Skip to content

Add additional connection options in spark-datasource for ssl(TLS and mTLS) #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
praveen2450 wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Add additional connection options in spark-datasource for ssl(TLS and mTLS) #101

praveen2450 wants to merge 6 commits into from

Conversation

@praveen2450
Copy link
Contributor

@praveen2450 praveen2450 commented Aug 19, 2025
edited
Loading

This is a follow up PR for adding the connection options which is defined in PR#89

Why is this PR in draft?
Once #89 and #94 are merged, we can convert the draft in review

@praveen2450
feat: Add SSL/TLS support to DirectDataCloudConnection with jdbc driv…
5a3adee 
…er standard modes

- Implement three SSL modes: DISABLED, REQUIRED, VERIFY_FULL
- Add support for JKS truststore (REQUIRED mode) and PEM certificates (VERIFY_FULL mode)
- Add comprehensive unit tests for SSL validation and property handling
- Follow PostgreSQL JDBC and MySQL Connector/J patterns for SSL configuration
- Support production certificate paths: client.pem, client-key.pem, cacerts.pem
@praveen2450
Refactor SSL/TLS to use auto-detection instead of explicit ssl_mode
34a0a01 
We've completely changed how SSL works in DirectDataCloudConnection. Instead of
users having to specify an ssl_mode like "DISABLED" or "REQUIRED", the system
now automatically figures out what kind of SSL to use based on what certificate
files you provide.

Here's how it works now:
- Users don't provide any certs? → Uses system truststore SSL (secure by default)
- Users Provide truststore or CA cert? → One-sided TLS (server authentication)
- Users Provide client certs too? → Two-sided TLS (mutual authentication)
- Users Set ssl_disabled=true? → Plaintext connection (for testing only) , this is internal use only

Cleaned up the code quite a bit:
- Better error messages when certificate files are missing or unreadable
- Proper validation that ensures client cert and key are provided together
- Added TODOs for future certificate validation improvements
@praveen2450
Apply spotless
7f1c769
@praveen2450
Add ssl_distabled in tests
d24bf2e
@praveen2450
Add additional connection options in spark-datasource for ssl(TLS and…
f9df811 
… mTLS)
@praveen2450 praveen2450 reopened this Aug 19, 2025
@praveen2450 praveen2450 marked this pull request as draft August 19, 2025 19:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@praveen2450