wolfkill opened a new pull request, #18530: URL: https://github.com/apache/pinot/pull/18530
## Summary - create a TLS-aware `FileUploadDownloadClient` from `SegmentGenerationJobSpec.getTlsSpec()` for segment push paths - keep the shared default upload client for jobs without `TlsSpec` - extract `TlsUtils.createSslContext(...)` so callers can build an `SSLContext` without mutating JVM-wide HTTPS defaults - add regression coverage for default vs TLS-aware upload client selection ## Root Cause `SegmentPushUtils` always used a static `FileUploadDownloadClient`, so push jobs that supplied `TlsSpec` did not build a client from that job-level TLS configuration. Direct/core/Hadoop segment push flows could therefore ignore the intended key/trust store settings. Fixes #17702 ## Tests - Red check before implementation: `JAVA_HOME=/opt/homebrew/opt/openjdk@21/libexec/openjdk.jdk/Contents/Home PATH=/opt/homebrew/opt/openjdk@21/bin:$PATH ./mvnw -pl pinot-segment-local -am -Dtest=org.apache.pinot.segment.local.utils.SegmentPushUtilsTest#testGetFileUploadDownloadClientHonorsTlsSpec -Dsurefire.failIfNoSpecifiedTests=false -DfailIfNoTests=false test` failed because `SegmentPushUtils.getFileUploadDownloadClient(...)` did not exist yet. - `JAVA_HOME=/opt/homebrew/opt/openjdk@21/libexec/openjdk.jdk/Contents/Home PATH=/opt/homebrew/opt/openjdk@21/bin:$PATH ./mvnw -pl pinot-common,pinot-segment-local -am -Dtest=org.apache.pinot.common.utils.tls.TlsUtilsTest,org.apache.pinot.segment.local.utils.SegmentPushUtilsTest -Dsurefire.failIfNoSpecifiedTests=false -DfailIfNoTests=false test` - `git diff --check upstream/master...HEAD` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
