fix(go): support tls connections and validate over tls#97
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the Go Trino driver’s TLS handling (custom HTTP client + TLS config) and extends the Go validation environment/tests to exercise HTTPS against a self-signed local Trino Docker setup.
Changes:
- Add per-connection custom HTTP client registration with explicit TLS configuration (trusted CA and “skip verification” modes).
- Update Python URI validation tests/fixtures to construct HTTP/HTTPS URIs and validate TLS scenarios (including self-signed CA).
- Extend local Docker Compose setup/scripts/config to expose HTTPS (8443) and generate/mount TLS assets.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| go/validation/tests/trino/test_uri.py | Updates URI/DSN tests to use username-only auth and to validate multiple SSL/TLS modes (trusted CA, skip verify, plain HTTP). |
| go/validation/tests/trino/conftest.py | Reworks fixtures to build URIs/DSNs from environment variables and support HTTP/HTTPS ports + cert path. |
| go/validation/README.md | Adds pre-build step and documents HTTPS TRINO_DSN example for self-signed CA usage. |
| go/db_factory.go | Implements TLS-aware custom HTTP client creation/registration and prevents TLS settings from leaking via config fields. |
| go/compose.yaml | Exposes 8443 and mounts Trino HTTPS config + generated keystore/CA cert into the container. |
| go/ci/scripts/pre-build.sh | New script to generate a local self-signed CA + PKCS#12 keystore for the Docker HTTPS setup. |
| go/ci/docker/trino/config.properties | Enables HTTPS alongside HTTP in the local Trino container and points to the mounted keystore. |
| go/ci/docker/certs/openssl-server.cnf | OpenSSL server certificate config (SANs for localhost/127.0.0.1) used to generate the keystore. |
| go/ci/docker/certs/openssl-ca.cnf | OpenSSL config for generating the self-signed CA cert used for local trust. |
| go/.gitignore | Ignores generated TLS artifacts (ca.crt, localhost.p12). |
| go/.env.linux | Switches validation defaults to HTTPS (8443) and adds TRINO_SSL_* env vars used by URI-specific tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Were you able to replicate the original issue?
There was a problem hiding this comment.
I tested the driver with a self-signed certificate and found an issue. This PR fixes it, but the error I saw was different from the original issue. The original error showed "schema does not exist," which I suspect may be a downstream effect of this bug. I asked the reporter to try a local build after the PR is merged. If the error persists, I will investigate further.
What's Changed
This PR fixes TLS handling and updates the validation to test self-signed TLS.