Draft trust store reload endpoint and node ops method.

management-api-agent-common/src/main/java/com/datastax/mgmtapi/NodeOpsProvider.java

@@ -60,6 +60,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+
 /** Replace JMX calls with CQL 'CALL' methods via the Rpc framework */
 public class NodeOpsProvider {
   private static final Logger logger = LoggerFactory.getLogger(NodeOpsProvider.class);
@@ -940,6 +941,12 @@ public String move(
     return submitJob("move", moveOperation, async);
   }
 
+  @Rpc(name = "reloadTruststore")
+  public void reloadTruststore() throws Exception {
+   ShimLoader.instance.get().reloadTrustManager();
+  }
+
+
   @Rpc(name = "getRangeToEndpointMap")
   public Map<List<String>, List<String>> getRangeToEndpointMap(
       @RpcParam(name = "keyspaceName") String keyspaceName) {

management-api-agent-dse-6.8/pom.xml

@@ -45,9 +45,15 @@
     </dependency>
     <dependency>
       <groupId>com.datastax.dse</groupId>
-      <artifactId>dse-commons</artifactId>
+      <artifactId>dse-core</artifactId>
       <version>${dse.version}</version>
       <scope>provided</scope>
+      <exclusions>
+         <exclusion>
+          <groupId>org.eclipse.jetty.aggregate</groupId>
+          <artifactId>jetty-all</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>com.datastax.dse</groupId>

management-api-agent-dse-6.8/src/main/java/com/datastax/mgmtapi/shim/DseAPI68.java

@@ -5,6 +5,7 @@
  */
 package com.datastax.mgmtapi.shim;
 
+import com.datastax.bdp.transport.common.DseReloadableTrustManager;
 import com.datastax.mgmtapi.shims.CassandraAPI;
 import com.datastax.mgmtapi.shims.RpcStatementShim;
 import com.google.common.base.Suppliers;
@@ -333,4 +334,8 @@ public RpcStatementShim makeRpcStatement(String method, String[] params) {
   public HintsService getHintsService() {
     return HintsService.instance;
   }
+
+  public void reloadTrustManager() throws Exception {
+    DseReloadableTrustManager.serverEncryptionInstance().reloadTrustManager();
+  }
 }

management-api-agent-dse-6.9/pom.xml

@@ -45,9 +45,15 @@
     </dependency>
     <dependency>
       <groupId>com.datastax.dse</groupId>
-      <artifactId>dse-commons</artifactId>
+      <artifactId>dse-core</artifactId>
       <version>${dse.version}</version>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>org.eclipse.jetty.aggregate</groupId>
+          <artifactId>jetty-all</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>com.datastax.dse</groupId>

management-api-agent-dse-6.9/src/main/java/com/datastax/mgmtapi/shim/DseAPI69.java

@@ -5,6 +5,7 @@
  */
 package com.datastax.mgmtapi.shim;
 
+import com.datastax.bdp.transport.common.DseReloadableTrustManager;
 import com.datastax.mgmtapi.shims.CassandraAPI;
 import com.datastax.mgmtapi.shims.RpcStatementShim;
 import com.google.common.base.Suppliers;
@@ -333,4 +334,9 @@ public RpcStatementShim makeRpcStatement(String method, String[] params) {
   public HintsService getHintsService() {
     return HintsService.instance;
   }
+
+  public void reloadTrustManager() throws Exception {
+    DseReloadableTrustManager.serverEncryptionInstance().reloadTrustManager();
+  }
+
 }

management-api-common/src/main/java/com/datastax/mgmtapi/shims/CassandraAPI.java

@@ -82,4 +82,9 @@ default Object handleRpcResult(Callable<Object> rpcResult) throws Exception {
   default List<String> getKeyspaces() {
     return StorageService.instance.getKeyspaces();
   }
+
+  default void reloadTrustManager() throws Exception {
+    throw new Exception("Unimplemented for Cassandra, only available for DSE");
+  };
+
 }

management-api-server/src/main/java/com/datastax/mgmtapi/resources/NodeOpsResources.java

@@ -663,7 +663,39 @@ public Response searchIndexRebuild(
         });
   }
 
-  private static final String FQL_QUERY_RESPONSE_EXAMPLE =
+    @POST
+    @Path("/reload-truststore")
+    @Produces(MediaType.TEXT_PLAIN)
+    @ApiResponse(
+            responseCode = "200",
+            description = "Truststore reloaded successfully",
+            content =
+            @Content(
+                    mediaType = MediaType.TEXT_PLAIN,
+                    schema = @Schema(implementation = String.class),
+                    examples = @ExampleObject(value = "OK")))
+    @Operation(summary = "reload truststore", operationId = "reloadTruststore")
+    public Response reloadTruststore() {
+        return handle(
+                () -> {
+                    final String releaseVersion =
+                            ResponseTools.getSingleRowStringResponse(
+                                    app.dbUnixSocketFile, app.cqlService, CASSANDRA_VERSION_CQL_STRING);
+                    if (!releaseVersion.startsWith("4.0.0.68") && !releaseVersion.startsWith("4.0.0.69")) {
+                        // rebuilding search index is only possible on DSE
+                        return Response.status(Response.Status.BAD_REQUEST)
+                                .entity("Reloading the truststore manually is only possible on DSE")
+                                .build();
+                    }
+
+                    app.cqlService.executeCql(app.dbUnixSocketFile, "CALL NodeOps.reloadTruststore()");
+
+                    return Response.ok("OK").build();
+                });
+    }
+
+
+    private static final String FQL_QUERY_RESPONSE_EXAMPLE =
       "{\n"
           + "    \"entity\": false,\n"
           + "    \"variant\": {\n"