Enable TLS Support (DTS - Specific) #515
Conversation
Vipinofficial11
requested review from
albertshau,
itsankit-google and
MrRahulSharma
| @Name(OracleConstants.USE_SSL) | ||
| @Description("Turns on SSL encryption. Connection will fail if SSL is not available") | ||
| @Nullable | ||
| public String useSSL; |
There was a problem hiding this comment.
Why not boolean?
When we add something in plugin config, if we don't add a widget json for this. It will show up as a textbox in CDAP UI as well.
If we don't want it to be visible in CDAP UI, please add a config in widgets json which is hidden.
There was a problem hiding this comment.
Why not boolean?
There was no specific reason, change it to Boolean.
When we add something in plugin config, if we don't add a widget json for this. It will show up as a textbox in CDAP UI as well. If we don't want it to be visible in CDAP UI, please add a config in widgets json which is hidden.
got it, added it in the config of Batch Source and Batch Sink as only these are using OracleConnectorConfig. [8d62fb9]
There was a problem hiding this comment.
There will also be a widget json file for OracleConnector which also need to be modified the same way.
There was a problem hiding this comment.
Updated [b68ec93]
| @@ -103,6 +109,10 @@ public String getDatabase() { | |||
| return database; | |||
| } | |||
|
|
|||
| public Boolean getSSlMode() { | |||
| return useSSL; | |||
There was a problem hiding this comment.
For existing pipelines this property will be null, please handle that case.
There was a problem hiding this comment.
Done, please have a look if this change would be enough to avoid failures in case of existing pipelines.
[https://github.com//pull/515/commits/b68ec933ff27ff2a1ade2c578727113604803367#diff-afe65e631b8b5b1d360af43ae84dc844e2c55ee83e9179cdb8bd087da954ae06R114]
| * @param useSSL Whether SSL/TLS is required(YES/NO) | ||
| * @return Connection String based on the given parameters and connection type. | ||
| */ | ||
| public static String getConnectionString(String connectionType, |
There was a problem hiding this comment.
I cannot see any reason of this new method, why can't we reuse the existing one?
There was a problem hiding this comment.
This was actually overloaded to reduce the impact of these changes on CDAP connectors, this method will only be used by Source and Sink plugin.
Oracle Action, Post Action and Oracle Connector will still use the old method to generate connection string. When we enable TLS for CDAP Connectors we can reuse the code and remove this method.
There was a problem hiding this comment.
If we are using this method here: https://github.com/data-integrations/database-plugins/pull/515/files#diff-bd85394fe9ff353467fd45fd10ad329b508e0fbbc70145fe34de0d54f483a99bR129
It means it does impact CDAP connectors so it does not really help by overriding the method.
There was a problem hiding this comment.
got it, removed. [b68ec93]
|
Please check e2e test failures. |
| public static final String ORACLE_CONNECTION_STRING_SID_FORMAT = "jdbc:oracle:thin:@%s:%s:%s"; | ||
| public static final String ORACLE_CONNECTION_STRING_SERVICE_NAME_FORMAT = "jdbc:oracle:thin:@//%s:%s/%s"; | ||
| // Updating connection strings to accept protocol (e.g., jdbc:oracle:thin:@<protocol>://<host>:<port>/<SID>) | ||
| public static final String ORACLE_CONNECTION_STRING_SID_FORMAT = "jdbc:oracle:thin:@%s:%s:%s/%s"; |
There was a problem hiding this comment.
We can add a constant ORACLE_CONNECTION_STRING_SID_FORMAT_WITH_PROTOCOL instead of modifying the older one and use the new one when useSSL is true otherwise use the old connection string.
This would make the change backward compatible and ensure CDAP connectors are not affected.
There was a problem hiding this comment.
got it, updated [b31e53c]
| public static final String ORACLE_CONNECTION_STRING_SERVICE_NAME_FORMAT = "jdbc:oracle:thin:@//%s:%s/%s"; | ||
| // Updating connection strings to accept protocol (e.g., jdbc:oracle:thin:@<protocol>://<host>:<port>/<SID>) | ||
| public static final String ORACLE_CONNECTION_STRING_SID_FORMAT = "jdbc:oracle:thin:@%s:%s:%s/%s"; | ||
| public static final String ORACLE_CONNECTION_STRING_SERVICE_NAME_FORMAT = "jdbc:oracle:thin:@%s://%s:%s/%s"; |
There was a problem hiding this comment.
similar change here ORACLE_CONNECTION_STRING_SERVICE_NAME_FORMAT_WITH_PROTOCOL
There was a problem hiding this comment.
updated [b31e53c]
Sure, I was looking at the reports but looks like there is some issue. Can you check if you are able to access these link |
| if (isSSLEnabled) { | ||
| return String.format(OracleConstants.ORACLE_CONNECTION_STRING_SERVICE_NAME_FORMAT_WITH_PROTOCOL, | ||
| connectionProtocol, host, port, database); | ||
| } | ||
| return String.format(OracleConstants.ORACLE_CONNECTION_STRING_SERVICE_NAME_FORMAT, | ||
| host, port, database); |
There was a problem hiding this comment.
can we have two methods which takes host, port, database & connectionProtocol getConnectionStringWithServic & getConnectionStringWithSID?
There was a problem hiding this comment.
Added separate methods to get the different type of connection strings. [7dc9a6c]
If you see a step before, I don't even see these files getting uploaded: |
Yes, looks like some issue with reporting plugin for oracle. I might have seen this before, will try to fix it. I was looking at older reports, even for the plugins where files were uploaded we are still not able to access the public bucket. see this |
If the runs are 7 days old, the reports get deleted automatically from the storage bucket. |
Vipinofficial11
force-pushed
the
enableSSLConnections
branch
3 times, most recently
from
b9bf75f to
ae5d1c9
Compare
Vipinofficial11
force-pushed
the
enableSSLConnections
branch
from
ae5d1c9 to
e9dd995
Compare
Vipinofficial11
merged commit f0347b9
into
data-integrations:develop
Add SSL/TLS support in Oracle Batch Source Classes
This PR introduces a new field,
useSSL, to enable SSL (TLS) connections for Oracle by allowing the specification of protocol (tcp or tcps) in the connection string format.Key Changes
useSSL (Allows to specify whether SSL (TLS) should be used for connections or not )
jdbc:oracle:thin:@tcps or @tcp ://<host>:<port>/<SID>jdbc:oracle:thin:tcps or @tcp ://<host>:<port>/<ServiceName>Testing Scope
Validated TCP protocol connectivity:
Verified that the connection works as expected when specifying protocol as tcp explicitly in the connection string to ensure backward compatibility with existing behavior.
Validated TCPS protocol connectivity:
Conducted internal tests with tcps to ensure secure connections (SSL/TLS) are correctly established and that the updated connection string format handles this protocol appropriately.