steveniemitz commented on code in PR #21457: URL: https://github.com/apache/flink/pull/21457#discussion_r1041123103
########## flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java: ########## @@ -217,6 +217,16 @@ public class SecurityOptions { .withDescription( "Turns on SSL for external communication via the REST endpoints."); + @Documentation.Section(Documentation.Sections.EXPERT_SECURITY_SSL) + public static final ConfigOption<String> SSL_REST_SSL_CONTEXT_SUPPLIER = + key("security.ssl.rest.ssl-context-supplier") + .stringType() + .noDefaultValue() + .withDescription( + "A fully qualified class name that implements the Supplier<SslContext> interface." + + " The implementation must have a public constructor with the signature" + + " (Configuration config, boolean isClient, SslProvider sslProvider)"); Review Comment: I'd prefer to keep the `Supplier<SslContext>` interface at the end (or something similar) since it makes passing it around much simpler. In your interface for example you'll need the Configuration, clientMode, and SslProvider at the time when you need to get the SslContext. For example, if the interface looked like this, `SSLHandlerFactory` would also need to then have access to the configuration and SslProvider. I ended up with making `SslContextSupplier.Factory`, which at least gets rid of the required constructor. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org