Make SSL truststore/keystore configuration consistent across connectors · trinodb/trino#17103

(0 comments) (0 reactions) (1 assignee)Java (9,113 stars) (2,678 forks)batch import

enhancementgood first issue

説明

In different connectors we are using different names for the same configuration properties. It'd be nice to make them consistent by introducing a single configuration class (SslTrustConfig) in the plugin-toolkit that could be applied to multiple connectors using ConfigBinder.public <T> void bindConfig(Class<T> configClass, String prefix) method (this allows us to add a unique prefix like mongodb.tls)

Since names right now are inconsistent we should settle on a single, consistent name and add rest of those as @LegacyConfig

plugin/trino-cassandra/src/main/java/io/trino/plugin/cassandra/CassandraClientConfig.java:    @Config("cassandra.tls.truststore-path")
plugin/trino-cassandra/src/main/java/io/trino/plugin/cassandra/CassandraClientConfig.java:    @Config("cassandra.tls.truststore-password")
plugin/trino-kafka/src/main/java/io/trino/plugin/kafka/security/KafkaSslConfig.java:    @Config("kafka.ssl.truststore.location")
plugin/trino-kafka/src/main/java/io/trino/plugin/kafka/security/KafkaSslConfig.java:    @Config("kafka.ssl.truststore.password")
plugin/trino-kafka/src/main/java/io/trino/plugin/kafka/security/KafkaSslConfig.java:    @Config("kafka.ssl.truststore.type")
plugin/trino-mongodb/src/main/java/io/trino/plugin/mongodb/MongoSslConfig.java:    @Config("mongodb.tls.truststore-path")
plugin/trino-mongodb/src/main/java/io/trino/plugin/mongodb/MongoSslConfig.java:    @Config("mongodb.tls.truststore-password")
plugin/trino-elasticsearch/src/main/java/io/trino/plugin/elasticsearch/ElasticsearchConfig.java:    @Config("elasticsearch.tls.truststore-path")
plugin/trino-elasticsearch/src/main/java/io/trino/plugin/elasticsearch/ElasticsearchConfig.java:    @Config("elasticsearch.tls.truststore-password")
plugin/trino-pinot/src/main/java/io/trino/plugin/pinot/client/PinotGrpcServerQueryClientTlsConfig.java:    @Config("pinot.grpc.tls.truststore-type")
plugin/trino-pinot/src/main/java/io/trino/plugin/pinot/client/PinotGrpcServerQueryClientTlsConfig.java:    @Config("pinot.grpc.tls.truststore-path")
plugin/trino-pinot/src/main/java/io/trino/plugin/pinot/client/PinotGrpcServerQueryClientTlsConfig.java:    @Config("pinot.grpc.tls.truststore-password")
core/trino-main/src/main/java/io/trino/server/InternalCommunicationConfig.java:    @Config("internal-communication.https.truststore.path")
core/trino-main/src/main/java/io/trino/server/InternalCommunicationConfig.java:    @Config("internal-communication.https.truststore.key")
lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/ldap/LdapClientConfig.java:    @Config("ldap.ssl.truststore.path")
lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/ldap/LdapClientConfig.java:    @Config("ldap.ssl.truststore.password")```

コントリビューターガイド

技術スタック: java
領域: backenddatabaseinfrastructuresecurity
Issue 種別: refactor
難度: 4
推定時間: 3-5 days
活動状況: blocked
明確さ: clear
前提条件: JavaTrino architectureSSL/TLS conceptsplugin toolkit
初心者向け度: 50
調査方針: First, examine the existing SslTrustConfig usage across connectors listed in the issue (Cassandra, Kafka, MongoDB, etc.) and the plugin toolkit's ConfigBinder. The goal is to create a unified SslTrustConfig class in plugin toolkit and migrate each connector to use it via ConfigBinder with a unique prefix. Pay attention to @LegacyConfig annotations for backward compatibility. The existing files are in plugin toolkit, and connectors like trino cassandra, trino kafka, etc. Start by understanding the current configuration patterns and then propose the new class structure.