Allow Trino connections with password

dev/trino-conf/README.md

@@ -0,0 +1,29 @@
+### Local Trino Cluster with Self-Signed Cert
+
+In order to test Trino with user@password you need a local cluster with Basic Auth enabled. 
+
+## First thing, we need a self signed cert.
+```
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout dev/trino-conf/etc/trino-key.pem -out dev/trino-conf/etc/trino-cert.pem -config dev/trino-conf/cert.conf
+cat dev/trino-conf/etc/trino-cert.pem dev/trino-conf/etc/trino-key.pem > dev/trino-conf/etc/trino-combined.pem
+```
+
+## Include https settings in config.properties
+
+Include the following lines in dev/trino-conf/etc/config.properties
+
+```
+http-server.https.port=8443
+http-server.https.enabled=true
+http-server.https.keystore.path=/etc/trino/trino-combined.pem
+http-server.https.keystore.key=<key>
+http-server.authentication.type=PASSWORD
+internal-communication.shared-secret="secret"
+```
+
+## Create a password.db file
+
+```
+touch dev/trino-conf/etc/password.db
+htpasswd -B -C 10 dev/trino-conf/etc/password.db test
+```

dev/trino-conf/cert.conf

@@ -0,0 +1,17 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+x509_extensions = v3_ca
+prompt = no
+
+[req_distinguished_name]
+CN = localhost
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_ca]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost

dev/trino-conf/etc/jvm.config

@@ -1,7 +1,8 @@
 -server
 -Xmx1G
--XX:-UseBiasedLocking
 -XX:+UseG1GC
+-XX:+UnlockDiagnosticVMOptions 
+-XX:G1NumCollectionsKeepPinned=10000000
 -XX:G1HeapRegionSize=32M
 -XX:+ExplicitGCInvokesConcurrent
 -XX:+HeapDumpOnOutOfMemoryError

dev/trino-conf/etc/password-authenticator.properties

@@ -0,0 +1,2 @@
+password-authenticator.name=file
+file.password-file=/etc/trino/password.db

docker-compose.yml

@@ -89,10 +89,11 @@ services:
 
     trino:
         container_name: dd-trino
-        image: 'trinodb/trino:389'
+        image: 'trinodb/trino:450'
         hostname: trino
         ports:
             - '8081:8080'
+            - '8443:8443'
         volumes:
             - ./dev/trino-conf/etc:/etc/trino:ro
         networks:

sqeleton/databases/trino.py

@@ -21,9 +21,7 @@ def normalize_timestamp(self, value: str, coltype: TemporalType) -> str:
         else:
             s = f"date_format(cast({value} as timestamp(6)), '%Y-%m-%d %H:%i:%S.%f')"
 
-        return (
-            f"RPAD(RPAD({s}, {TIMESTAMP_PRECISION_POS + coltype.precision}, '.'), {TIMESTAMP_PRECISION_POS + 6}, '0')"
-        )
+        return f"RPAD(RPAD({s}, {TIMESTAMP_PRECISION_POS + coltype.precision}, '.'), {TIMESTAMP_PRECISION_POS + 6}, '0')"
 
     def normalize_uuid(self, value: str, coltype: ColType_UUID) -> str:
         return f"TRIM({value})"
@@ -36,15 +34,26 @@ class Dialect(presto.Dialect):
     def set_timezone_to_utc(self) -> str:
         return "SET TIME ZONE '+00:00'"
 
+
 class Trino(presto.Presto):
     dialect = Dialect()
     CONNECT_URI_HELP = "trino://<user>@<host>/<catalog>/<schema>"
     CONNECT_URI_PARAMS = ["catalog", "schema"]
 
     def __init__(self, **kw):
+
         trino = import_trino()
 
         if kw.get("schema"):
             self.default_schema = kw.get("schema")
 
+        if kw.get("password"):
+            kw["auth"] = trino.auth.BasicAuthentication(
+                kw.pop("user"), kw.pop("password")
+            )
+            kw["http_scheme"] = "https"
+
+        cert = kw.pop("cert", None)
         self._conn = trino.dbapi.connect(**kw)
+        if cert is not None:
+            self._conn._http_session.verify = cert