Add config for ignoring SSL errors on BDC queries (#8169)

* Add config for ignoring SSL errors on BDC queries * Fix error handling in write stream * Disable tslint check * Handle promise appropriately * PR comments * Change defaults to true
2026-02-16 10:58:30 -05:00 · 2019-11-01 15:20:47 -07:00
parent 08d81927b4
commit abbb1e54da
16 changed files with 100 additions and 46 deletions
--- a/extensions/mssql/src/hdfs/webhdfs.ts
+++ b/extensions/mssql/src/hdfs/webhdfs.ts
@@ -780,10 +780,6 @@ export class WebHDFS {
 				stream.pipe(upload);
 				stream.resume();
 			}
-			if (error && !response) {
-				// request failed, and req is not accessible in this case.
-				throw this.parseError(undefined, undefined, error);
-			}
 			if (error || this.isError(response)) {
 				emitError(req, this.parseError(response, body, error));
 			}
--- a/extensions/mssql/src/objectExplorerNodeProvider/fileSources.ts
+++ b/extensions/mssql/src/objectExplorerNodeProvider/fileSources.ts
@@ -18,6 +18,7 @@ import { WebHDFS, HdfsError } from '../hdfs/webhdfs';
 import { PermissionStatus } from '../hdfs/aclEntry';
 import { Mount, MountStatus } from '../hdfs/mount';
 import { FileStatus, hdfsFileTypeToFileType } from '../hdfs/fileStatus';
+import { getIgnoreSslVerificationConfigSetting } from '../util/auth';

 const localize = nls.loadMessageBundle();

@@ -143,12 +144,11 @@ export class FileSourceFactory {
 		options = options && options.host ? FileSourceFactory.removePortFromHost(options) : options;
 		let requestParams: IRequestParams = options.requestParams ? options.requestParams : {};
 		if (requestParams.auth || requestParams.isKerberos) {
-			// TODO Remove handling of unsigned cert once we have real certs in our Knox service
 			let agentOptions = {
 				host: options.host,
 				port: options.port,
 				path: constants.hdfsRootPath,
-				rejectUnauthorized: false
+				rejectUnauthorized: !getIgnoreSslVerificationConfigSetting()
 			};
 			let agent = new https.Agent(agentOptions);
 			requestParams['agent'] = agent;
--- a/extensions/mssql/src/sparkFeature/dialog/sparkJobSubmission/sparkJobSubmissionService.ts
+++ b/extensions/mssql/src/sparkFeature/dialog/sparkJobSubmission/sparkJobSubmissionService.ts
@@ -37,8 +37,7 @@ export class SparkJobSubmissionService {
 				uri: livyUrl,
 				method: 'POST',
 				json: true,
-				// TODO, change it back after service's authentication changed.
-				rejectUnauthorized: false,
+				rejectUnauthorized: !auth.getIgnoreSslVerificationConfigSetting(),
 				body: {
 					file: submissionArgs.sparkFile,
 					proxyUser: submissionArgs.user,
@@ -114,7 +113,7 @@ export class SparkJobSubmissionService {
 				uri: livyUrl,
 				method: 'GET',
 				json: true,
-				rejectUnauthorized: false,
+				rejectUnauthorized: !auth.getIgnoreSslVerificationConfigSetting(),
 				// authentication headers
 				headers: headers
 			};
--- a/extensions/mssql/src/util/auth.ts
+++ b/extensions/mssql/src/util/auth.ts
@@ -4,6 +4,7 @@
 *--------------------------------------------------------------------------------------------*/

 import * as kerberos from 'kerberos';
+import * as vscode from 'vscode';

 export enum AuthType {
 	Integrated = 'integrated',
@@ -17,3 +18,20 @@ export async function authenticateKerberos(hostname: string): Promise<string> {
 	let response = await client.step('');
 	return response;
 }
+
+const bdcConfigSectionName = 'bigDataCluster';
+const ignoreSslConfigName = 'ignoreSslVerification';
+
+/**
+ * Retrieves the current setting for whether to ignore SSL verification errors
+ */
+export function getIgnoreSslVerificationConfigSetting(): boolean {
+	try {
+		const config = vscode.workspace.getConfiguration(bdcConfigSectionName);
+		return config.get<boolean>(ignoreSslConfigName) || true;
+	} catch (error) {
+		console.error(`Unexpected error retrieving ${bdcConfigSectionName}.${ignoreSslConfigName} setting : ${error}`);
+	}
+	return true;
+}
+