DRILL-7625: Add options for SslContextFactory

[ihuzenko]

DRILL-7625: Add options for SslContextFactory

Description

Added ability to set more options on Jetty's SslContextFactory object and fixed application of drill.exec.ssl.protocol setting for Web UI client.

Documentation

Users now can provide more granular configuration for Jetty https connector. All additional options are listed in drill-override-example.conf in this pull request.

Testing

Added unit test.

[vvysotskyi]

@ihuzenko, thanks for adding so many SSL config properties. I have added several minor comments, please address them.

[vvysotskyi]

Nit: May be used StringUtils.defaultIfBlank) method to simplify this code.

[ihuzenko]

StringUtils.defaultIfBlank changes method logic, since in an original method was:

  private String getConfigParamWithDefault(String name, String defaultValue) {
    String value = "";
    if (config.hasPath(name)) {
      value = config.getString(name);
    }
    if (value.isEmpty()) {
      value = defaultValue;
    }
    value = value.trim();
    return value;
  }

Although I don't think that trimming was actually necessary, so I'll try your suggestion.

[agozhiy]

There is no need for this method at all, default values can be set directly in drill-module.conf.

[vvysotskyi]

Suggested change

	.config(config).mode(SSLConfig.Mode.SERVER)
	.initializeSSLContext(false).validateKeyStore(true)
	.config(config)
	.mode(SSLConfig.Mode.SERVER)
	.initializeSSLContext(false)
	.validateKeyStore(true)

[vvysotskyi]

It looks like an invalid config. Have you checked whether with these default configs Drill works fine when SSL is enabled? If it works ok, does this config affects anything?

[ihuzenko]

I don't know which option to set here, it seems that the option allows using a custom implementation of java.security.Provider for SSLContext. As mentioned in the comment above sslContextFactory: all the options are optional and those who will configure them are expected to know what they're doing.

[vvysotskyi]

My objection connected with setting non-null value for this option is because it may break configuration for the case when the default context provider is used. Here is a code from SslContextFactory:

context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);

So user may want to specify sslProtocol only, but with non-null value it would fail.

[ihuzenko]

This file is far from Drill defaults, I'm convinced that if you'll try to actually use the file for overriding conf, your Drillbit will fail in numerous different ways. The file is here just to show a user which options are available in override conf. And handled badly, since there are a lot of options not present in the file.

[vvysotskyi]

Oh, sorry, I thought it was drill-module.conf file. In this case, it is ok to leave as it is. Sorry for the confusion.

[vvysotskyi]

@ihuzenko, thanks for making changes.
LGTM, +1

[cgivre]

Could we make a note to include this in the web documentation for Drill once this is committed?

[agozhiy]

There is no need for this method at all, default values can be set directly in drill-module.conf.

[agozhiy]

Thank you, +1.