stargate
Fix TLS (`client_encryption_options`) configuration for CQL
What this PR does:
CQL TLS configuration is now loaded from a yaml file specified using the system property stargate.cql.config_path. This very similar to cassandra.yaml, but it only contains the options that are specific to the CQL transport layer.
This also include a couple bug fixes:
- Removes usage of
ClientWarn, this is handled by the persistence layer. - Remove usage of
DatabaseDescriptorwhich is not properly configured.
Substantial portions of the following files have been copied from C* 4.0.3:
- Config.java
- EncryptionOptions.java
- YamlConfigurationLoader.java
- SSLFactory.java
Which issue(s) this PR fixes: Fixes #1001
Checklist
- [x] Changes manually tested
- [x] Automated Tests added/updated
- [x] Documentation added/updated
- [x] Add an example
cql.yamlfile to resources - [x] Add tests for client certificates
- [x] Fix licences on
.javafiles (either Stargate or Apache Cassandra)
One thing that may or may not be relevant: instead of using SnakeYAML directly (btw do we not need a dependency from pom.xml to it? Or is it assumed we get it transitively from Cassandra), there's also Jackson YAML module:
https://github.com/FasterXML/jackson-dataformats-text/tree/2.14/yaml
which let's you use Jackson API to bind to POJOs, or Maps or whatever using YAML-backed ObjectMapper.
That could simplify things a bit. It does use SnakeYAML for actual decoding fwtw.
One thing that may or may not be relevant: instead of using SnakeYAML directly (btw do we not need a dependency from
pom.xmlto it? Or is it assumed we get it transitively from Cassandra), there's also Jackson YAML module:https://github.com/FasterXML/jackson-dataformats-text/tree/2.14/yaml
which let's you use Jackson API to bind to POJOs, or
Maps or whatever using YAML-backedObjectMapper. That could simplify things a bit. It does use SnakeYAML for actual decoding fwtw.
Updated in this commit: https://github.com/stargate/stargate/pull/1992/commits/de500843beea07c377eaa381a46a6af01279d004