kjuulh/flux-releaser
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

feat: tls
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details

Browse Source 
Signed-off-by: kjuulh <contact@kjuulh.io>
This commit is contained in:
Kasper Juul Hermansen 2024-05-26 17:23:58 +02:00
parent 9601cfa980
commit 616d44c988
Signed by: kjuulh
GPG Key ID: 9AA7BC13CE474394
7 changed files with 117 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
Cargo.lock generated
View File

@ -495,7 +495,7 @@ dependencies = [
"once_cell", "once_cell",
"pin-project-lite", "pin-project-lite",
"pin-utils", "pin-utils",
"rustls", "rustls 0.21.12",
"tokio", "tokio",
"tracing", "tracing",
] ]
@ -700,6 +700,12 @@ version = "0.21.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
[[package]]
name = "base64"
version = "0.22.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
[[package]] [[package]]
name = "base64-simd" name = "base64-simd"
version = "0.8.0" version = "0.8.0"
@ -1686,10 +1692,10 @@ dependencies = [
"http 0.2.12", "http 0.2.12",
"hyper 0.14.28", "hyper 0.14.28",
"log", "log",
"rustls", "rustls 0.21.12",
"rustls-native-certs", "rustls-native-certs",
"tokio", "tokio",
"tokio-rustls", "tokio-rustls 0.24.1",
] ]
[[package]] [[package]]
@ -2049,9 +2055,9 @@ dependencies = [
"parking_lot", "parking_lot",
"regex", "regex",
"ring 0.16.20", "ring 0.16.20",
"rustls", "rustls 0.21.12",
"rustls-native-certs", "rustls-native-certs",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"rustls-webpki 0.100.3", "rustls-webpki 0.100.3",
"serde", "serde",
"serde_json", "serde_json",
@ -2599,7 +2605,7 @@ dependencies = [
"once_cell", "once_cell",
"percent-encoding", "percent-encoding",
"pin-project-lite", "pin-project-lite",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"serde", "serde",
"serde_json", "serde_json",
"serde_urlencoded", "serde_urlencoded",
@ -2716,6 +2722,20 @@ dependencies = [
"sct", "sct",
] ]
[[package]]
name = "rustls"
version = "0.22.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432"
dependencies = [
"log",
"ring 0.17.8",
"rustls-pki-types",
"rustls-webpki 0.102.4",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "rustls-native-certs" name = "rustls-native-certs"
version = "0.6.3" version = "0.6.3"
@ -2723,7 +2743,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
dependencies = [ dependencies = [
"openssl-probe", "openssl-probe",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"schannel", "schannel",
"security-framework", "security-framework",
] ]
@ -2737,6 +2757,22 @@ dependencies = [
"base64 0.21.7", "base64 0.21.7",
] ]
[[package]]
name = "rustls-pemfile"
version = "2.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d"
dependencies = [
"base64 0.22.1",
"rustls-pki-types",
]
[[package]]
name = "rustls-pki-types"
version = "1.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d"
[[package]] [[package]]
name = "rustls-webpki" name = "rustls-webpki"
version = "0.100.3" version = "0.100.3"
@ -2757,6 +2793,17 @@ dependencies = [
"untrusted 0.9.0", "untrusted 0.9.0",
] ]
[[package]]
name = "rustls-webpki"
version = "0.102.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
dependencies = [
"ring 0.17.8",
"rustls-pki-types",
"untrusted 0.9.0",
]
[[package]] [[package]]
name = "rustversion" name = "rustversion"
version = "1.0.17" version = "1.0.17"
@ -3497,7 +3544,18 @@ version = "0.24.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
dependencies = [ dependencies = [
"rustls", "rustls 0.21.12",
"tokio",
]
[[package]]
name = "tokio-rustls"
version = "0.25.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f"
dependencies = [
"rustls 0.22.4",
"rustls-pki-types",
"tokio", "tokio",
] ]
@ -3545,7 +3603,10 @@ dependencies = [
"percent-encoding", "percent-encoding",
"pin-project", "pin-project",
"prost", "prost",
"rustls-pemfile 2.1.2",
"rustls-pki-types",
"tokio", "tokio",
"tokio-rustls 0.25.0",
"tokio-stream", "tokio-stream",
"tower", "tower",
"tower-layer", "tower-layer",

2
crates/flux-releaser/Cargo.toml
View File

@ -12,7 +12,7 @@ clap.workspace = true
dotenv.workspace = true dotenv.workspace = true
axum.workspace = true axum.workspace = true
prost = "0.12.3" prost = "0.12.3"
tonic = "0.11.0" tonic = { version = "0.11.0", features = ["tls"] }
uuid = { version = "1.7.0", features = ["v7", "v4"] } uuid = { version = "1.7.0", features = ["v7", "v4"] }
async-trait = "0.1.77" async-trait = "0.1.77"
aws-config = { version = "1.1.5", features = ["behavior-version-latest"] } aws-config = { version = "1.1.5", features = ["behavior-version-latest"] }

3
crates/flux-releaser/src/app.rs
View File

@ -44,7 +44,8 @@ impl App {
nats: infra::nats::Nats::new().await?, nats: infra::nats::Nats::new().await?,
database: infra::database::get_database().await?, database: infra::database::get_database().await?,
git: Git::new( git: Git::new(
"ssh://git@git.front.kjuulh.io/kjuulh/clank-clusters.git".into(), std::env::var("FLUX_RELEASER_GIT_REPOSITORY")
.unwrap_or("ssh://git@git.front.kjuulh.io/kjuulh/clank-clusters.git".into()),
ClusterList::default(), ClusterList::default(),
Archive::default(), Archive::default(),
) )

1
crates/flux-releaser/src/app/infra/aws_s3.rs
View File

@ -15,6 +15,7 @@ pub async fn s3_client() -> anyhow::Result<aws_sdk_s3::Client> {
let config = aws_sdk_s3::config::Builder::from(&shared_config.load().await) let config = aws_sdk_s3::config::Builder::from(&shared_config.load().await)
.endpoint_url(std::env::var("AWS_ENDPOINT_URL").context("AWS_ENDPOINT_URL was not set")?) .endpoint_url(std::env::var("AWS_ENDPOINT_URL").context("AWS_ENDPOINT_URL was not set")?)
.force_path_style(true)
.build(); .build();
let client = aws_sdk_s3::Client::from_conf(config); let client = aws_sdk_s3::Client::from_conf(config);

21
crates/flux-releaser/src/app/infra/grpc.rs
View File

@ -1,19 +1,28 @@
use std::sync::Arc; use std::sync::Arc;
use anyhow::Context;
use tokio::sync::Mutex; use tokio::sync::Mutex;
use tonic::transport::Channel; use tonic::transport::{Channel, ClientTlsConfig};
use crate::grpc::gen::flux_releaser_client::FluxReleaserClient; use crate::grpc::gen::flux_releaser_client::FluxReleaserClient;
pub type FluxReleaserGrpcClient = Arc<Mutex<FluxReleaserClient<Channel>>>; pub type FluxReleaserGrpcClient = Arc<Mutex<FluxReleaserClient<Channel>>>;
pub async fn new_client(registry: impl Into<String>) -> anyhow::Result<FluxReleaserGrpcClient> { pub async fn new_client(registry: impl Into<String>) -> anyhow::Result<FluxReleaserGrpcClient> {
let registry = registry.into(); let registry: String = registry.into();
let client = FluxReleaserClient::connect(registry) let channel = if registry.starts_with("https") {
.await let mut tls = ClientTlsConfig::new();
.context("failed to connect to flux_releaser registry")?; tls = tls.domain_name(&registry);
Channel::from_shared(registry)?
.tls_config(tls)?
.connect()
.await?
} else {
Channel::from_shared(registry)?.connect().await?
};
let client = FluxReleaserClient::new(channel);
Ok(Arc::new(Mutex::new(client))) Ok(Arc::new(Mutex::new(client)))
} }

37
crates/flux-releaser/src/grpc.rs
View File

@ -64,14 +64,21 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc {
let _ = file.write(&item.content).await?; let _ = file.write(&item.content).await?;
} }
tracing::info!("got this far 1a");
file.flush().await?; file.flush().await?;
tracing::info!("got this far 1");
let upload_id = match self.release_manager.upload_artifact(file_path.into()).await { let upload_id = match self.release_manager.upload_artifact(file_path.into()).await {
Ok(res) => res, Ok(res) => res,
Err(e) => return Err(tonic::Status::unknown(e.to_string())), Err(e) => {
tracing::warn!("failed to upload artifact: {}", e);
return Err(tonic::Status::unknown(e.to_string()));
}
}; };
tracing::info!("got this far 2");
Ok(tonic::Response::new(UploadArtifactResponse { Ok(tonic::Response::new(UploadArtifactResponse {
upload_id: upload_id.to_string(), upload_id: upload_id.to_string(),
})) }))
@ -85,12 +92,15 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc {
let req = request.into_inner(); let req = request.into_inner();
let artifact = self let artifact = self
.release_manager .release_manager
.commit_artifact( .commit_artifact(req.try_into().map_err(|e: anyhow::Error| {
req.try_into() tracing::warn!("failed to parse input body: {}", e);
.map_err(|e: anyhow::Error| tonic::Status::invalid_argument(e.to_string()))?, tonic::Status::invalid_argument(e.to_string())
) })?)
.await .await
.map_err(|e: anyhow::Error| tonic::Status::internal(e.to_string()))?; .map_err(|e: anyhow::Error| {
tracing::warn!("failed to commit artifact: {}", e);
tonic::Status::internal(e.to_string())
})?;
Ok(tonic::Response::new(CommitArtifactResponse { Ok(tonic::Response::new(CommitArtifactResponse {
artifact_id: artifact.to_string(), artifact_id: artifact.to_string(),
@ -104,13 +114,18 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc {
) -> std::result::Result<tonic::Response<TriggerReleaseResponse>, tonic::Status> { ) -> std::result::Result<tonic::Response<TriggerReleaseResponse>, tonic::Status> {
let req = request.into_inner(); let req = request.into_inner();
tracing::info!("some trigger release");
self.release_manager self.release_manager
.release( .release(req.try_into().map_err(|e: anyhow::Error| {
req.try_into() tracing::warn!("failed to parse input body: {}", e);
.map_err(|e: anyhow::Error| tonic::Status::invalid_argument(e.to_string()))?, tonic::Status::invalid_argument(e.to_string())
) })?)
.await .await
.map_err(|e| tonic::Status::internal(e.to_string()))?; .map_err(|e| {
tracing::warn!("failed to release: {}", e);
tonic::Status::internal(e.to_string())
})?;
Ok(tonic::Response::new(TriggerReleaseResponse {})) Ok(tonic::Response::new(TriggerReleaseResponse {}))
} }

4
crates/flux-releaser/src/services/release_manager.rs
View File

@ -106,7 +106,9 @@ impl ReleaseManager {
let artifact_contents = tokio::fs::read(artifact).await?; let artifact_contents = tokio::fs::read(artifact).await?;
let env = if release_req.branch == "main" { let env = if release_req.branch == "main" {
"prod" // FIXME: select prod instead
//"prod"
"dev"
} else { } else {
"dev" "dev"
}; };