[SC-6101][REDSHIFT] Fix auto-enable SSL feature for Postgres driver

Integreation test "test.redshift", part of "dogfood_notebook_tests", was failing for Spark branch-2.1 with an SSL-related error.

Root cause:
- Postgres JDBC driver expects all-lowercase options in the URL, while we were providing camelCase ones (e.g. _sslRootCert_ as opposed to _sslrootcert_).

Why this wasn't caught by Spark-side integration tests:
- All tests use the "redshift" subprotocol, which asks for the Redshift driver.
- The Postgres integration tests don't involve Redshift and therefore don't exercise this feature.
- Even after manually changing the subprotocol to "postgresql", the Redshift driver was still being picked up by _Class.forName("org.postgres.Driver")_ because it was present in the classpath with more priority.

Why the intended way of disabling this feature didn't work:
- Per Postgres JDBC docs, _&ssl=false_ has in fact the exact opposite effect: it enables SSL encryption (!)

## What changes were proposed in this pull request?

- Change ssl-related options to lowercase.
- Introduce Dataframe reader option "autoenablessl" for disabling the feature.
- Extend Redshift SSL integration test suite to verify that this new flag works.

## How was this patch tested?

- _bazel run //spark/images:2.1.x-scala2.10_dogfood_notebook_tests_: https://dogfood.staging.cloud.databricks.com/#job/186727/run/1
- Existing _redshift-integration-tests_
- New integration test

## To Do in a separate PR:
- Make _redshift-integration-tests_ also exercise the Postgres driver that we actually bundle.

Author: Adrian Ionescu <[email protected]>

Closes apache#271 from adrian-ionescu/redshift-ssl-SC-6101.

Author: adrian-ionescu

external/redshift-integration-tests/src/test/scala/com/databricks/spark/redshift/AWSCredentialsInUriIntegrationSuite.scala

@@ -42,12 +42,12 @@ class AWSCredentialsInUriIntegrationSuite extends IntegrationSuiteBase {
     assert(!AWS_SECRET_ACCESS_KEY.contains("/"), "AWS secret key should not contain slash")
     sc = new SparkContext("local", getClass.getSimpleName)
     /* Have to create this schema here, because default read/write from base class use it. */
-    val schemaConn = DefaultJDBCWrapper.getConnector(None, jdbcUrl, None)
+    val schemaConn = DefaultJDBCWrapper.getConnector(None, jdbcUrl, None, true)
     schemaConn.createStatement().executeUpdate(s"create schema if not exists $schemaName")
     schemaConn.commit()
     schemaConn.close()
     conn = DefaultJDBCWrapper.getConnector(None,
-      jdbcUrl, None, Some(s"$schemaName, '$$user', public"))
+      jdbcUrl, None, true, Some(s"$schemaName, '$$user', public"))
   }
 
   test("roundtrip save and load") {

external/redshift-integration-tests/src/test/scala/com/databricks/spark/redshift/IntegrationSuiteBase.scala

@@ -91,7 +91,7 @@ trait IntegrationSuiteBase
     sc.hadoopConfiguration.setBoolean("fs.s3n.impl.disable.cache", true)
     sc.hadoopConfiguration.set("fs.s3n.awsAccessKeyId", AWS_ACCESS_KEY_ID)
     sc.hadoopConfiguration.set("fs.s3n.awsSecretAccessKey", AWS_SECRET_ACCESS_KEY)
-    conn = DefaultJDBCWrapper.getConnector(None, jdbcUrl, None)
+    conn = DefaultJDBCWrapper.getConnector(None, jdbcUrl, None, true)
     conn.setAutoCommit(true)
     jdbcUpdate(s"create schema if not exists $schemaName")
     jdbcUpdate(s"set search_path to $schemaName, '$$user', public")

external/redshift-integration-tests/src/test/scala/com/databricks/spark/redshift/PostgresDriverIntegrationSuite.scala

@@ -24,7 +24,7 @@ class PostgresDriverIntegrationSuite extends IntegrationSuiteBase {
   }
 
   test("postgresql driver takes precedence for jdbc:postgresql:// URIs") {
-    val conn = DefaultJDBCWrapper.getConnector(None, jdbcUrl, None)
+    val conn = DefaultJDBCWrapper.getConnector(None, jdbcUrl, None, true)
     try {
       // TODO(josh): this is slightly different than what was done in open-source spark-redshift.
       // This is due to conflicting PG driver being pulled in via transitive Spark test deps.

external/redshift-integration-tests/src/test/scala/com/databricks/spark/redshift/RedshiftSSLIntegrationSuite.scala

@@ -9,29 +9,77 @@
 
 package com.databricks.spark.redshift
 
+import java.io.{File, FileInputStream, FileOutputStream}
 import java.sql.SQLException
 
+import org.apache.commons.io.IOUtils
+
 import org.apache.spark.tags.ExtendedRedshiftTest
 
 @ExtendedRedshiftTest
 class RedshiftSSLIntegrationSuite extends IntegrationSuiteBase {
 
-  test("SSL is not auto-configured if SSL options are set in the JDBC URI") {
-    withTempRedshiftTable("jdbc_url_ssl_options_take_precedence_2") { tableName =>
-      // If the user specifies SSL options in the URL then this takes precedence.
-      // In the following test, the user-specified options will not work because
-      // the sslRootCert is not specified and the Amazon certificate is assumed to
-      // not be in the system truststore. Therefore, we expect this write to fail:
-      val e = intercept[SQLException] {
-        write(sqlContext.range(10))
-          .option("user", AWS_REDSHIFT_USER)
-          .option("password", AWS_REDSHIFT_PASSWORD)
-          .option("url",
-            s"$AWS_REDSHIFT_JDBC_URL?&ssl=true&sslMode=verify-full")
-          .option("dbtable", tableName)
-          .save()
-      }
-      assert(e.getMessage.contains("General SSLEngine problem"))
+  def testThatItWorks(url: String, autoSslOption: Option[Boolean]): Unit = {
+    val dfReader = read
+      .option("url", url)
+      .option("user", AWS_REDSHIFT_USER)
+      .option("password", AWS_REDSHIFT_PASSWORD)
+      .option("query", "select 42")
+
+    val finalDfReader = autoSslOption match {
+      case Some(flag) => dfReader.option("autoenablessl", flag.toString)
+      case _ => dfReader
     }
+    val ret = finalDfReader.load().collect()
+    assert(ret.size == 1 && ret(0)(0) == 42)
+  }
+
+  def testThatItFails(url: String, autoSslOption: Option[Boolean], errorMessage: String): Unit = {
+    val e = intercept[SQLException] {
+      testThatItWorks(url, autoSslOption)
+    }
+    assert(e.getMessage.contains(errorMessage))
+  }
+
+  val generalSslproblem = "General SSLEngine problem"
+  val errorImportingCertificate = "Error importing certificate in to truststore."
+
+  test("Simple test") {
+    testThatItWorks(AWS_REDSHIFT_JDBC_URL, None)
+    testThatItWorks(AWS_REDSHIFT_JDBC_URL, Some(false))
+    testThatItWorks(AWS_REDSHIFT_JDBC_URL, Some(true))
+  }
+
+  test("SSL is not auto-configured if SSL options are set in the JDBC URI") {
+    // If the user specifies SSL options in the URL then this takes precedence.
+    // In the following test, the user-specified options will not work because
+    // the sslRootCert is not specified and the Amazon certificate is assumed to
+    // not be in the system truststore. Therefore, we expect this write to fail:
+    val url = s"$AWS_REDSHIFT_JDBC_URL?ssl=true&sslMode=verify-full"
+
+    testThatItFails(url, None, generalSslproblem)
+    testThatItFails(url, Some(true), generalSslproblem)
+    testThatItFails(url, Some(false), generalSslproblem)
+  }
+
+  test("Make sure feature flag works in case of issues") {
+    // Simulate a problem/bug that's related to this feature by
+    // deleting the server certificate file.
+    val existingCert = DefaultJDBCWrapper.redshiftSslCert
+    assert(existingCert.exists())
+    val certBackup = File.createTempFile("redshift-ssl-ca-cert", ".bkp")
+    IOUtils.copy(new FileInputStream(existingCert), new FileOutputStream(certBackup))
+    existingCert.delete()
+
+    testThatItFails(AWS_REDSHIFT_JDBC_URL, None, errorImportingCertificate)
+    testThatItFails(AWS_REDSHIFT_JDBC_URL, Some(true), errorImportingCertificate)
+
+    // Disabling the feature should work around the issue and allow the user to run their query.
+    testThatItWorks(AWS_REDSHIFT_JDBC_URL, Some(false))
+
+    // Restore the file and check that it all works again.
+    IOUtils.copy(new FileInputStream(certBackup), new FileOutputStream(existingCert))
+    testThatItWorks(AWS_REDSHIFT_JDBC_URL, None)
+    testThatItWorks(AWS_REDSHIFT_JDBC_URL, Some(true))
   }
 }

external/redshift/src/main/scala/com/databricks/spark/redshift/DefaultSource.scala

@@ -71,8 +71,7 @@ class DefaultSource(
     }
 
     def tableExists: Boolean = {
-      val conn = jdbcWrapper.getConnector(params.jdbcDriver,
-        params.jdbcUrl, params.credentials, params.searchPath)
+      val conn = jdbcWrapper.getConnector(params)
       try {
         jdbcWrapper.tableExists(conn, table.toString)
       } finally {

external/redshift/src/main/scala/com/databricks/spark/redshift/Parameters.scala

@@ -32,7 +32,8 @@ private[redshift] object Parameters {
     "usestagingtable" -> "true",
     "preactions" -> ";",
     "postactions" -> ";",
-    "singleoutput" -> "false"
+    "singleoutput" -> "false",
+    "autoenablessl" -> "true"
   )
 
   val VALID_TEMP_FORMATS = Set("AVRO", "CSV", "CSV GZIP")
@@ -290,6 +291,13 @@ private[redshift] object Parameters {
      */
     def forwardSparkS3Credentials: Boolean = parameters("forward_spark_s3_credentials").toBoolean
 
+    /**
+     * If true, this library will automatically enable full SSL encryption (sslmode=verify-full)
+     * for the JDBC connection, using a dynamically downloaded server certificate from Amazon, or
+     * a pre-bundled one as a backup in case the download fails.
+     */
+    def autoEnableSSL: Boolean = parameters("autoenablessl").toBoolean
+
     /**
      * Temporary AWS credentials which are passed to Redshift. These only need to be supplied by
      * the user when Hadoop is configured to authenticate to S3 via IAM roles assigned to EC2

external/redshift/src/main/scala/com/databricks/spark/redshift/RedshiftJDBCWrapper.scala

@@ -50,7 +50,7 @@ private[redshift] class JDBCWrapper {
     ExecutionContext.fromExecutorService(Executors.newCachedThreadPool(threadFactory))
   }
 
-  private lazy val redshiftSslCert: File = {
+  private[redshift] lazy val redshiftSslCert: File = {
     val outFile = File.createTempFile("redshift-ssl-ca-cert", ".tmp")
     outFile.deleteOnExit()
     try {
@@ -213,12 +213,14 @@ private[redshift] class JDBCWrapper {
    *                                discover the appropriate driver class.
    * @param url the JDBC url to connect to.
    * @param credentials User credentials
+   * @param autoEnableSSL Whether or not full SSL encryption should be automatically enabled.
    * @param schemaSearchPath Schema search_path to use.
    */
   def getConnector(
       userProvidedDriverClass: Option[String],
       url: String,
       credentials: Option[(String, String)],
+      autoEnableSSL: Boolean,
       schemaSearchPath: Option[String] = None) : Connection = {
     val subprotocol = url.stripPrefix("jdbc:").split(":")(0)
     val driverClass: String = getDriverClass(subprotocol, userProvidedDriverClass)
@@ -250,33 +252,35 @@ private[redshift] class JDBCWrapper {
       properties.setProperty("password", password)
     }
 
-    // We enable SSL by default, unless the user provides any explicit SSL-related settings.
-    if (!(url.contains("?ssl") || url.contains("&ssl"))) {
-      val driverVersion = Utils.classForName(driverClass).getPackage.getImplementationVersion
-      if (driverClass.contains("redshift") &&
-          Utils.compareVersions(driverVersion, "1.1.17.1017") < 0) {
-        // The Redshift driver only started supporting `sslRootCert` since version "1.1.17".
-        // With older drivers the combination of options below results in an uninformative
-        // `GeneralSSLEngine` error.
-        // scalastyle:off
-        throw new RuntimeException(
-          s"""Old version of Redshift JDBC driver detected ($driverVersion), which does not support
-             |the `sslRootCert` option that's needed for auto-enabling full SSL encryption.
-             |The `sslRootCert` option is only supported in versions 1.1.17 and higher.
+    if (autoEnableSSL) {
+      // Auto-enable full SSL encryption, unless the user provides any explicit SSL-related settings
+      if (!(url.contains("?ssl") || url.contains("&ssl"))) {
+        val driverVersion = Utils.classForName(driverClass).getPackage.getImplementationVersion
+        if (driverClass.contains("redshift") &&
+            Utils.compareVersions(driverVersion, "1.1.17.1017") < 0) {
+          // The Redshift driver only started supporting `sslRootCert` since version "1.1.17".
+          // With older drivers the combination of options below results in an uninformative
+          // `GeneralSSLEngine` error.
+          // scalastyle:off
+          throw new RuntimeException(
+            s"""Old version of Redshift JDBC driver detected ($driverVersion), which does not support
+             |the `sslrootcert` option that's needed for auto-enabling full SSL encryption.
+             |The `sslrootcert` option is only supported in versions 1.1.17 and higher.
              |See https://s3.amazonaws.com/redshift-downloads/drivers/Amazon+Redshift+JDBC+Release+Notes.pdf
-             |If you're willing to proceed without SSL, then explicitly disable it by adding
-             |`ssl=false` to your JDBC URL.
+             |To work around this you can provide your own SSL config options as part of the JDBC url,
+             |or simply disable this feature via .option("autoenablessl", "false").
           """.stripMargin)
-        // scalastyle:on
+          // scalastyle:on
+        } else {
+          log.info("Auto-enabling full SSL encryption for JDBC connection to Redshift")
+          properties.setProperty("ssl", "true")
+          properties.setProperty("sslmode", "verify-full")
+          properties.setProperty("sslrootcert", redshiftSslCert.toString)
+        }
       } else {
-        log.info("Auto-enabling full SSL encryption for JDBC connection to Redshift")
-        properties.setProperty("ssl", "true")
-        properties.setProperty("sslMode", "verify-full")
-        properties.setProperty("sslRootCert", redshiftSslCert.toString)
+        log.info("Not auto-enabling full SSL encryption for JDBC connection to Redshift because " +
+          "explicit SSL-related options were detected in the JDBC URL")
       }
-    } else {
-      log.info("Not auto-enabling full SSL encryption for JDBC connection to Redshift because " +
-        "explicit SSL-related options were detected in the JDBC URL")
     }
 
     val conn = driver.connect(url, properties)
@@ -299,7 +303,8 @@ private[redshift] class JDBCWrapper {
     val url = params.jdbcUrl
     val credentials = params.credentials
     val searchPath = params.searchPath
-    getConnector(driverClass, url, credentials, searchPath)
+    val autoEnableSSL = params.autoEnableSSL
+    getConnector(driverClass, url, credentials, autoEnableSSL, searchPath)
   }
 
   /**

external/redshift/src/test/scala/com/databricks/spark/redshift/MockRedshift.scala

@@ -63,7 +63,7 @@ class MockRedshift(
       override def answer(invocation: InvocationOnMock): Connection = createMockConnection()
     }).when(jdbcWrapper)
       .getConnector(any[Option[String]](),
-        same(jdbcUrl), any[Option[(String, String)]](), any[Option[String]]())
+        same(jdbcUrl), any[Option[(String, String)]](), any[Boolean], any[Option[String]]())
 
   doAnswer(new Answer[Boolean] {
     override def answer(invocation: InvocationOnMock): Boolean = {