Exposing SSL-only version of Postgres Source

[cgardens]

What

• We want to provide versions of some connectors such that they only work in a "secure" mode. In the context of database connectors this means that we want the connector to only operate with TLS encryption turned on. While for the base version of the postgres connector allows a user to send data unencrypted for users with a strong security posture and for our cloud product we want to enforce that data can never be sent across the public internet unencrypted.

How

• I was originally trying to figure out if we could solve this elegantly with the build system. I don't think it's a good answer. It requires passing a jq query in the build system and then a lot of confusing work to inject the new spec into the jar of the connector. At best it is not intuitive and ends up with a lot of build cruft and will be easy to mess up.
• Instead I moved forward with creating a new connector that just depends on the base postgres connnector. Unfortunately it's more code and files, but it is at least straight forward and will be more resilient to any changes we want to make in the future.
• I did build a light abstraction to make basic spec modifications easy to do in this case and for the rest of our dbs.

Recommended reading order

1. SpecModifyingSource.java
2. PostgresSourceStrict.java

Questions

• if we like this approach i'll clean up the hacks in jdbc source test
• strict is a bad name, but was easy to use while i was iterating. will change it to something else if we move forward with the approach. secure? other ideas?
• are the pruned set of tests that i have chosen sufficient?

[cgardens]

ignore this class for now. i had to commit some hacks to get this to work. will clean it up if we stick with this approach.

[sherifnada]

seems good!

Some related work/problems we may wanna think about (not in this PR):

1. How to do this in destinations, specifically normalization
2. encoding the publish script into gradle so we can couple connectors together

[sherifnada]

would be ideal if we can do this all at once for all vars

[sherifnada]

nice! though I think this is not bing triggered from the build system. You need to add the plugin + to do it locally, add the bash wrapper (find it in any python source)

[cgardens]

this is actually just copied from the postgres source. is it just wrong there too?

[sherifnada]

if all we're doing is modify the spec is a whole new superclass worth it? why not just extend the source directly and modify the spec method?

[cgardens]

fair. I think we can reuse this class for all the db sources that this applies to so it gives us a nice convention to work from if we want to expand it later. i can just document it once. otherwise we're just going to extend a bunch of sources and have to explain it in a bunch of places.

[michel-tricot]

agree with @cgardens the decoration pattern makes the feature of modifying the spec more composable

[CLAassistant]

All committers have signed the CLA.

[cgardens]

/publish connector=source-postgres-strict-encrypt

❌ source-postgres-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/1280375638

[cgardens]

/publish connector=connectors/source-postgres-strict-encrypt

🕑 connectors/source-postgres-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/1280409361
✅ connectors/source-postgres-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/1280409361