add support for :ssl connections #74

the-mikedavis · 2021-11-05T19:36:19Z

closes #67

I thought this would be a more scary refactor but recently I was looking under the hood of mint and realized that :gen_tcp/:ssl/:inet are actually pretty friendly!

The basic idea is to do

transport_module =
  case transport do
    :tcp -> :gen_tcp
    :ssl -> :ssl
  end

(or :inet for tcp when setting the active: :once option)

and then you can use those modules are compatible for functions like send/2 and connect/4. I also removed the Extreme.Tcp module and moved that connect function over to Extreme.Connection since I think it fits better there now with ssl.

This is WIP as I try to figure out a good way to test it. One option is to do what we do in spear and use docker-compose to spin up some containers in CI (like so), but that can be a bit annoying because then you need docker-compose installed locally to test extreme. Maybe it makes sense to tag tests as @tag :ssl, exclude them by default, and have a separate Actions workflow for ssl tests? I'll think about it!

use run instead of args use docker run instead of uses-run use bash -c in generation step add some logging don't rely on unpublished es-gencert version set entrypoint as bash create crt dirs ahead of time add all read/write priviledges on certs dir fix backslashes in esdb run move ./certs dir to /certs add sudo to directory creation commands fix formatting fix transport-opts config use verify_peer config and fix cert path point at cacertfile env var show docker logs fix backslash in docker run point esdb at cacerts directory fix trusted cert cli switch name fix path for ca cert file remove logging

the-mikedavis · 2021-11-15T18:30:28Z

ok I think this is ready now: I ended up switching the ES 21.6.0 test to use SSL, and that also allows us to test @tag :authentication tests while we're on that version (since authentication is disabled when running in --insecure mode in v20+). I'm definitely open to other approaches (maybe a separate matrix thing for ssl?)

There was a little extra work I didn't catch on the first pass updating the call to :httpc.request/5 to use ssl as well but that's fixed now I believe.

I left the gossip test out since ex_vcr was unhappy with https and I'm not too familiar with ex_vcr.

The v21.10.0 LTS release is published to docker hub now so I'll be sure to follow up with a PR bumping the testing container to that version. (afaik there are no breaking changes that would affect extreme in 21.10.0.)

burmajam · 2021-11-16T09:53:48Z

Hey @the-mikedavis , thanks a lot for this PR. I'll take a look at this one this week and I hope we'll have new version on hex next week. And thanks for hint for authentication and insecure ... It drove me crazy! :D

the-mikedavis added 5 commits November 5, 2021 14:07

add support for :ssl connections

fac0d20

add :ssl to :extra_applications

8bdbd3b

unroll unnecessary pipe

616373b

allow :ssl tags in handle_info/2

5931587

the-mikedavis changed the title ~~[wip] add support for :ssl connections~~ add support for :ssl connections Nov 15, 2021

use ssl for gossip requests via :httpc

0694a8e

the-mikedavis force-pushed the ssl branch from 7d728cf to 3220294 Compare November 15, 2021 18:22

fix --exclude format in test workflow

f5a1f81

the-mikedavis force-pushed the ssl branch from 3220294 to f5a1f81 Compare November 15, 2021 18:26

the-mikedavis marked this pull request as ready for review November 15, 2021 18:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add support for :ssl connections #74

add support for :ssl connections #74

the-mikedavis commented Nov 5, 2021

the-mikedavis commented Nov 15, 2021

burmajam commented Nov 16, 2021

add support for :ssl connections #74

Are you sure you want to change the base?

add support for :ssl connections #74

Conversation

the-mikedavis commented Nov 5, 2021

the-mikedavis commented Nov 15, 2021

burmajam commented Nov 16, 2021