Skip to content

Centralize SSL Context Handling and Client SSL Provider #17358

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xiangfu0 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Centralize SSL Context Handling and Client SSL Provider #17358

xiangfu0 wants to merge 1 commit into from
+1,035 −198

Conversation

@xiangfu0
Copy link
Contributor

@xiangfu0 xiangfu0 commented Dec 12, 2025
edited
Loading

Summary:

  • Add module-local BrokerContext, ControllerContext, and ServerContext backed by QueryRuntimeContext for shared gRPC SSL contexts and HTTPS SSL contexts, and wire controller to depend on query-runtime.
  • Initialize contexts in broker/controller/server startup paths and multi-stage handlers, and reuse cached gRPC SSL contexts in query runtime (MailboxService, QueryDispatcher/DispatchClient, QueryServer, ChannelManager, GrpcMailboxServer).
  • Introduce SslContextProvider with default JDK/BCJSSE implementation plus configurable lookup (system property/ServiceLoader) and update the async HTTP client transport to use it.
  • Make client SSL generation more configurable (protocol/keystore/algorithms) and tighten Netty gRPC server configuration with provider-aware setup and warnings for non-JDK providers.

@codecov-commenter
Copy link

codecov-commenter commented Dec 12, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 29.96390% with 194 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.24%. Comparing base (6c87d2e) to head (f2dc959).
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...in/java/org/apache/pinot/server/ServerContext.java 0.00% 20 Missing ⚠️
.../pinot/common/utils/ClientSSLContextGenerator.java 26.92% 19 Missing ⚠️
...org/apache/pinot/query/mailbox/MailboxService.java 28.00% 16 Missing and 2 partials ⚠️
...org/apache/pinot/controller/ControllerContext.java 0.00% 17 Missing ⚠️
...apache/pinot/controller/BaseControllerStarter.java 0.00% 14 Missing ⚠️
...in/java/org/apache/pinot/broker/BrokerContext.java 35.00% 13 Missing ⚠️
...requesthandler/MultiStageBrokerRequestHandler.java 0.00% 12 Missing and 1 partial ⚠️
.../apache/pinot/server/worker/WorkerQueryServer.java 0.00% 13 Missing ⚠️
...not/query/runtime/context/QueryRuntimeContext.java 50.00% 10 Missing ⚠️
...e/pinot/broker/broker/helix/BaseBrokerStarter.java 0.00% 8 Missing ⚠️
... and 10 more
Additional details and impacted files 
@@             Coverage Diff              @@
##             master   #17358      +/-   ##
============================================
- Coverage     63.28%   63.24%   -0.04%     
- Complexity     1474     1475       +1     
============================================
  Files          3161     3164       +3     
  Lines        188588   188808     +220     
  Branches      28857    28892      +35     
============================================
+ Hits         119351   119416      +65     
- Misses        59983    60136     +153     
- Partials       9254     9256       +2
Flag Coverage Δ
custom-integration1 100.00% <ø> (ø)
integration 100.00% <ø> (ø)
integration1 100.00% <ø> (ø)
integration2 0.00% <ø> (ø)
java-11 55.54% <28.30%> (-0.02%) ⬇️
java-21 63.22% <29.96%> (-0.06%) ⬇️
temurin 63.24% <29.96%> (-0.04%) ⬇️
unittests 63.24% <29.96%> (-0.04%) ⬇️
unittests1 55.57% <28.30%> (-0.05%) ⬇️
unittests2 34.03% <25.63%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@xiangfu0 xiangfu0 force-pushed the ssl-context-provider branch 2 times, most recently from 9b2b3e9 to ed0217a Compare December 30, 2025 08:40
@xiangfu0 xiangfu0 changed the title Set SSL context in ControllerContext/BrokerContext/ServerContext Centralize SSL Context Handling and Client SSL Provider Dec 30, 2025
@xiangfu0 xiangfu0 marked this pull request as ready for review December 30, 2025 08:51
@xiangfu0 xiangfu0 added user-experience Related to user experience refactor security labels Dec 30, 2025
@xiangfu0 xiangfu0 requested a review from Copilot December 30, 2025 10:02
@xiangfu0 xiangfu0 force-pushed the ssl-context-provider branch from ed0217a to f158985 Compare December 30, 2025 10:02
Copilot AI reviewed Dec 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR centralizes SSL/TLS context handling across Pinot components by introducing module-local context singletons (BrokerContext, ControllerContext, ServerContext) that delegate to a shared QueryRuntimeContext for gRPC SSL contexts. It also adds a pluggable SslContextProvider mechanism for client SSL configuration with JDK/BCJSSE support.

Key Changes:

  • Centralized SSL context management through module-specific context classes backed by QueryRuntimeContext
  • Introduced SslContextProvider interface with factory-based lookup and default JDK implementation
  • Enhanced client SSL configuration with protocol/keystore/algorithm customization

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
pinot-server/src/main/java/org/apache/pinot/server/ServerContext.java New singleton context for server SSL contexts delegating to QueryRuntimeContext
pinot-broker/src/main/java/org/apache/pinot/broker/BrokerContext.java New singleton context for broker SSL contexts delegating to QueryRuntimeContext
pinot-controller/src/main/java/org/apache/pinot/controller/ControllerContext.java New singleton context for controller SSL contexts delegating to QueryRuntimeContext
pinot-query-runtime/src/main/java/org/apache/pinot/query/runtime/context/QueryRuntimeContext.java Renamed from BrokerContext, added gRPC SSL context fields
pinot-query-runtime/src/main/java/org/apache/pinot/query/runtime/context/ServerContext.java Removed (functionality moved to module-specific contexts)
pinot-query-runtime/src/main/java/org/apache/pinot/query/runtime/context/ControllerContext.java Removed (functionality moved to module-specific contexts)
pinot-server/src/main/java/org/apache/pinot/server/worker/WorkerQueryServer.java Initialize server context SSL contexts during worker query server setup
pinot-server/src/main/java/org/apache/pinot/server/starter/helix/BaseServerStarter.java Initialize server context HTTPS contexts on startup
pinot-controller/src/main/java/org/apache/pinot/controller/BaseControllerStarter.java Initialize controller context SSL contexts on startup
pinot-broker/src/main/java/org/apache/pinot/broker/broker/helix/BaseBrokerStarter.java Initialize broker context HTTPS contexts on startup
pinot-broker/src/main/java/org/apache/pinot/broker/requesthandler/MultiStageBrokerRequestHandler.java Initialize broker context SSL contexts in multi-stage handler
pinot-query-runtime/.../QueryServer.java Reuse cached server gRPC SSL context from QueryRuntimeContext
pinot-query-runtime/.../QueryDispatcher.java Initialize and reuse client gRPC SSL context from QueryRuntimeContext
pinot-query-runtime/.../DispatchClient.java Accept optional SslContext parameter to reuse cached context
pinot-query-runtime/.../MailboxService.java Resolve SSL contexts from QueryRuntimeContext for broker/server/controller instances
pinot-query-runtime/.../GrpcMailboxServer.java Accept optional SslContext parameter to reuse cached context
pinot-query-runtime/.../ChannelManager.java Accept optional SslContext parameter to reuse cached context
pinot-query-runtime/.../OpChainExecutionContext.java Simplified to use QueryRuntimeContext instead of separate broker/server contexts
pinot-clients/.../SslContextProvider.java New interface for pluggable SSL configuration
pinot-clients/.../SslContextProviderFactory.java Factory for loading SslContextProvider via property/ServiceLoader
pinot-clients/.../DefaultSslContextProvider.java Default JDK/BCJSSE provider implementation
pinot-clients/.../JsonAsyncHttpPinotClientTransport.java Updated to use SslContextProvider for SSL configuration
pinot-common/.../ClientSSLContextGenerator.java Added configurable protocol/keystore/algorithm with try-with-resources
pinot-broker/.../BrokerGrpcServer.java Added warning for non-JDK providers and provider-aware GrpcSslContexts configuration
pinot-controller/pom.xml Added pinot-query-runtime dependency

@xiangfu0 xiangfu0 force-pushed the ssl-context-provider branch from f158985 to 82c7250 Compare December 30, 2025 14:35
@xiangfu0 xiangfu0 requested a review from Copilot December 30, 2025 14:39
Copilot AI reviewed Dec 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated no new comments.

@xiangfu0 xiangfu0 force-pushed the ssl-context-provider branch from 82c7250 to 8fc4852 Compare January 1, 2026 16:12
@xiangfu0 xiangfu0 force-pushed the ssl-context-provider branch from 8fc4852 to f2dc959 Compare January 3, 2026 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

refactor security user-experience Related to user experience

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xiangfu0 @codecov-commenter