[FLINK-32035] SQL Client should support HTTPS with built-in JDK certificates - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Implemented
Affects Version/s: 1.17.0
Fix Version/s: 1.18.0
Component/s: Table SQL / Client, Table SQL / Gateway
Labels:
- pull-request-available

Description

Related to ~~FLINK-32030~~

Internally SQL Client uses Flink’s RestClient [1]. This client decides whether to enable SSL not on the basis of the URL schema ([https://|https:]...), but based on Flink configuration, namely a global security.ssl.rest.enabled parameter [2] (which is also used for the REST server-side configuration ). When this parameter is set to true, it automatically requires user-supplied security.ssl.rest.truststore and security.ssl.rest.keystore to be configured - there is no default option to use certificates from JDK. After URL support for SQL Client gateway mode (~~FLINK-32030~~) gets added, the SQL Client should automatically use certificates built in into the JDK unless user-supplied trust- and keystores are configured.

[1] https://github.com/apache/flink/blob/5dddc0dba2be20806e67769314eecadf56b87a53/flink-table/flink-sql-client/src/main/java/org/apache/flink/table/client/gateway/ExecutorImpl.java#L359
[2] https://github.com/apache/flink/blob/5d9e63a16f079399c6b51547284bb96db0326bdb/flink-runtime/src/main/java/org/apache/flink/runtime/rest/RestClientConfiguration.java#L103

Attachments

Issue Links

links to

GitHub Pull Request #22810

Activity

People

Assignee:: Alexander Fedulov

Reporter:: Alexander Fedulov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/May/23 17:41

Updated:: 07/Jul/23 20:02

Resolved:: 07/Jul/23 20:02