dragonflyoss · gaius-qi · Oct 11, 2024 · Oct 10, 2024 · Oct 11, 2024
@@ -32,11 +32,11 @@ jobs:
         include:
           - module: manager
             image: manager
-            image-tag: v2.1.55-alpha
+            image-tag: v2.1.60
             chart-name: manager
           - module: scheduler
             image: scheduler
-            image-tag: v2.1.55-alpha
+            image-tag: v2.1.60
             chart-name: scheduler
           - module: dfdaemon
             image: dfdaemon

@@ -31,9 +31,7 @@ jobs:
         module:
           - "normal"
           - "concurent-back-source"
-          - "grpc-tls"
           - "disable-seed-peer"
-          - "grpc-tls-ipv6"
           - "ipv6"
           - "split-running-tasks"
           - "cache-list-metadata"
@@ -45,18 +43,12 @@ jobs:
           - module: concurent-back-source
             charts-config: test/testdata/charts/config-concurent-back-source.yaml
             skip: ""
-          - module: grpc-tls
-            charts-config: test/testdata/charts/config-grpc-tls.yaml
-            skip: ""
           - module: disable-seed-peer
             charts-config: test/testdata/charts/config-disable-seed-peer.yaml
             skip: preheat
           - module: ipv6
             charts-config: test/testdata/charts/config-ipv6.yaml
             skip: ""
-          - module: grpc-tls-ipv6
-            charts-config: test/testdata/charts/config-grpc-tls-ipv6.yaml
-            skip: ""
           - module: split-running-tasks
             charts-config: test/testdata/charts/config-split-running-tasks.yaml
             skip: ""

@@ -70,19 +70,18 @@ type DaemonOption struct {
 	DataDirMode   uint32 `mapstructure:"dataDirMode" yaml:"dataDirMode"`
 	KeepStorage   bool   `mapstructure:"keepStorage" yaml:"keepStorage"`
 
-	Security      GlobalSecurityOption `mapstructure:"security" yaml:"security"`
-	Scheduler     SchedulerOption      `mapstructure:"scheduler" yaml:"scheduler"`
-	Host          HostOption           `mapstructure:"host" yaml:"host"`
-	Download      DownloadOption       `mapstructure:"download" yaml:"download"`
-	Proxy         *ProxyOption         `mapstructure:"proxy" yaml:"proxy"`
-	Upload        UploadOption         `mapstructure:"upload" yaml:"upload"`
-	ObjectStorage ObjectStorageOption  `mapstructure:"objectStorage" yaml:"objectStorage"`
-	Storage       StorageOption        `mapstructure:"storage" yaml:"storage"`
-	Health        *HealthOption        `mapstructure:"health" yaml:"health"`
-	Reload        ReloadOption         `mapstructure:"reload" yaml:"reload"`
-	Network       *NetworkOption       `mapstructure:"network" yaml:"network"`
-	Announcer     AnnouncerOption      `mapstructure:"announcer" yaml:"announcer"`
-	PeerExchange  PeerExchangeOption   `mapstructure:"peerExchange" yaml:"peerExchange"`
+	Scheduler     SchedulerOption     `mapstructure:"scheduler" yaml:"scheduler"`
+	Host          HostOption          `mapstructure:"host" yaml:"host"`
+	Download      DownloadOption      `mapstructure:"download" yaml:"download"`
+	Proxy         *ProxyOption        `mapstructure:"proxy" yaml:"proxy"`
+	Upload        UploadOption        `mapstructure:"upload" yaml:"upload"`
+	ObjectStorage ObjectStorageOption `mapstructure:"objectStorage" yaml:"objectStorage"`
+	Storage       StorageOption       `mapstructure:"storage" yaml:"storage"`
+	Health        *HealthOption       `mapstructure:"health" yaml:"health"`
+	Reload        ReloadOption        `mapstructure:"reload" yaml:"reload"`
+	Network       *NetworkOption      `mapstructure:"network" yaml:"network"`
+	Announcer     AnnouncerOption     `mapstructure:"announcer" yaml:"announcer"`
+	PeerExchange  PeerExchangeOption  `mapstructure:"peerExchange" yaml:"peerExchange"`
 }
 
 func NewDaemonConfig() *DaemonOption {
@@ -207,57 +206,13 @@ func (p *DaemonOption) Validate() error {
 		return errors.New("gcInterval must be greater than 0")
 	}
 
-	if p.Security.AutoIssueCert {
-		if p.Security.CACert == "" {
-			return errors.New("security requires parameter caCert")
-		}
-
-		if len(p.Security.CertSpec.IPAddresses) == 0 {
-			return errors.New("certSpec requires parameter ipAddresses")
-		}
-
-		if len(p.Security.CertSpec.DNSNames) == 0 {
-			return errors.New("certSpec requires parameter dnsNames")
-		}
-
-		if p.Security.CertSpec.ValidityPeriod <= 0 {
-			return errors.New("certSpec requires parameter validityPeriod")
-		}
-	}
-
 	return nil
 }
 
 func (p *DaemonOption) IsSupportPeerExchange() bool {
 	return p.PeerExchange.Enable && p.Scheduler.Manager.Enable && p.Scheduler.Manager.SeedPeer.Enable
 }
 
-type GlobalSecurityOption struct {
-	// AutoIssueCert indicates to issue client certificates for all grpc call
-	// if AutoIssueCert is false, any other option in Security will be ignored
-	AutoIssueCert bool `mapstructure:"autoIssueCert" yaml:"autoIssueCert"`
-	// CACert is the root CA certificate for all grpc tls handshake, it can be path or PEM format string
-	CACert types.PEMContent `mapstructure:"caCert" yaml:"caCert"`
-	// TLSVerify indicates to verify client certificates.
-	TLSVerify bool `mapstructure:"tlsVerify" yaml:"tlsVerify"`
-	// TLSPolicy controls the grpc shandshake behaviors:
-	// force: both ClientHandshake and ServerHandshake are only support tls
-	// prefer: ServerHandshake supports tls and insecure (non-tls), ClientHandshake will only support tls
-	// default: ServerHandshake supports tls and insecure (non-tls), ClientHandshake will only support insecure (non-tls)
-	TLSPolicy string `mapstructure:"tlsPolicy" yaml:"tlsPolicy"`
-	// CertSpec is the desired state of certificate.
-	CertSpec *CertSpec `mapstructure:"certSpec" yaml:"certSpec"`
-}
-
-type CertSpec struct {
-	// DNSNames is a list of dns names be set on the certificate.
-	DNSNames []string `mapstructure:"dnsNames" yaml:"dnsNames"`
-	// IPAddresses is a list of ip addresses be set on the certificate.
-	IPAddresses []net.IP `mapstructure:"ipAddresses" yaml:"ipAddresses"`
-	// ValidityPeriod is the validity period of certificate.
-	ValidityPeriod time.Duration `mapstructure:"validityPeriod" yaml:"validityPeriod"`
-}
-
 type SchedulerOption struct {
 	// Manager is to get the scheduler configuration remotely.
 	Manager ManagerOption `mapstructure:"manager" yaml:"manager"`

@@ -25,7 +25,6 @@ import (
 
 	"d7y.io/dragonfly/v2/client/util"
 	"d7y.io/dragonfly/v2/pkg/net/fqdn"
-	"d7y.io/dragonfly/v2/pkg/rpc"
 	"d7y.io/dragonfly/v2/pkg/types"
 )
 
@@ -164,17 +163,6 @@ var peerHostConfig = func() *DaemonOption {
 				Duration: time.Minute,
 			},
 		},
-		Security: GlobalSecurityOption{
-			AutoIssueCert: false,
-			CACert:        types.PEMContent(""),
-			TLSVerify:     false,
-			TLSPolicy:     rpc.PreferTLSPolicy,
-			CertSpec: &CertSpec{
-				DNSNames:       DefaultCertDNSNames,
-				IPAddresses:    DefaultCertIPAddresses,
-				ValidityPeriod: DefaultCertValidityPeriod,
-			},
-		},
 		Network: &NetworkOption{
 			EnableIPv6: false,
 		},

@@ -25,7 +25,6 @@ import (
 
 	"d7y.io/dragonfly/v2/client/util"
 	"d7y.io/dragonfly/v2/pkg/net/fqdn"
-	"d7y.io/dragonfly/v2/pkg/rpc"
 	"d7y.io/dragonfly/v2/pkg/types"
 )
 
@@ -164,17 +163,6 @@ var peerHostConfig = func() *DaemonOption {
 				Duration: time.Minute,
 			},
 		},
-		Security: GlobalSecurityOption{
-			AutoIssueCert: false,
-			CACert:        types.PEMContent(""),
-			TLSVerify:     false,
-			TLSPolicy:     rpc.DefaultTLSPolicy,
-			CertSpec: &CertSpec{
-				DNSNames:       DefaultCertDNSNames,
-				IPAddresses:    DefaultCertIPAddresses,
-				ValidityPeriod: DefaultCertValidityPeriod,
-			},
-		},
 		Network: &NetworkOption{
 			EnableIPv6: false,
 		},

@@ -501,17 +501,6 @@ func TestPeerHostOption_Load(t *testing.T) {
 				Duration: 180000000000,
 			},
 		},
-		Security: GlobalSecurityOption{
-			AutoIssueCert: true,
-			CACert:        "-----BEGIN CERTIFICATE-----",
-			TLSVerify:     true,
-			TLSPolicy:     "force",
-			CertSpec: &CertSpec{
-				DNSNames:       []string{"foo"},
-				IPAddresses:    []net.IP{net.IPv4zero},
-				ValidityPeriod: 1000000000,
-			},
-		},
 		Network: &NetworkOption{
 			EnableIPv6: true,
 		},
@@ -681,82 +670,6 @@ func TestPeerHostOption_Validate(t *testing.T) {
 				assert.EqualError(err, "gcInterval must be greater than 0")
 			},
 		},
-		{
-			name:   "security requires parameter caCert",
-			config: NewDaemonConfig(),
-			mock: func(cfg *DaemonConfig) {
-				cfg.Scheduler.NetAddrs = []dfnet.NetAddr{
-					{
-						Type: dfnet.TCP,
-						Addr: "127.0.0.1:8002",
-					},
-				}
-				cfg.Security.AutoIssueCert = true
-				cfg.Security.CACert = ""
-			},
-			expect: func(t *testing.T, err error) {
-				assert := assert.New(t)
-				assert.EqualError(err, "security requires parameter caCert")
-			},
-		},
-		{
-			name:   "certSpec requires parameter ipAddresses",
-			config: NewDaemonConfig(),
-			mock: func(cfg *DaemonConfig) {
-				cfg.Scheduler.NetAddrs = []dfnet.NetAddr{
-					{
-						Type: dfnet.TCP,
-						Addr: "127.0.0.1:8002",
-					},
-				}
-				cfg.Security.AutoIssueCert = true
-				cfg.Security.CACert = "test"
-				cfg.Security.CertSpec.IPAddresses = nil
-			},
-			expect: func(t *testing.T, err error) {
-				assert := assert.New(t)
-				assert.EqualError(err, "certSpec requires parameter ipAddresses")
-			},
-		},
-		{
-			name:   "certSpec requires parameter dnsNames",
-			config: NewDaemonConfig(),
-			mock: func(cfg *DaemonConfig) {
-				cfg.Scheduler.NetAddrs = []dfnet.NetAddr{
-					{
-						Type: dfnet.TCP,
-						Addr: "127.0.0.1:8002",
-					},
-				}
-				cfg.Security.AutoIssueCert = true
-				cfg.Security.CACert = "test"
-				cfg.Security.CertSpec.IPAddresses = []net.IP{net.ParseIP("127.0.0.1")}
-				cfg.Security.CertSpec.DNSNames = nil
-			},
-			expect: func(t *testing.T, err error) {
-				assert := assert.New(t)
-				assert.EqualError(err, "certSpec requires parameter dnsNames")
-			},
-		},
-		{
-			name:   "certSpec requires parameter validityPeriod",
-			config: NewDaemonConfig(),
-			mock: func(cfg *DaemonConfig) {
-				cfg.Scheduler.NetAddrs = []dfnet.NetAddr{
-					{
-						Type: dfnet.TCP,
-						Addr: "127.0.0.1:8002",
-					},
-				}
-				cfg.Security.AutoIssueCert = true
-				cfg.Security.CACert = "testcert"
-				cfg.Security.CertSpec.ValidityPeriod = 0
-			},
-			expect: func(t *testing.T, err error) {
-				assert := assert.New(t)
-				assert.EqualError(err, "certSpec requires parameter validityPeriod")
-			},
-		},
 	}
 
 	for _, tc := range tests {

@@ -175,18 +175,6 @@ proxy:
 reload:
   interval: 3m0s
 
-security:
-  autoIssueCert: true
-  caCert: -----BEGIN CERTIFICATE-----
-  tlsVerify: true
-  tlsPolicy: force
-  certSpec:
-    dnsNames:
-      - foo
-    ipAddresses:
-      - 0.0.0.0
-    validityPeriod: 1s
-
 network:
   enableIPv6: true