Ensure HTTPS enabled when required for internal communication

trinodb · Jul 19, 2021 · 71152be · 71152be
1 parent 8b6f0a3
commit 71152be
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/core/trino-main/src/main/java/io/trino/server/InternalCommunicationConfig.java b/core/trino-main/src/main/java/io/trino/server/InternalCommunicationConfig.java
@@ -38,6 +38,7 @@ public class InternalCommunicationConfig
     private String keyStorePassword;
     private String trustStorePath;
     private String trustStorePassword;
+    private boolean httpServerHttpsEnabled;
 
     @NotNull
     public Optional<String> getSharedSecret()
@@ -135,4 +136,22 @@ public boolean isRequiredSharedSecretSet()
     {
         return !isHttpsRequired() || getSharedSecret().isPresent();
     }
+
+    public boolean isHttpServerHttpsEnabled()
+    {
+        return httpServerHttpsEnabled;
+    }
+
+    @Config("http-server.https.enabled")
+    public InternalCommunicationConfig setHttpServerHttpsEnabled(boolean httpServerHttpsEnabled)
+    {
+        this.httpServerHttpsEnabled = httpServerHttpsEnabled;
+        return this;
+    }
+
+    @AssertTrue(message = "HTTPS must be enabled when HTTPS is required for internal communications. Set http-server.https.enabled=true")
+    public boolean isHttpsEnabledWhenRequired()
+    {
+        return !isHttpsRequired() || isHttpServerHttpsEnabled();
+    }
 }
diff --git a/core/trino-main/src/test/java/io/trino/server/TestInternalCommunicationConfig.java b/core/trino-main/src/test/java/io/trino/server/TestInternalCommunicationConfig.java
@@ -37,7 +37,8 @@ public void testDefaults()
                 .setKeyStorePath(null)
                 .setKeyStorePassword(null)
                 .setTrustStorePath(null)
-                .setTrustStorePassword(null));
+                .setTrustStorePassword(null)
+                .setHttpServerHttpsEnabled(false));
     }
 
     @Test
@@ -55,6 +56,7 @@ public void testExplicitPropertyMappings()
                 .put("internal-communication.https.keystore.key", "key-key")
                 .put("internal-communication.https.truststore.path", truststoreFile.toString())
                 .put("internal-communication.https.truststore.key", "trust-key")
+                .put("http-server.https.enabled", "true")
                 .build();
 
         InternalCommunicationConfig expected = new InternalCommunicationConfig()
@@ -64,7 +66,8 @@ public void testExplicitPropertyMappings()
                 .setKeyStorePath(keystoreFile.toString())
                 .setKeyStorePassword("key-key")
                 .setTrustStorePath(truststoreFile.toString())
-                .setTrustStorePassword("trust-key");
+                .setTrustStorePassword("trust-key")
+                .setHttpServerHttpsEnabled(true);
 
         assertFullMapping(properties, expected);
     }