Re: [PR] [REST] Add option to configure TLS settings in REST client [iceberg]

Tue, 03 Jun 2025 09:04:08 -0700 


bryanck commented on code in PR #13190:
URL: https://github.com/apache/iceberg/pull/13190#discussion_r2124331457


##########
core/src/main/java/org/apache/iceberg/rest/HTTPClient.java:
##########
@@ -368,8 +374,48 @@ static HttpClientConnectionManager 
configureConnectionManager(Map<String, String
                     properties, REST_MAX_CONNECTIONS, 
REST_MAX_CONNECTIONS_DEFAULT)))
         .setMaxConnPerRoute(
             PropertyUtil.propertyAsInt(
-                properties, REST_MAX_CONNECTIONS_PER_ROUTE, 
REST_MAX_CONNECTIONS_PER_ROUTE_DEFAULT))
-        .build();
+                properties,
+                REST_MAX_CONNECTIONS_PER_ROUTE,
+                REST_MAX_CONNECTIONS_PER_ROUTE_DEFAULT));
+
+    TLSConfigurer tlsConfigurer = loadTlsConfigurer(properties);
+    if (tlsConfigurer != null) {
+      connectionManagerBuilder.setTlsSocketStrategy(
+          new DefaultClientTlsStrategy(
+              tlsConfigurer.sslContext(),
+              tlsConfigurer.supportedProtocols(),
+              tlsConfigurer.supportedCipherSuites(),
+              SSLBufferMode.STATIC,
+              tlsConfigurer.hostnameVerifier()));
+    }
+
+    return connectionManagerBuilder.build();
+  }
+
+  private static TLSConfigurer loadTlsConfigurer(Map<String, String> 
properties) {
+    String impl = properties.get(REST_TLS_CONFIGURER);
+    if (impl == null) {
+      return null;
+    }
+
+    DynConstructors.Ctor<TLSConfigurer> ctor;
+    try {
+      ctor =
+          DynConstructors.builder(TLSConfigurer.class)
+              .loader(HTTPClient.class.getClassLoader())
+              .impl(impl)
+              .buildChecked();
+    } catch (NoSuchMethodException e) {
+      throw new IllegalArgumentException(
+          String.format(
+              "Cannot initialize TLSConfigurer implementation %s: %s", impl, 
e.getMessage()),
+          e);
+    }
+
+    TLSConfigurer configurer = ctor.newInstance();

Review Comment:
   Thanks, I updated the error handling to be more consistent w/ CatalogUtil, 
and added some tests.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to