Add cassandra TLS support #2769
Conversation
|
|
aoby
force-pushed
the
cassandra-tls-support
branch
from
c20328c
to
d946afc
Compare
wxing1292
requested review from
wxing1292,
meiliang86,
andrewjdawson2016,
yux0,
yycptt and
vancexu
| func LoadCassandraSchema( | ||
| dir string, fileNames []string, hosts []string, port int, keyspace string, override bool, | ||
| dir string, fileNames []string, hosts []string, port int, keyspace string, override bool, useTLS bool, tlsCertPath, tlsKeyPath string, | ||
| ) (err error) { |
There was a problem hiding this comment.
plz format like this:
func LoadCassandraSchema(
dir string,
fileNames []string,
hosts []string,
port int,
keyspace string,
override bool,
useTLS bool,
tlsCertPath string,
tlsKeyPath string,
) error {There was a problem hiding this comment.
it will be easier to read
| "github.com/uber/cadence/common/cassandra" | ||
|
|
||
| "github.com/gocql/gocql" | ||
|
|
||
| workflow "github.com/uber/cadence/.gen/go/shared" |
There was a problem hiding this comment.
plz merge from master then do
make fmt
it will sort all imports correctly
common/service/config/config.go
Outdated
| TLS struct { | ||
| // Optional path to a TLS client certificate | ||
| CertPath string `yaml:"certPath"` | ||
| // Optional path to the key file for a TLS client certificate | ||
| KeyPath string `yaml:"keyPath"` | ||
| } |
There was a problem hiding this comment.
can you put the TLS config in 'common/auth'
and reuse this definition: https://github.com/uber/cadence/blob/master/common/messaging/kafkaConfig.go#L38
?
tools/cassandra/cqlclient.go
Outdated
| UseTLS bool | ||
| TLSCertPath string | ||
| TLSKeyPath string |
There was a problem hiding this comment.
pls use the above TLS config for simplicity, like
CQLClientConfig struct {
Hosts string
Port int
User string
Password string
Keyspace string
Timeout int
numReplicas int
TLS auth.TLS
}
tools/cli/admin.go
Outdated
| @@ -64,6 +64,18 @@ func newAdminWorkflowCommands() []cli.Command { | |||
| Name: FlagKeyspace, | |||
| Usage: "cassandra keyspace", | |||
| }, | |||
| cli.BoolFlag{ | |||
| Name: FlagUseTLS, | |||
There was a problem hiding this comment.
can we change this to FlagEnableTLS ?
|
the rest LGTM |
| "strings" | ||
|
|
||
| "github.com/gocql/gocql" | ||
|
|
There was a problem hiding this comment.
Remove extra empty line.
| @@ -92,7 +65,7 @@ func DropCassandraKeyspace(s *gocql.Session, keyspace string) (err error) { | |||
|
|
|||
| // LoadCassandraSchema loads the schema from the given .cql files on this keyspace | |||
| func LoadCassandraSchema( | |||
| dir string, fileNames []string, hosts []string, port int, keyspace string, override bool, | |||
| dir string, fileNames []string, hosts []string, port int, keyspace string, override bool, useTLS bool, tlsCertPath, tlsKeyPath string, | |||
There was a problem hiding this comment.
Seems like this method is only used for testing. Can you make it private?
|
Thanks @wxing1292 and @meiliang86 for the quick feedback! I realized in local testing that I needed the settings in Please take another look |
common/auth/tls.go
Outdated
| BundleFile string `yaml:"bundleFile"` | ||
|
|
||
| CaFile string `yaml:caFile` //optional depending on server config |
There was a problem hiding this comment.
these 2 variables are the same. let us keep "CaFile string yaml:caFile" for readability.
but before landing this, let me check with one customer who is already using TLS with kafka
There was a problem hiding this comment.
plz also do a make fmt locally
There was a problem hiding this comment.
I ran make fmt earlier, and it made some formatting changes (included in the last commit).
I just ran it again with no change. Is there something you expect to be reformatted?
There was a problem hiding this comment.
one more thing, the Contributor License Agreement does not really recognize your name. one thing you could try is to squash all commits and force push
There was a problem hiding this comment.
I ran
make fmtearlier, and it made some formatting changes (included in the last commit).
I just ran it again with no change. Is there something you expect to be reformatted?
if that is the case, then plz just ignore
There was a problem hiding this comment.
one more thing, the
Contributor License Agreementdoes not really recognize your name. one thing you could try is to squash all commits and force push
I think because I made the first commit from my work account, which is private. I tried to re-author it but that apparently didn't work. I'll try the squash & force push...
- Consolidate duplicate cassandra setup and config into a new common/cassandra package - Add tls support Address feedback, add more options, add tls flags to cadence-cassandra-tool - Combine TLS structs into new common auth.TLS - Fix formatting - Add more cassandra TLS options: - CaFile - EnableHostVerification - Add TLS CLI flags to cadence-cassandra-tool Remove empty line, make test method private.
aoby
force-pushed
the
cassandra-tls-support
branch
from
bbde8c2
to
6673a3f
Compare
| Enabled bool `yaml:"enabled"` | ||
| CertFile string `yaml:"certFile"` | ||
| KeyFile string `yaml:"keyFile"` | ||
| BundleFile string `yaml:"bundleFile"` |
There was a problem hiding this comment.
This will be a breaking change for users who use TLS in Kafka.
@wxing1292 Do you know if any customer is using this? Can we notice them and get this change in?
Otherwise for safety, I would keep it for kafka, and use the new auth.TLS for Cassandra and everything else.
Or just use the old name "bundleFile"
There was a problem hiding this comment.
talked to our customer, they are ok
aoby
force-pushed
the
cassandra-tls-support
branch
from
839fa97
to
dd24d94
Compare
* Consolidate duplicate Cassandra setup and config into a new common/cassandra package * Add TLS support for Cassandra * Add TLS flags to cadence-cassandra-tool * Combine TLS config structs into new common auth.TLS * Add more TLS options: - CaFile - EnableHostVerification - Remove TLS bundleFile option in favor of caFile option
ghost
mentioned this pull request
solve #2681