ofNullable(keystorePath.orNull),
+ Optional.ofNullable(keystorePassword.orNull),
+ Optional.ofNullable(keystoreType.orNull),
+ Optional.ofNullable(truststorePath.orNull),
+ Optional.ofNullable(truststorePassword.orNull),
+ Optional.ofNullable(truststoreType.orNull),
+ true)
+ }
sessionConf.get(KyuubiConf.ENGINE_TRINO_CONNECTION_PASSWORD).foreach {
password =>
require(
serverScheme.equalsIgnoreCase("https"),
diff --git
a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
index 422eb4718..fcbd1c9e6 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala
@@ -1506,6 +1506,13 @@ object KyuubiConf {
.stringConf
.createOptional
+ val ENGINE_TRINO_CONNECTION_INSECURE_ENABLED: ConfigEntry[Boolean] =
+ buildConf("kyuubi.engine.trino.connection.insecure.enabled")
+ .doc("Skip certificate validation when connecting with TLS/HTTPS enabled
trino cluster")
+ .version("1.9.2")
+ .booleanConf
+ .createWithDefault(false)
+
val ENGINE_TRINO_SHOW_PROGRESS: ConfigEntry[Boolean] =
buildConf("kyuubi.session.engine.trino.showProgress")
.doc("When true, show the progress bar and final info in the Trino
engine log.")
