CALCITE-5671: Add Option to Disable SSL Certificate Validation to ElasticSearch Adapter

[cgivre]

For many development (and sometimes production) instances of ElasticSearch, the instance is configured using a self-signed SSL certificate or otherwise cannot be validated.

This PR adds a configuration option disableSSLVerification which, when set to true, disables SSL verification. The default behavior is not changed.

[cgivre]

@jnturton FYSA

[zinking]

looks good overall, could you actually try to come up with some test?

[tanclary]

For future reference I believe you can run the gradle target "autostyleApply" to hopefully avoid having to manually fix some of the linting errors. Hope this helps!

[cgivre]

For future reference I believe you can run the gradle target "autostyleApply" to hopefully avoid having to manually fix some of the linting errors. Hope this helps!

Thanks @tanclary Still getting used to Calcite and gradle.

[cgivre]

@libenchao @zinking
Thanks for your comments. I addressed your comments and added a unit test. I'm using this in Drill, so once this is merged, and DRILL-8385 is merged, there will be end-to-end tests for this capability.

[libenchao]

I'm using this in Drill, so once this is merged, and apache/drill#2795 is merged, there will be end-to-end tests for this capability.

This sounds great! +1 for merging.

[jnturton]

I don't know the Calcite code layout well but this trust manager is a generic utility that could easily be useful to other adapters so I'd personally look for a utils package to put it into.

[cgivre]

I was thinking the same thing, but I wasn't sure where to put it. If anyone has any suggestions, I'm all ears.

[jnturton]

@cgivre there is an org.apache.calcite.util package in the core module that looks like it would work.

[cgivre]

@jnturton Good call. Done!

[libenchao]

I don't have a strong preference of this, currently it seems that only ES Adapter needs this, and I'm not sure if there will be more adapters that need this, so putting it in the util of core seems a little over-designed for me, we may could defer it to the next time that another adapter calls for it. (Please note that calcite is highly customizable, and calcite-core is widely used for many projects, it's not only used by calcite adapters)

Of course if somebody strongly supports this, and I'm fine with it. Then the class comment for UnsafeX509ExtendedTrustManager should be adapted to not only mention about ES.

[cgivre]

@libenchao Thanks for the comment. I updated the comment to reflect that this could be used for any calcite adapter that makes http calls.

[cgivre]

@libenchao Thanks for the review. This is my first contribution to Calcite, so is there anything left for me to do to get this merged?

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

33.3% Coverage
0.0% Duplication

[libenchao]

@cgivre Thanks for the PR, it looks good to me now, merging!

[cgivre]

@libenchao Thanks for the review!

[cgivre]

@libenchao Will this get merged? I saw the PR was closed. Thanks!

[libenchao]

@cgivre This has been merged in dd8fa24, you can see it in git history: https://github.com/apache/calcite/commits

[cgivre]

@cgivre This has been merged in dd8fa24, you can see it in git history: https://github.com/apache/calcite/commits

Thx!