From 25790272565af617b4e6d70478142e74717bad2d Mon Sep 17 00:00:00 2001 From: zy-kkk Date: Thu, 27 Jun 2024 17:55:38 +0800 Subject: [PATCH 1/2] [improvement](sqlserver catalog) Configurable whether to use encrypt when connecting to SQL Server using the catalog (#36659) In previous versions, we used druid as the default JDBC connection pool, which can use custom decryption to parse the certificate when SQL Server encryption is turned on. However, in the new version, after changing HikariCP as the default connection pool, the SQLServer certificate cannot be parsed, so encryption needs to be turned off for normal use. Therefore, a parameter is added to decide whether to disable SQLServer encryption. It is not disabled by default. --- .../src/main/java/org/apache/doris/common/Config.java | 4 ++++ .../src/main/java/org/apache/doris/catalog/JdbcResource.java | 3 +++ 2 files changed, 7 insertions(+) diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java index e1b29b7f84975e..75ad1f91a741d9 100644 --- a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java +++ b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java @@ -162,6 +162,10 @@ public class Config extends ConfigBase { "MySQL Jdbc Catalog mysql does not support pushdown functions"}) public static String[] jdbc_mysql_unsupported_pushdown_functions = {"date_trunc", "money_format", "negative"}; + @ConfField(description = {"SQLServer Jdbc Catalog 关闭加密", + "SQLServer Jdbc Catalog close encrypt"}) + public static boolean disable_jdbc_sqlserver_encrypt = false; + @ConfField(mutable = true, masterOnly = true, description = {"broker load 时,单个节点上 load 执行计划的默认并行度", "The default parallelism of the load execution plan on a single node when the broker load is submitted"}) public static int default_load_parallelism = 8; diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/JdbcResource.java b/fe/fe-core/src/main/java/org/apache/doris/catalog/JdbcResource.java index c411c6d11433d8..fdf994abbebe25 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/catalog/JdbcResource.java +++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/JdbcResource.java @@ -353,6 +353,9 @@ public static String handleJdbcUrl(String jdbcUrl) throws DdlException { newJdbcUrl = checkAndSetJdbcBoolParam(dbType, newJdbcUrl, "reWriteBatchedInserts", "false", "true"); } if (dbType.equals(SQLSERVER)) { + if (Config.disable_jdbc_sqlserver_encrypt) { + newJdbcUrl = checkAndSetJdbcBoolParam(dbType, newJdbcUrl, "encrypt", "true", "false"); + } newJdbcUrl = checkAndSetJdbcBoolParam(dbType, newJdbcUrl, "useBulkCopyForBatchInsert", "false", "true"); } return newJdbcUrl; From db64658ff2cc5c546ff0f626579e7298f519b0d2 Mon Sep 17 00:00:00 2001 From: zy-kkk Date: Fri, 28 Jun 2024 18:00:14 +0800 Subject: [PATCH 2/2] Rename Configuration Parameter from disable_jdbc_sqlserver_encrypt to force_sqlserver_jdbc_encrypt_false --- .../src/main/java/org/apache/doris/common/Config.java | 6 +++--- .../main/java/org/apache/doris/catalog/JdbcResource.java | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java index 75ad1f91a741d9..b51ab170f02542 100644 --- a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java +++ b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java @@ -162,9 +162,9 @@ public class Config extends ConfigBase { "MySQL Jdbc Catalog mysql does not support pushdown functions"}) public static String[] jdbc_mysql_unsupported_pushdown_functions = {"date_trunc", "money_format", "negative"}; - @ConfField(description = {"SQLServer Jdbc Catalog 关闭加密", - "SQLServer Jdbc Catalog close encrypt"}) - public static boolean disable_jdbc_sqlserver_encrypt = false; + @ConfField(description = {"强制 SQLServer Jdbc Catalog 加密为 false", + "Force SQLServer Jdbc Catalog encrypt to false"}) + public static boolean force_sqlserver_jdbc_encrypt_false = false; @ConfField(mutable = true, masterOnly = true, description = {"broker load 时,单个节点上 load 执行计划的默认并行度", "The default parallelism of the load execution plan on a single node when the broker load is submitted"}) diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/JdbcResource.java b/fe/fe-core/src/main/java/org/apache/doris/catalog/JdbcResource.java index fdf994abbebe25..0ec9243a132ff2 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/catalog/JdbcResource.java +++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/JdbcResource.java @@ -353,7 +353,7 @@ public static String handleJdbcUrl(String jdbcUrl) throws DdlException { newJdbcUrl = checkAndSetJdbcBoolParam(dbType, newJdbcUrl, "reWriteBatchedInserts", "false", "true"); } if (dbType.equals(SQLSERVER)) { - if (Config.disable_jdbc_sqlserver_encrypt) { + if (Config.force_sqlserver_jdbc_encrypt_false) { newJdbcUrl = checkAndSetJdbcBoolParam(dbType, newJdbcUrl, "encrypt", "true", "false"); } newJdbcUrl = checkAndSetJdbcBoolParam(dbType, newJdbcUrl, "useBulkCopyForBatchInsert", "false", "true");