Merge pull request #37 from exasol/feature/23_tls_support

#23: Partial TLS support
exasol · Apr 21, 2023 · 9c6f9c1 · 9c6f9c1
2 parents 175f264 + e95f50a
commit 9c6f9c1
Show file tree

Hide file tree

Showing 17 changed files with 294 additions and 92 deletions.
diff --git a/dependencies.md b/dependencies.md
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
diff --git a/doc/changes/changes_0.5.0.md b/doc/changes/changes_0.5.0.md
@@ -0,0 +1,39 @@
+# Exasol Virtual Schema (Lua) 0.5.0, released 2023-04-21
+
+Code name: Partial TLS Support (without certificate validation)
+
+## Summary
+
+With version 0.5.0 the connection between the Virtual Schema Adapter and the remote Exasol uses TLS for encrypting the communication.
+
+Note however, that this feature is not complete yet. It lacks validation of the peer certificate. The reason is that Lua does not yet have access to the certificate store, so the feature requires a change in the Exasol database. Once certificate validation is available, the EVSL will reach version 1.0.0.
+
+What does this mean for users? They can test connecting the Exasol Virtual Schema to a remote Exasol server with an encrypted connection. The connection **cannot be treated as secure** though, because validating the peer certificate is a required step in establishing trust between the VS and the remote server. Without this attackers can pretend to be an Exasol server or run a man-in-the-middle attack.
+
+If you need an actually secure connection you will unfortunately have to wait until version 1.0.0.
+
+## Features
+
+* #23: Added TLS Support
+
+## Dependency Updates
+
+### Test Dependency Updates
+
+* Updated `com.exasol:exasol-jdbc:7.1.17` to `7.1.19`
+* Updated `com.exasol:exasol-testcontainers:6.5.1` to `6.5.2`
+* Updated `com.exasol:hamcrest-resultset-matcher:1.5.2` to `1.6.0`
+* Updated `org.slf4j:slf4j-jdk14:2.0.6` to `2.0.7`
+* Updated `org.testcontainers:junit-jupiter:1.17.6` to `1.18.0`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.3` to `2.9.7`
+* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.10.1` to `3.11.0`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.1.0` to `3.3.0`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M8` to `3.0.0`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8` to `3.0.0`
+* Added `org.basepom.maven:duplicate-finder-maven-plugin:1.5.1`
+* Updated `org.codehaus.mojo:flatten-maven-plugin:1.3.0` to `1.4.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.14.2` to `2.15.0`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.8` to `0.8.9`
diff --git a/doc/model/diagrams/component/comp_exasol_virtual_schema.plantuml b/doc/model/diagrams/component/comp_exasol_virtual_schema.plantuml
@@ -31,11 +31,20 @@ component exasol-virtual-schema-lua {
         MetadataReaderFactory --> LocalMetadataReader : create
         MetadataReaderFactory --> RemoteMetadataReader : create
     }
-
+
+    package luasql <<external>> {
+        package exasol {
+            component Driver
+            component WebSockets
+
+            Driver -l-> WebSockets
+        }
+    }
+
     entry -d-> RequestDispatcher : create
     entry -d-> ExasolAdapter : create
     entry -d-> MetadataReaderFactory : create
-
+    RemoteMetadataReader -d-> Driver
 }
 
 url of entry is [[../sequence/seq_entry.svg]]

diff --git a/doc/model/diagrams/sequence/seq_read_remote_schema_metadata.plantuml b/doc/model/diagrams/sequence/seq_read_remote_schema_metadata.plantuml
@@ -1,6 +1,7 @@
 ' [dsn -> req~reading-source-metadata~1] forwarding already done in local metadata reading UML
 ' [dsn -> req~filtering-tables~1] forwarding already done in local metadata reading UML
 ' [dsn -> req~defining-the-remote-connection~1 >> impl, utest, itest]
+' [dsn -> req~tls-connection~1 >> impl, itest]
 
 @startuml
 !include ../clean.skin
@@ -33,6 +34,9 @@ deactivate ConnectionReader
 
 RemotedMetadataReader -> ExasolDriverLua : read schema details (schema)
 activate ExasolDriverLua
+ExasolDriverLua -> ExasolDriverLua : connect (TLS options)
+activate ExasolDriverLua
+deactivate ExasolDriverLua
 ExasolDriverLua -->> RemotedMetadataReader : list of tables
 deactivate ExasolDriverLua
 

diff --git a/doc/system_requirements.md b/doc/system_requirements.md
@@ -119,6 +119,34 @@ Covers:
 
 Needs: dsn
 
+### TLS Connection
+`req~tls-connection~1`
+
+EVSL establishes a TLS connection to the remote Exasol database.
+
+Rationale:
+
+TLS provides the necessary privacy for transmitting production data.
+
+Covers:
+
+* [feat~remote-virtual-schema~1](#remote-virtual-schema)
+
+Needs: dsn
+
+### TLS Certificate Validation
+`req~tls-certificate-validation~1`
+
+EVSL validates TLS certificate.
+
+Rationale:
+
+Certificate validation is required to establish trusted connection to a remote Exasol database.
+
+Comment:
+
+[#38](https://github.com/exasol/exasol-virtual-schema-lua/issues/36): This requirement is currently blocked by missing access for Lua to the truststore. Therefore, the `needs` part of this requirement is no yet here. 
+
 ### Reading Source Metadata
 `req~reading-source-metadata~1`
 

diff --git a/exasol-virtual-schema-lua-0.4.0-1.rockspec → exasol-virtual-schema-lua-0.5.0-1.rockspec b/exasol-virtual-schema-lua-0.4.0-1.rockspec → exasol-virtual-schema-lua-0.5.0-1.rockspec
@@ -1,6 +1,6 @@
 rockspec_format = "3.0"
 
-local tag = "0.4.0"
+local tag = "0.5.0"
 local project = "exasol-virtual-schema-lua"
 local src = "src/main/lua"
 

diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom