Make SSL truststore/keystore configuration consistent across connectors · trinodb/trino#17103

(0 comments) (0 reactions) (1 assignee)Java (9,113 stars) (2,678 forks)batch import

enhancementgood first issue

Description

In different connectors we are using different names for the same configuration properties. It'd be nice to make them consistent by introducing a single configuration class (SslTrustConfig) in the plugin-toolkit that could be applied to multiple connectors using ConfigBinder.public <T> void bindConfig(Class<T> configClass, String prefix) method (this allows us to add a unique prefix like mongodb.tls)

Since names right now are inconsistent we should settle on a single, consistent name and add rest of those as @LegacyConfig

plugin/trino-cassandra/src/main/java/io/trino/plugin/cassandra/CassandraClientConfig.java:    @Config("cassandra.tls.truststore-path")
plugin/trino-cassandra/src/main/java/io/trino/plugin/cassandra/CassandraClientConfig.java:    @Config("cassandra.tls.truststore-password")
plugin/trino-kafka/src/main/java/io/trino/plugin/kafka/security/KafkaSslConfig.java:    @Config("kafka.ssl.truststore.location")
plugin/trino-kafka/src/main/java/io/trino/plugin/kafka/security/KafkaSslConfig.java:    @Config("kafka.ssl.truststore.password")
plugin/trino-kafka/src/main/java/io/trino/plugin/kafka/security/KafkaSslConfig.java:    @Config("kafka.ssl.truststore.type")
plugin/trino-mongodb/src/main/java/io/trino/plugin/mongodb/MongoSslConfig.java:    @Config("mongodb.tls.truststore-path")
plugin/trino-mongodb/src/main/java/io/trino/plugin/mongodb/MongoSslConfig.java:    @Config("mongodb.tls.truststore-password")
plugin/trino-elasticsearch/src/main/java/io/trino/plugin/elasticsearch/ElasticsearchConfig.java:    @Config("elasticsearch.tls.truststore-path")
plugin/trino-elasticsearch/src/main/java/io/trino/plugin/elasticsearch/ElasticsearchConfig.java:    @Config("elasticsearch.tls.truststore-password")
plugin/trino-pinot/src/main/java/io/trino/plugin/pinot/client/PinotGrpcServerQueryClientTlsConfig.java:    @Config("pinot.grpc.tls.truststore-type")
plugin/trino-pinot/src/main/java/io/trino/plugin/pinot/client/PinotGrpcServerQueryClientTlsConfig.java:    @Config("pinot.grpc.tls.truststore-path")
plugin/trino-pinot/src/main/java/io/trino/plugin/pinot/client/PinotGrpcServerQueryClientTlsConfig.java:    @Config("pinot.grpc.tls.truststore-password")
core/trino-main/src/main/java/io/trino/server/InternalCommunicationConfig.java:    @Config("internal-communication.https.truststore.path")
core/trino-main/src/main/java/io/trino/server/InternalCommunicationConfig.java:    @Config("internal-communication.https.truststore.key")
lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/ldap/LdapClientConfig.java:    @Config("ldap.ssl.truststore.path")
lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/ldap/LdapClientConfig.java:    @Config("ldap.ssl.truststore.password")```

Contributor guide

Tech stack: java
Domain: backenddatabaseinfrastructuresecurity
Issue type: refactor
Difficulty: 4
Estimated time: 3-5 days
Activity status: blocked
Clarity: clear
Prerequisites: JavaTrino architectureSSL/TLS conceptsplugin toolkit
Newbie friendliness: 50
Research direction: First, examine the existing SslTrustConfig usage across connectors listed in the issue (Cassandra, Kafka, MongoDB, etc.) and the plugin toolkit's ConfigBinder. The goal is to create a unified SslTrustConfig class in plugin toolkit and migrate each connector to use it via ConfigBinder with a unique prefix. Pay attention to @LegacyConfig annotations for backward compatibility. The existing files are in plugin toolkit, and connectors like trino cassandra, trino kafka, etc. Start by understanding the current configuration patterns and then propose the new class structure.