diff --git a/external-table/src/libchurl.c b/external-table/src/libchurl.c index efc890c31a..14c8a77b46 100644 --- a/external-table/src/libchurl.c +++ b/external-table/src/libchurl.c @@ -108,6 +108,7 @@ static JsonSemAction nullSemAction = churl_context *churl_new_context(void); static void create_curl_handle(churl_context *context); static void set_curl_option(churl_context *context, CURLoption option, const void *data); +static void set_curl_ssl_options(churl_context *context); static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userdata); static void setup_multi_handle(churl_context *context); static void multi_perform(churl_context *context); @@ -415,11 +416,38 @@ churl_init(const char *url, CHURL_HEADERS headers) set_curl_option(context, CURLOPT_WRITEDATA, context); set_curl_option(context, CURLOPT_HEADERFUNCTION, header_callback); set_curl_option(context, CURLOPT_HEADERDATA, context); + + set_curl_ssl_options(context); + churl_headers_set(context, headers); return (CHURL_HANDLE) context; } +static void +set_curl_ssl_options(churl_context *context) +{ + const char *proto = get_pxf_protocol(); + + if (proto && strcmp(proto, "https") == 0) + { + const char *cacert = get_pxf_ssl_cacert(); + + set_curl_option(context, CURLOPT_SSLCERT, get_pxf_ssl_cert()); + set_curl_option(context, CURLOPT_SSLKEY, get_pxf_ssl_key()); + + set_curl_option(context, CURLOPT_SSLCERTTYPE, get_pxf_ssl_certtype()); + set_curl_option(context, CURLOPT_KEYPASSWD, get_pxf_ssl_keypasswd()); + + if (cacert != NULL && cacert[0] != '\0') + { + set_curl_option(context, CURLOPT_CAINFO, cacert); + } + + set_curl_option(context, CURLOPT_SSL_VERIFYPEER, (const void *) get_pxf_ssl_verifypeer()); + } +} + CHURL_HANDLE churl_init_upload(const char *url, CHURL_HEADERS headers) { diff --git a/external-table/src/pxfbridge.c b/external-table/src/pxfbridge.c index 80267a04a5..65eda8ea1e 100644 --- a/external-table/src/pxfbridge.c +++ b/external-table/src/pxfbridge.c @@ -230,8 +230,8 @@ static void build_uri_for_cancel(pxfbridge_cancel *cancel) { resetStringInfo(&cancel->uri); - appendStringInfo(&cancel->uri, "http://%s/%s/cancel", - get_authority(), PXF_SERVICE_PREFIX); + appendStringInfo(&cancel->uri, "%s://%s/%s/cancel", + get_pxf_protocol(), get_authority(), PXF_SERVICE_PREFIX); if ((LOG >= log_min_messages) || (LOG >= client_min_messages)) { @@ -248,8 +248,8 @@ static void build_uri_for_read(gphadoop_context *context) { resetStringInfo(&context->uri); - appendStringInfo(&context->uri, "http://%s/%s/read", - get_authority(), PXF_SERVICE_PREFIX); + appendStringInfo(&context->uri, "%s://%s/%s/read", + get_pxf_protocol(), get_authority(), PXF_SERVICE_PREFIX); if ((LOG >= log_min_messages) || (LOG >= client_min_messages)) { @@ -265,8 +265,8 @@ build_uri_for_read(gphadoop_context *context) static void build_uri_for_write(gphadoop_context *context) { - appendStringInfo(&context->uri, "http://%s/%s/write", - get_authority(), PXF_SERVICE_PREFIX); + appendStringInfo(&context->uri, "%s://%s/%s/write", + get_pxf_protocol(), get_authority(), PXF_SERVICE_PREFIX); if ((LOG >= log_min_messages) || (LOG >= client_min_messages)) { diff --git a/external-table/src/pxfutils.c b/external-table/src/pxfutils.c index c6a01e6ca1..37f59bd8f7 100644 --- a/external-table/src/pxfutils.c +++ b/external-table/src/pxfutils.c @@ -8,6 +8,9 @@ #include "utils/formatting.h" #include "utils/syscache.h" +static const char *getenv_char(const char *name, const char *default_value); +static long getenv_long(const char *name, long default_value); + /* * Full name of the HEADER KEY expected by the PXF service * Converts input string to upper case and prepends "X-GP-OPTIONS-" string @@ -69,6 +72,22 @@ concat(int num_args,...) return str.data; } +static const char* +getenv_char(const char *name, const char *default_value) +{ + const char *value = getenv(name); + + return value ? value : default_value; +} + +static long +getenv_long(const char *name, long default_value) +{ + const char *value = getenv(name); + + return value ? atol(value) : default_value; +} + /* Get authority (host:port) for the PXF server URL */ char * get_authority(void) @@ -76,6 +95,12 @@ get_authority(void) return psprintf("%s:%d", get_pxf_host(), get_pxf_port()); } +const char * +get_pxf_protocol(void) +{ + return getenv_char(ENV_PXF_PROTOCOL, PXF_DEFAULT_PROTOCOL); +} + /* Returns the PXF Host defined in the PXF_HOST * environment variable or the default when undefined */ @@ -116,6 +141,42 @@ get_pxf_port(void) return port; } +const char * +get_pxf_ssl_keypasswd(void) +{ + return getenv_char(ENV_PXF_SSL_KEYPASSWD, PXF_DEFAULT_SSL_KEYPASSWD); +} + +const char * +get_pxf_ssl_cacert(void) +{ + return getenv_char(ENV_PXF_SSL_CACERT, PXF_DEFAULT_SSL_CACERT); +} + +const char * +get_pxf_ssl_cert(void) +{ + return getenv_char(ENV_PXF_SSL_CERT, PXF_DEFAULT_SSL_CERT); +} + +const char * +get_pxf_ssl_key(void) +{ + return getenv_char(ENV_PXF_SSL_KEY, PXF_DEFAULT_SSL_KEY); +} + +const char * +get_pxf_ssl_certtype(void) +{ + return getenv_char(ENV_PXF_SSL_CERT_TYPE, PXF_DEFAULT_SSL_CERT_TYPE); +} + +long +get_pxf_ssl_verifypeer(void) +{ + return getenv_long(ENV_PXF_SSL_VERIFY_PEER, PXF_DEFAULT_SSL_VERIFY_PEER); +} + /* Returns the namespace (schema) name for a given namespace oid */ char * GetNamespaceName(Oid nsp_oid) diff --git a/external-table/src/pxfutils.h b/external-table/src/pxfutils.h index db930e5fb3..a622964f1d 100644 --- a/external-table/src/pxfutils.h +++ b/external-table/src/pxfutils.h @@ -12,6 +12,9 @@ char *TypeOidGetTypename(Oid typid); /* Concatenate multiple literal strings using stringinfo */ char *concat(int num_args,...); +/* Get protocol for the PXF server URL */ +const char *get_pxf_protocol(void); + /* Get authority (host:port) for the PXF server URL */ char *get_authority(void); @@ -25,17 +28,38 @@ const char *get_pxf_host(void); */ const int get_pxf_port(void); +const char *get_pxf_ssl_keypasswd(void); +const char *get_pxf_ssl_cacert(void); +const char *get_pxf_ssl_cert(void); +const char *get_pxf_ssl_key(void); +const char *get_pxf_ssl_certtype(void); +long get_pxf_ssl_verifypeer(void); + /* Returns the namespace (schema) name for a given namespace oid */ char *GetNamespaceName(Oid nsp_oid); -#define PXF_PROFILE "PROFILE" -#define FRAGMENTER "FRAGMENTER" -#define ACCESSOR "ACCESSOR" -#define RESOLVER "RESOLVER" -#define ANALYZER "ANALYZER" -#define ENV_PXF_HOST "PXF_HOST" -#define ENV_PXF_PORT "PXF_PORT" -#define PXF_DEFAULT_HOST "localhost" -#define PXF_DEFAULT_PORT 5888 +#define PXF_PROFILE "PROFILE" +#define FRAGMENTER "FRAGMENTER" +#define ACCESSOR "ACCESSOR" +#define RESOLVER "RESOLVER" +#define ANALYZER "ANALYZER" +#define ENV_PXF_HOST "PXF_HOST" +#define ENV_PXF_PORT "PXF_PORT" +#define ENV_PXF_PROTOCOL "PXF_PROTOCOL" +#define ENV_PXF_SSL_CACERT "PXF_SSL_CACERT" +#define ENV_PXF_SSL_CERT "PXF_SSL_CERT" +#define ENV_PXF_SSL_CERT_TYPE "PXF_SSL_CERT_TYPE" +#define ENV_PXF_SSL_KEY "PXF_SSL_KEY" +#define ENV_PXF_SSL_KEYPASSWD "PXF_SSL_KEYPASSWD" +#define ENV_PXF_SSL_VERIFY_PEER "PXF_SSL_VERIFY_PEER" +#define PXF_DEFAULT_HOST "localhost" +#define PXF_DEFAULT_PORT 5888 +#define PXF_DEFAULT_PROTOCOL "http" +#define PXF_DEFAULT_SSL_CACERT "/home/gpadmin/arenadata_configs/cacert.pem" +#define PXF_DEFAULT_SSL_CERT "client.pem" +#define PXF_DEFAULT_SSL_CERT_TYPE "pem" +#define PXF_DEFAULT_SSL_KEY "" +#define PXF_DEFAULT_SSL_KEYPASSWD "" +#define PXF_DEFAULT_SSL_VERIFY_PEER 1 #endif /* _PXFUTILS_H_ */