fredxfred opened a new pull request #3675: Sslbranch URL: https://github.com/apache/incubator-pinot/pull/3675 I have been working on identifying components in the Pinot code base where data (aside from metadata e.g. segment name) can be transmitted over the network. This PR is to enable SSL configurations to be passed into controllers and brokers, and then to configure grizzly to support https. I can provide examples of the full configs of an example https controller/broker + a script to generate self-signed certs for testing if desired. Please let me know if there is anything missing that needs to be added. I am still testing these changes (and others, see below). I wasn't sure how to perform in-code tests of whether the data is being properly encrypted but I am definitely open to suggestions. Currently, this code does not allow a component to be configured with both http and https, which is a feature that has also been requested. Also, this does not include code I have written to configure Netty Servers, only Grizzly. Fortunately, when we URI push Azure data, that data is encrypted by default, so currently we have no plans to work on encryption during the segmentfetcher/upload process. I am putting this code up now to get a head start on review, and I do plan on adding Netty encryption and the ability to allow both http and https.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
