From 616d44c9885b5697aad40539c92ff226518c7a03 Mon Sep 17 00:00:00 2001 From: kjuulh Date: Sun, 26 May 2024 17:23:58 +0200 Subject: [PATCH] feat: tls Signed-off-by: kjuulh --- Cargo.lock | 77 +++++++++++++++++-- crates/flux-releaser/Cargo.toml | 2 +- crates/flux-releaser/src/app.rs | 3 +- crates/flux-releaser/src/app/infra/aws_s3.rs | 1 + crates/flux-releaser/src/app/infra/grpc.rs | 21 +++-- crates/flux-releaser/src/grpc.rs | 37 ++++++--- .../src/services/release_manager.rs | 4 +- 7 files changed, 117 insertions(+), 28 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c2bb4d2..1578759 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -495,7 +495,7 @@ dependencies = [ "once_cell", "pin-project-lite", "pin-utils", - "rustls", + "rustls 0.21.12", "tokio", "tracing", ] @@ -700,6 +700,12 @@ version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + [[package]] name = "base64-simd" version = "0.8.0" @@ -1686,10 +1692,10 @@ dependencies = [ "http 0.2.12", "hyper 0.14.28", "log", - "rustls", + "rustls 0.21.12", "rustls-native-certs", "tokio", - "tokio-rustls", + "tokio-rustls 0.24.1", ] [[package]] @@ -2049,9 +2055,9 @@ dependencies = [ "parking_lot", "regex", "ring 0.16.20", - "rustls", + "rustls 0.21.12", "rustls-native-certs", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "rustls-webpki 0.100.3", "serde", "serde_json", @@ -2599,7 +2605,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "serde", "serde_json", "serde_urlencoded", @@ -2716,6 +2722,20 @@ dependencies = [ "sct", ] +[[package]] +name = "rustls" +version = "0.22.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432" +dependencies = [ + "log", + "ring 0.17.8", + "rustls-pki-types", + "rustls-webpki 0.102.4", + "subtle", + "zeroize", +] + [[package]] name = "rustls-native-certs" version = "0.6.3" @@ -2723,7 +2743,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "schannel", "security-framework", ] @@ -2737,6 +2757,22 @@ dependencies = [ "base64 0.21.7", ] +[[package]] +name = "rustls-pemfile" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" +dependencies = [ + "base64 0.22.1", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" + [[package]] name = "rustls-webpki" version = "0.100.3" @@ -2757,6 +2793,17 @@ dependencies = [ "untrusted 0.9.0", ] +[[package]] +name = "rustls-webpki" +version = "0.102.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" +dependencies = [ + "ring 0.17.8", + "rustls-pki-types", + "untrusted 0.9.0", +] + [[package]] name = "rustversion" version = "1.0.17" @@ -3497,7 +3544,18 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls", + "rustls 0.21.12", + "tokio", +] + +[[package]] +name = "tokio-rustls" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" +dependencies = [ + "rustls 0.22.4", + "rustls-pki-types", "tokio", ] @@ -3545,7 +3603,10 @@ dependencies = [ "percent-encoding", "pin-project", "prost", + "rustls-pemfile 2.1.2", + "rustls-pki-types", "tokio", + "tokio-rustls 0.25.0", "tokio-stream", "tower", "tower-layer", diff --git a/crates/flux-releaser/Cargo.toml b/crates/flux-releaser/Cargo.toml index 4b2c80e..eceae68 100644 --- a/crates/flux-releaser/Cargo.toml +++ b/crates/flux-releaser/Cargo.toml @@ -12,7 +12,7 @@ clap.workspace = true dotenv.workspace = true axum.workspace = true prost = "0.12.3" -tonic = "0.11.0" +tonic = { version = "0.11.0", features = ["tls"] } uuid = { version = "1.7.0", features = ["v7", "v4"] } async-trait = "0.1.77" aws-config = { version = "1.1.5", features = ["behavior-version-latest"] } diff --git a/crates/flux-releaser/src/app.rs b/crates/flux-releaser/src/app.rs index fc35576..67cdc92 100644 --- a/crates/flux-releaser/src/app.rs +++ b/crates/flux-releaser/src/app.rs @@ -44,7 +44,8 @@ impl App { nats: infra::nats::Nats::new().await?, database: infra::database::get_database().await?, git: Git::new( - "ssh://git@git.front.kjuulh.io/kjuulh/clank-clusters.git".into(), + std::env::var("FLUX_RELEASER_GIT_REPOSITORY") + .unwrap_or("ssh://git@git.front.kjuulh.io/kjuulh/clank-clusters.git".into()), ClusterList::default(), Archive::default(), ) diff --git a/crates/flux-releaser/src/app/infra/aws_s3.rs b/crates/flux-releaser/src/app/infra/aws_s3.rs index e72be74..0f5c56e 100644 --- a/crates/flux-releaser/src/app/infra/aws_s3.rs +++ b/crates/flux-releaser/src/app/infra/aws_s3.rs @@ -15,6 +15,7 @@ pub async fn s3_client() -> anyhow::Result { let config = aws_sdk_s3::config::Builder::from(&shared_config.load().await) .endpoint_url(std::env::var("AWS_ENDPOINT_URL").context("AWS_ENDPOINT_URL was not set")?) + .force_path_style(true) .build(); let client = aws_sdk_s3::Client::from_conf(config); diff --git a/crates/flux-releaser/src/app/infra/grpc.rs b/crates/flux-releaser/src/app/infra/grpc.rs index 3ee6649..231fdd4 100644 --- a/crates/flux-releaser/src/app/infra/grpc.rs +++ b/crates/flux-releaser/src/app/infra/grpc.rs @@ -1,19 +1,28 @@ use std::sync::Arc; -use anyhow::Context; use tokio::sync::Mutex; -use tonic::transport::Channel; +use tonic::transport::{Channel, ClientTlsConfig}; use crate::grpc::gen::flux_releaser_client::FluxReleaserClient; pub type FluxReleaserGrpcClient = Arc>>; pub async fn new_client(registry: impl Into) -> anyhow::Result { - let registry = registry.into(); + let registry: String = registry.into(); - let client = FluxReleaserClient::connect(registry) - .await - .context("failed to connect to flux_releaser registry")?; + let channel = if registry.starts_with("https") { + let mut tls = ClientTlsConfig::new(); + tls = tls.domain_name(®istry); + + Channel::from_shared(registry)? + .tls_config(tls)? + .connect() + .await? + } else { + Channel::from_shared(registry)?.connect().await? + }; + + let client = FluxReleaserClient::new(channel); Ok(Arc::new(Mutex::new(client))) } diff --git a/crates/flux-releaser/src/grpc.rs b/crates/flux-releaser/src/grpc.rs index b365a22..0d2a0fa 100644 --- a/crates/flux-releaser/src/grpc.rs +++ b/crates/flux-releaser/src/grpc.rs @@ -64,14 +64,21 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc { let _ = file.write(&item.content).await?; } + tracing::info!("got this far 1a"); file.flush().await?; + tracing::info!("got this far 1"); let upload_id = match self.release_manager.upload_artifact(file_path.into()).await { Ok(res) => res, - Err(e) => return Err(tonic::Status::unknown(e.to_string())), + Err(e) => { + tracing::warn!("failed to upload artifact: {}", e); + return Err(tonic::Status::unknown(e.to_string())); + } }; + tracing::info!("got this far 2"); + Ok(tonic::Response::new(UploadArtifactResponse { upload_id: upload_id.to_string(), })) @@ -85,12 +92,15 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc { let req = request.into_inner(); let artifact = self .release_manager - .commit_artifact( - req.try_into() - .map_err(|e: anyhow::Error| tonic::Status::invalid_argument(e.to_string()))?, - ) + .commit_artifact(req.try_into().map_err(|e: anyhow::Error| { + tracing::warn!("failed to parse input body: {}", e); + tonic::Status::invalid_argument(e.to_string()) + })?) .await - .map_err(|e: anyhow::Error| tonic::Status::internal(e.to_string()))?; + .map_err(|e: anyhow::Error| { + tracing::warn!("failed to commit artifact: {}", e); + tonic::Status::internal(e.to_string()) + })?; Ok(tonic::Response::new(CommitArtifactResponse { artifact_id: artifact.to_string(), @@ -104,13 +114,18 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc { ) -> std::result::Result, tonic::Status> { let req = request.into_inner(); + tracing::info!("some trigger release"); + self.release_manager - .release( - req.try_into() - .map_err(|e: anyhow::Error| tonic::Status::invalid_argument(e.to_string()))?, - ) + .release(req.try_into().map_err(|e: anyhow::Error| { + tracing::warn!("failed to parse input body: {}", e); + tonic::Status::invalid_argument(e.to_string()) + })?) .await - .map_err(|e| tonic::Status::internal(e.to_string()))?; + .map_err(|e| { + tracing::warn!("failed to release: {}", e); + tonic::Status::internal(e.to_string()) + })?; Ok(tonic::Response::new(TriggerReleaseResponse {})) } diff --git a/crates/flux-releaser/src/services/release_manager.rs b/crates/flux-releaser/src/services/release_manager.rs index 98ca8b2..4715f36 100644 --- a/crates/flux-releaser/src/services/release_manager.rs +++ b/crates/flux-releaser/src/services/release_manager.rs @@ -106,7 +106,9 @@ impl ReleaseManager { let artifact_contents = tokio::fs::read(artifact).await?; let env = if release_req.branch == "main" { - "prod" + // FIXME: select prod instead + //"prod" + "dev" } else { "dev" };