Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to enforce SSL in Databricks Destination connector #16308

Closed
ryankfu opened this issue Sep 2, 2022 · 5 comments · Fixed by #18032
Closed

Add ability to enforce SSL in Databricks Destination connector #16308

ryankfu opened this issue Sep 2, 2022 · 5 comments · Fixed by #18032
Assignees
@tuliren
Labels
needs-triage team/destinations Destinations team's backlog type/enhancement New feature or request

Comments

@ryankfu
Copy link
Contributor

ryankfu commented Sep 2, 2022

Tell us about the problem you're trying to solve

Databricks does not always enforce SSL

Describe the solution you’d like

Implement configuration for adding ssl parameter for Databricks destination

Describe the alternative you’ve considered or used

A clear and concise description of any alternative solutions or features you've considered or are using today.

Additional context

Building the connection URL

Are you willing to submit a PR?

Remove this with your answer :-)
@ryankfu ryankfu mentioned this issue Sep 2, 2022
Merged
37 tasks
@grishick
Copy link
Contributor

grishick commented Sep 2, 2022

cc @tuliren

@grishick
Copy link
Contributor

grishick commented Sep 6, 2022
edited
Loading

Notes on scope:

  • figure out if DataBricks allows unencrypted connections (if it doesn't, this is a no-op 🎉 ). Otherwise:
    • add SSL on/off switch to spec
    • enforce SSL in Airbyte cloud unless SSH tunnel is on (this includes normalization)
    • understand and expose (if available) SSL modes for DataBricks JDBC driver. If various SSL modes are available, allow only secure modes in Airbyte Cloud
    • add tests that verify the above behaviors

@grishick
Copy link
Contributor

grishick commented Sep 6, 2022

Hey team! Please add your planning poker estimate with Zenhub @edgao @rodireich @ryankfu @subodh1810 @tuliren

@grishick grishick added the team/destinations Destinations team's backlog label Sep 27, 2022
@grishick
Copy link
Contributor

grishick commented Oct 4, 2022
edited
Loading

Investigation

I plaid around with our databricks sandbox account and found the following:

  • Databricks clusters always require SSL to be enabled in JDBC connections. I tried disabling it and was not able to connect
  • If JDBC connection URL does not explicitly enable SSL, SSL is still enabled by default
  • If JDBC connection URL explicitly disables SSL, Databricks cluster refuses the connection

Here are some references:

Remaining scope for this issue

I also found that our JDBC connection string for Databricks currently does not conform to the JDBC connection guide and is missing ssl=1 parameter. Although this parameter is implied, we should still add it as recommended in Databricks documentation. My understanding is the only thing we need to do is to add ssl=1 JDBC URL parameter hardcoded in Databricks connector per Databricks documentation. The reason it has to be hardcoded is because, Databricks does not allow any value for this parameter.

Changing the estimate to 2 points based on these findings.

@grishick grishick mentioned this issue Oct 4, 2022
Closed
@grishick
Copy link
Contributor

Moving to Blocked until @tuliren finishes current Databricks changes

@tuliren tuliren mentioned this issue Oct 15, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tuliren tuliren

Labels
needs-triage team/destinations Destinations team's backlog type/enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Databricks destination: ensure encrypted JDBC connection airbytehq/airbyte
3 participants
@grishick @tuliren @ryankfu