From 9d814a26a79415a602f1679062bdfcbb92405b5d Mon Sep 17 00:00:00 2001 From: Mihaela Balas Date: Mon, 16 Sep 2024 16:13:14 +0300 Subject: [PATCH 1/3] add tls support to frontend connection --- Makefile | 2 +- README.md | 24 ++++++++- certs/ca.cert | 31 +++++++++++ certs/client-cert.conf | 17 ++++++ certs/client.key | 52 ++++++++++++++++++ certs/client.pem | 32 +++++++++++ certs/cluster-cert.conf | 16 ++++++ certs/cluster.key | 52 ++++++++++++++++++ certs/cluster.pem | 32 +++++++++++ certs/generate-test-certs.sh | 22 ++++++++ go.mod | 2 +- internal/clients/namespace_test.go | 68 ++++++++++++++++++++++++ internal/clients/searchattribute_test.go | 31 +++++++++++ internal/clients/service.go | 49 +++++++++++++++-- internal/clients/service_test.go | 14 +++++ tests/docker-compose.yaml | 66 ++++++++++++++++++++++- 16 files changed, 502 insertions(+), 8 deletions(-) create mode 100644 certs/ca.cert create mode 100644 certs/client-cert.conf create mode 100644 certs/client.key create mode 100644 certs/client.pem create mode 100644 certs/cluster-cert.conf create mode 100644 certs/cluster.key create mode 100644 certs/cluster.pem create mode 100755 certs/generate-test-certs.sh diff --git a/Makefile b/Makefile index eac3551..00cc1ae 100644 --- a/Makefile +++ b/Makefile @@ -94,7 +94,7 @@ dev: $(KIND) $(KUBECTL) @sudo $(KIND) create cluster --name=$(PROJECT_NAME)-dev --kubeconfig=$(USER_DIR)/.kube/config @$(KUBECTL) cluster-info --context kind-$(PROJECT_NAME)-dev @$(INFO) Installing Crossplane CRDs - @$(KUBECTL) create -k https://github.com/crossplane/crossplane//cluster?ref=master + @$(KUBECTL) create -k https://github.com/crossplane/crossplane//cluster?ref=v1.16.2 @$(INFO) Installing Provider temporal CRDs @$(KUBECTL) apply -R -f package/crds @$(INFO) Start Provider temporal via: $(GO) run cmd/provider/main.go --debug diff --git a/README.md b/README.md index 0fe4de3..9e17ab1 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,17 @@ spec: name: provider-temporal-config-creds key: credentials ``` + +Provider Credentials with TLS: +``` +{ + "HostPort": "temporal:7233", + "UseTLS": true, + "CACert": "-----BEGIN CERTIFICATE-----\nhere insert CA certificate\n-----END CERTIFICATE-----", + "CertFile": "-----BEGIN CERTIFICATE-----\nhere insert certificate\n-----END CERTIFICATE-----", + "KeyFile": "-----BEGIN RSA PRIVATE KEY-----\nhere insert key\n-----END RSA PRIVATE KEY-----", +} +``` # Troubleshooting Create a DeploymentRuntimeConfig and set the arg `--debug` on the package-runtime container: @@ -193,4 +204,15 @@ guide may also be of use. Start temporal environment for tests ``` sudo docker-compose -f tests/docker-compose.yaml up -``` \ No newline at end of file +``` +## TLS + +In case test certificates are expired, run `bash certs/generate-test-certs.sh` and new certificates will be created. + +Then, edit `internal/clients/service_test.go` and update the new test certificates to `jsonConfig` after you replace the newlines with `\n`. + +``` +awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/client.pem +awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/client.key +awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/ca.crt +``` diff --git a/certs/ca.cert b/certs/ca.cert new file mode 100644 index 0000000..3992f4c --- /dev/null +++ b/certs/ca.cert @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFRTCCAy2gAwIBAgIUTfLoHTSYNEx0LXYnju+wJF6EP4EwDQYJKoZIhvcNAQEL +BQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB +LCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowMjELMAkGA1UE +BhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENBLCBJbmMuMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2+PV/h7kTWoUI3KhadR5yvrnqW4 +/NiBAV6TToxMK97KSs2J5EAIKjtg3o+1vL2Tkc6mOAegqGLsVWwpxUCTChBPDjiM +LsBx1c7uTU0m7eDIBoMDMNy5Vy+tvT5vey+pdM4KORdzHIkjctilWWdJuUF+qRzp +ijgIruNsEj5CbYz57xXoS3wErfJlUu9GX+LFizR2OQMvIiF09dTbTyQ1a2bOmQYD +8nVz7yo7ENCJlPonQYkSBfVuXIyR5LTouPsv2DYNGlT63rwEY3t0aq23Datmv9QP +2k1jCMz3HcTUFHa+ErSd6opJYr9Fw+J6k/Ifho8xq3R6iJ5D9Wk15ozPA9tdZt/T +vBmDb0QD9SvIirLuDBZ2eHbdCG2uLq/tLf87f04y3Q4VcAa0CCp+mGCMil9pnSki +LqmcD0iAApQU3RtdX6uqV1TC9oK7UYomJY4nB2EwneIpYDupQPjZhCtlxGJboxkC +pZR79TTe1duoUKS6sm0LiJZ65eXmADLJeqrNBoSheHFrQOYcFZ5bfoA83uEhcNnw +4NqhKrIm2L5NZZOITNvnsASGftL38O2FkflU24pYMIRf4q2IoTGSxXbzMMoveKXw +p2FPUUEv/EVJbPWnWKKATRJY6BJaHEPzsSqUX2GaEqxQPsVigWf9wyVcf4XrkIP4 +lbNtWyRIXi3D3hcCAwEAAaNTMFEwHQYDVR0OBBYEFL3nlLBSjx4kwpQrmkkInt2A +SA+lMB8GA1UdIwQYMBaAFL3nlLBSjx4kwpQrmkkInt2ASA+lMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAEtkQ4MeRo7KYonhE5373xbtMNXkKhK +vnDHJQL3YWUa+sY/+siZYK0dj+ZVSk3WAlI4MQyml66RV97uj/ywGIXvPFIU0v31 +qEAiqJ6ARDnxkfRFj3m7Kk7O3LN20TS4khFSXLvn4NHDswbyVpTePHTnN8Kqwn8b +tx657Y1zWvSqPrHYU4D0b2EjNt4P/DufMUJFtgyu26qOef0iAuhK+Tb6ZAUndZJd +BkxEl82/N5IYeSV6TnwuK3WmkgVqLt7jQ9ycOQGP23AloKsgDyAIaftw3Dl0RcR9 +4u7lEEoNq5RAOMewyPsCAz+l8kUvjXJ7zkAaI9MHWcAqutU96xExA1UlyBflTjE/ +cTbLa8Bv5Z1HgUnvTpuPZMUMEogRYpmsyPliWx+zmnlW+3JfyqyDchWst47wBJ96 +mBZ3bAPHTkU9TMmEuFz83awJlTKfYGBYovH3LOecYpgil6D5e8BkdICQRFBZlI+6 +FoGQAXm99KOvoS0t+fyoszhWDxkCR8qsdXqZNjMl9TLweLazSqd+oXoNcQ7TvA6r +oTnrnRZMOrVk68ad3MtalYJoBRAx2QfMNR6fPzS2xJ85tpCXcLMDSbFoW5jamX0x +Y42DQDWrqdV8j9q2J3HvevRHljTO7viSFa7s7QJj78vwP4ExlSTwojQaToAEhbL8 +jo2clz/N0p+0 +-----END CERTIFICATE----- diff --git a/certs/client-cert.conf b/certs/client-cert.conf new file mode 100644 index 0000000..69b35ba --- /dev/null +++ b/certs/client-cert.conf @@ -0,0 +1,17 @@ +[req] +default_bits = 4096 +prompt = no +default_md = sha256 +req_extensions = req_ext +distinguished_name = dn +[dn] +C = US +ST = WA +O = Test Client, Inc. +CN = localhost +[req_ext] +subjectAltName = @alt_names +[alt_names] +DNS.1 = localhost +IP.1 = ::1 +IP.2 = 127.0.0.1 \ No newline at end of file diff --git a/certs/client.key b/certs/client.key new file mode 100644 index 0000000..5556a89 --- /dev/null +++ b/certs/client.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC30pL4KBqpqPVh +1DDQ+TNveWKPciq3fulYxbGKqj/y6NRhHE52HP0nfbTAFUKpQQ2dqDxu9eYnGZFp +4ELusILGg1fGwS5YBT6I3h0m+aNJvIn7Gh71LI1+j8PgHFW26EbEGnWDp2guekLr +2muIgreTu68/RuE/yFJqFKK3gV1eDmZ7jOrUUdZtMn0DDkLHzHakQ288DCOGA48X +taEnZDDRvlpI/ZvMmIo9GzA4pTewKpuSKj3dGGShN9f1KVShi7AgLRQ7X72/ys0j +8DNpco4Vh8Z/zCjvp5wT9NI6t9uBtwVtwd8OL+LblnaTP4HfeuG7wHWGCo6xwMsp +sijlzel0w+yQvsbdpzg6DcwvKa/KBheLaELZbdSkfWd6uCGvBE1aiFOcscDBTpT+ +L1CMYjlY0CiSK1gk1q471ryvSc/bV5aluMJUs6xlqg3luXGWfNWkjILwgU+kqA/j +byKK8CoDjdZ5OjXN4fZkbDcrNP5QMIG+CSB5lC0jgdpxdKQwPJ8bAW8MAdtffXL3 +8WuN5p38GwGvwNDFWpT54xrjo6ZF7LmNwqz8pSDkwDAtApysHWavmQlWBKQECyAE +Ghe8HTlL20zhg+AeP93ntTZeQ4nymnwyygLpWXBCsIYL9QyeTT/Mhy2MmzN1DrIZ +VB4QkSlBC697z5VscHDPq7Kvzn74IQIDAQABAoICAEIwzmASHMuzvav82pkc6qL8 +u/s4Gl6Zkc+32/644C8JHJRdO3l3ZcbHEoNKBIdql8sJzb0MyVOR9tT/fkpxf52Y +pM46OIRUWxiwliG3KU9/VtX2qWgSI18LyHXV7h1fFUA+4MrHyJFXz+oaa7crjovh +PLDVxn0PlnGBPbhDGkooeEmLy/EpCMOoNvCXPX+xRZVPfOnL2yzB8lAQxFcpUhTs +bJk0zNmGodxwAlSbVWqXZQ5kLIOE6ZNNxvMN713+LSzg3pSknHBHx8dlkjWpnLTu +/5B8BM+K9H4RHXQsSRuzuf40Hav/nToBu2+5IfxFRKw1GHxsJ8aky+MXNnfNRf77 +GUrzxUE5X6wV15rjYHnEu/TnXlzqeZVusLtpqpava0tEPWsPNqOwwrQsn6ZTzG6Q +30aqPVwjKUHjrzuQEHG8o4K6qkCBZq6+klKbFOI9WtI6B30N2ThfuONEIf4PrCZr +as5oOhkFzt2ZD3rBL9UAKJRjNCxL6ZbJagckSEvAFfZK8CEUKYrk9oqzB2gthwcb +8c+hjhxgC6RyPkPJmCwNpKrB+sC1zto8oM7PzNy1BbrWwNsaD6mOtvzYC/jzgPm/ +bL6baxIsJtQBaKHkzVx1wmSqvJmpl+s1EQZqExcl+zx3qSAZEnKq24s8PcCLHrhq +6vB8mlkEanWv3Ar/1a17AoIBAQDwAAGDQdsQKOV0DVwwrrKkj0M2Y8OKyGuMb2Qc +4sS0Liyv5CooLLOERKa8ECGPs9+Ryu/dg8y+eFZCm8nMV0GA74YOEkbUwGWjnjZy +M4c/xfYIOv9+CvdqHU5Wh1Lt/8SFw4XZCr+5BeBNG46M9os2DMVnkbXplcSvl6Lb +1SjTvDIBiG3+5Z0yU8hDI3ZDy1mELbzW4b+4P6QSdS6uIE2jgNFom1tIjdo0QNNF +0gylIZflO3zbmb/R3kaxgWORQoYg3+UzcpqllG3W2FmcF/cKgfye7Gidg+SO8p/L +zhqtn38qNG3bKuI2TacjWu5mArqLEK2Swe0nrjdCXDSbKWlHAoIBAQDEE867P7OM +kL/S0MDr6t4JEDJrRuTNARqlFaM12oGmZFQeClxy/CMweNPdMlCx9TYDrG892vUY +Gmr6mqzQ8SzBCQNtV3YAIEJshEA3S7a/YoMIlo6cafyMSN5iz23Gh8y1JfmOpiQf +ffMolTdcKE/VsRHHiVAo6IocX0F0J0tm2ZvzpK6YYCmSuyuFDrg7ksVFYB9VPxDZ +cnkyj3T9NEmCEwodfL4sc4mmLntjIpXF1xrPf08sO2V/Ct0nv/nFq+VO6k2U0AUK +VQRLOLPj7SOKvUR7JPLBwNjbPUhyq3nX2ROXrUclgEqKAFlk2YmH9X3KNHIsobVV +DogBb+vzusdXAoIBAEV4Gvf9ZgWFcPVosJi+2KLdfR0PP5i6brcVvyrFUR6+htza +9IDwf333yTOCj9RiwoIW9dtuvSMc/gsFwSHO1/0UV/9Wtv36OvFjaGsiEzIYgSDc +wvue/QLQPM67GPwfHqmBcQrkG57Y3pYzNc4Dx0P76mASQ0+7tFUHVXLAfrLbNLZQ +4VX47MmWis80QpVZFS43dwPUEISqlzlohfyNCSwcq4DWB1Q3C0Q4x27cYCCkWq1V +zMxb8rQy3M+gnkt7sAtwA44izDTFhA2+TiHqpe16tr7hu15swQnHnQ2HOR2sn0h+ +KJZaEWSakZigR4VroMeEKlninFzyBrjEq82F7R0CggEAE4lttdaZC0547oaCUn9q +dDi67Vl4/rw3bW+EfZ8x/+RLRVr+7y4US4YehhG3XKP0J9WMl/szJJ2tPx8eTQta +zDkbsE9goI6WT721sEzI/rTQHZDy0L72vPudvPayF2/8g6gu/3mqa8De85I6m+Ig +YkhsXxddd1YEPON44BvyNWNFWLd19hTOz6H6qh1XWgg7w7faJ2JLSX9QeCs3GuuU +z3MaNOnzAPbaJkbHYI9XoQjX0Qj8WInqiQgKFSXZu0pvZLeP114KwobKELyrn/BG +9FH7etGppoiSkvW+PD69uzYT768CQchQpQN35MaQH43kZLtpDO1n5fu2rX37YqOf +rQKCAQBIMsdsjvgvKVaglIJIzIgR9eFTryFo3HRKD7wasb8dcmlzbN1dwTE4Cck2 +XeQI5Ne4ks/CLkS/ygi8yrsPx1N8eMnYz0aGJbPVk/zxfor1vrIBpUMKFMR2KhWC +hCXz2TenOYcujc7KFJq828Ku5O6REfdo6CYFT8ag2PwZOVQwp6Okm1ehUq+f+QMN +DrmxZadj5zL9qjMf2QXnQ5J1ihfDmuX0e36DarAq9f3jujblKFMEkAx+hocXoMmj +mru+V50PbFH2uc4t/dcmCWMPm/BX7zrQwkJffatj7lwwcyIPbIPwSObLgWfSEI1d +jLG9z3ZTkwHuHm/qkFZG/RKSsOgw +-----END PRIVATE KEY----- diff --git a/certs/client.pem b/certs/client.pem new file mode 100644 index 0000000..94df9fd --- /dev/null +++ b/certs/client.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFejCCA2KgAwIBAgIUEI7nS+4t8W3HYGNShYOTzlIIdoUwDQYJKoZIhvcNAQEL +BQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB +LCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowSjELMAkGA1UE +BhMCVVMxCzAJBgNVBAgMAldBMRowGAYDVQQKDBFUZXN0IENsaWVudCwgSW5jLjES +MBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAt9KS+Cgaqaj1YdQw0Pkzb3lij3Iqt37pWMWxiqo/8ujUYRxOdhz9J320wBVC +qUENnag8bvXmJxmRaeBC7rCCxoNXxsEuWAU+iN4dJvmjSbyJ+xoe9SyNfo/D4BxV +tuhGxBp1g6doLnpC69priIK3k7uvP0bhP8hSahSit4FdXg5me4zq1FHWbTJ9Aw5C +x8x2pENvPAwjhgOPF7WhJ2Qw0b5aSP2bzJiKPRswOKU3sCqbkio93RhkoTfX9SlU +oYuwIC0UO1+9v8rNI/AzaXKOFYfGf8wo76ecE/TSOrfbgbcFbcHfDi/i25Z2kz+B +33rhu8B1hgqOscDLKbIo5c3pdMPskL7G3ac4Og3MLymvygYXi2hC2W3UpH1nergh +rwRNWohTnLHAwU6U/i9QjGI5WNAokitYJNauO9a8r0nP21eWpbjCVLOsZaoN5blx +lnzVpIyC8IFPpKgP428iivAqA43WeTo1zeH2ZGw3KzT+UDCBvgkgeZQtI4HacXSk +MDyfGwFvDAHbX31y9/Frjead/BsBr8DQxVqU+eMa46OmRey5jcKs/KUg5MAwLQKc +rB1mr5kJVgSkBAsgBBoXvB05S9tM4YPgHj/d57U2XkOJ8pp8MsoC6VlwQrCGC/UM +nk0/zIctjJszdQ6yGVQeEJEpQQuve8+VbHBwz6uyr85++CECAwEAAaNwMG4wLAYD +VR0RBCUwI4IJbG9jYWxob3N0hxAAAAAAAAAAAAAAAAAAAAABhwR/AAABMB0GA1Ud +DgQWBBSyv1xsyjmiMpxPoDwXyqv3m40etDAfBgNVHSMEGDAWgBS955SwUo8eJMKU +K5pJCJ7dgEgPpTANBgkqhkiG9w0BAQsFAAOCAgEAgvdRnBGB5mqtcUaYeKFBsl0w +RDUOOQpMXJ1KF4oUovJnAIG0RlY93+ULi78riTfHoHZ0spQCL+cplW2PPJaWIaOr +nYGjr92EoR2wQ+wU1sCbq+q+UbzNc3tB1OcYXDbWZew1mkWQpLi/WW4n2rqJM81H +Vb1AqlAFXEf20Z7+2L3gPzz7tq8uaGffiTAO1GLUNd3XcnMiXwvI9MzVJfIwOQyb +iVFHKI4BLYNV8M3rJp1bs0C4jdFxhP5wR+X3F9UftgmKjIjBVV4DvcP6Otwk/qPi +vBd7Zbe4Don4tRr/ihQZ9AE0UghloKfic+xadEkDQsiZ4/VIVqWmRldyriDSsGKY +yayoukVPGQFvNw+4HUZPnpTwn16pn90k5MCEanVHo0MkXqnHziN+R8aV2nBbj1um +SS6oNUjxQENuQBSFXZjKurssLQVVqolBjI/phD5miY8FfAcxjnAcU/LuYrq75u8K +Fb5cO9ra19YmWtumMiabaoyVxjLLH/QYu6NMmVBa1NrLObz9UAIEUUbdWN05vPBK +iJuLXwD1XeBYxmjiI59cl/H2urpX20FxiHJeC3T49p/SiryixxK6fp+hnJNOfY75 +QfccXTAFYngqrs7UGkiDn7AYEl2Ffv44CvWRvACIiL1TqxRgPdJZHceYqLwCfbgV +cmoFO2F27/Uo4XmKOgw= +-----END CERTIFICATE----- diff --git a/certs/cluster-cert.conf b/certs/cluster-cert.conf new file mode 100644 index 0000000..3129f9e --- /dev/null +++ b/certs/cluster-cert.conf @@ -0,0 +1,16 @@ +[req] +default_bits = 4096 +prompt = no +default_md = sha256 +req_extensions = req_ext +distinguished_name = dn +[dn] +C = US +ST = WA +O = Test Cluster, Inc. +CN = localhost +[req_ext] +subjectAltName = @alt_names +[alt_names] +DNS.1 = localhost +IP.1 = ::1 diff --git a/certs/cluster.key b/certs/cluster.key new file mode 100644 index 0000000..61653d1 --- /dev/null +++ b/certs/cluster.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCr6sj3mqlaOH9q +r9fBRcHJoNjlY0ViSaNqwtQNmbxY3EMBe3t5OA2DP4NTQiGxFfzt3ffxXxYN9sfi +icVO0kRXf7KDJfwV88eroqR2RXyK085BWp7WlS71RjrhoNR6Nqg5fL1vSYRxPSfy +a3O3PrgwwQ7gSBDFBzkmu0J+flNRVI4nUAdPypCv74mRxrJi+plkG/JUwAE0T8eZ +jdSF9q7MmCHkhxX5YANiTM+blWKGeZOkYdu6C+bxTNGlZFEDLOogLVruQrHjIzwY +Gra7gcNKmGaPXHypa/9QuXRSli32MyObV9z7FK3j+EWw9uBNG49fJEYmmP0RvWQa +wlXuA8dyF1L0AGduSVzKKVi+VY++CGGxWOxIGfa0t7f+WH0icmfEM+t+qqs9BnEE +wSPOl8bVUiAnGwumoWEZ5QgHaxZJhYmPHnpP/EaEaxNUbdW4tsNz0dq4A1MeFHky +Dw6/F+XjijBBn3TSTrdvsLooGR8mgpekqBAFbJ5ewaoZjXjbj5I9shbMKo/0QcJW +TP0KWVgk20OPuHLRFb3rFZXWznUx0e/+ELqEaNRI/pYTuicy9nfapy69Pxxe37GU +x9KNk6BmDpmanMhmjBKRxKCFHGNy8OLojfTRQBWqoxv+fY7fsanqGdFx86qM3wjO +x4vPKWbT40Ltb77fLb5RkvVXz1+eEwIDAQABAoICACfofVWJOCYC9oUgI9Awbs9t +ANyjIlCyMnbOmmY72W6xVvapoRyfJ/ffTw+NSv/uUEQxomSMQ7TjJDyQ6dYl1oqP +ULPEJhQ8fo332ADCmaoqh/dA352FjRyP/IwzBxAFzyBlNh527QFShoruabLQovZi +Yp8q64Wpaxl0H/f4QEQhgkxa9g+OQO8uhntqKi/y55fHKwaEeeMYYAfj1kFw5dwF +ttxzhWTZ5n8zwH/n+jKoV18x/k1ehPJf+EzSEEJR81mb3b9wiRXmsIUR8nhto5WV +8jz2ZdP4h5DINFoVlb7Q2UOu7lP01XcVw6vUa3ZK3wnhhE1id2DeW7Yghc0WYH5Y +xzKXOEccpM5n2rfZGHoRJGxQw3JLUQBjNHRZRXI/XsSatm7oWJsGjMbOe1NT2C05 +9wGVompf+J/+E5fbWqbIpxdCUmgXS+odyGm4cnnqBkxKNSoyGjfpo5cjk9HcXAqn +4NyE5lJ97kvmIGyoo7Dax7TjVWiojqS7u5Mbnko6+4UmrMD/inLKAxVwF9UodI7D +tORrFxX4seEMfd2/MX+WbP4Ur8aBZb2wHuDX+87WgVuu/KM/OsJ8XeJWuxS9UgA6 +bLytTF701exAbxKs6Yqe54oVQKPXJohPNsiVwfthfU++daQjlMPqDZO+173toSss +BSxkXps1gtQWz601ix0RAoIBAQDT0nTFwtVLm73Mp1gc2UN/SdpcDJSj+t0R4s8n +/qOblacWotzVYN2EcOPkRcVKskjCXJV4mXrki7Jz8qVbUX+IQnHawFiDAFDs7AJF +S6DQA5TPeSSFWYFAFJmYoQ7vN0mBgzEedl3/pAeNsKmDD7zG46xrTU3QuoKthgGJ +SIMrdShm8rQ8H2Jh6FYPMyfVIyTSjLOaubcDnh76F7O6LlZkatgPoASdLZfPoC14 +zrpHA/fpA9rnFfcDHtyyWB7B0FypsLdgSTgsNozB95eYdyQH2rwn4Ca0YdwqoJJe +T/WC3bmpYQfd3bco3oK7N6nY2ILtff69nXU8TLKDWmxvMq2DAoIBAQDPxbwLN8Mr +eZDQeoOdAXDf7gq2GlFFHNqUpX7JWNpQjnxdZym7p3RlZ/RRIeL7mDy7LJHM6vBw +zNKk6OSmUBCqrwx7HmA2Ae9QcS8Gjb0gkozgNuD8LiFDBeeJ/aDxs3ByaMGfRvBr ++Lrtg0sG1HezQ14vG9nPi1xarN4eiJKXdRy6U/sNEOkIB08VAOFTRSARiZngVD9J +qi4Etc5AozEDFBylOKInVpOahuzHMdbacVmczWFOl+Gcxm8TzADHr+M5F6YLM2me +kWGYiK9jw0IBN+DutIF9r/7v5yURlLsgShPjKytB2Mpj1H+vA45RfPqs88wqb7Ns +5UofnsF0nXgxAoIBAQDHbiNBOpHlcMl/EKN17dyN0HPFLJcZ2IwhVeDib+2MA5dg +SZAPWfbVxg/aERKSpE66p76W4DIDUb9/SRoEYzPmj2Bwq53qIPcQSZhNs8nBb03B +FPackkuNkJeYSzMraGtNg75QRvNzR/VQot7GJZ//xcXE9PBpr+BvDXcO0PWmidSz +MJke7hGLytqTzv8WvdLiZVSIPYgg4NObdYtipFP0kV/BPlB5x75h3hZR4pkhWYwk +l9uWrGh3SKxTQYIbylgj79yGzAkWH3ng+YKCKtICjx+Nj44BUQ2gGLQWFcQ6JRWz +ckaczi2vTefZ6quAHUEP5wtbbQ8+6Zs87nqfKyCPAoIBACTIKpwJySFfKgXeSoJ3 +CNZ7u6W1TwHfM8rw6VsXwb5VGysl4jt4T6DMIHJkf1xu/QFdyInwZZRyji/nkuLm +dazhxGHfZMTq3sTs5JhSa1Li3tGqpXW/bOACoZTKM73WOGfop65czp8ur1jwz01s +O6yeloPceFjHoRfkVoYtQ1ZQwz8xMtaDUd27/YIIX9tv91djdrxB7dpKqE7pKJRE +z55t5wxQ1FQGfabzj+NLrW+KdYTOzxUsyiII9w0YJmMzfhRTXW/KMD6EGjT4raQJ +oxu4GrfneK0ZhRZPYz6Th/UVaCPlNok3qcy2h8wh4wYGDBKmLlSs5aS3isHCRxkv +72ECggEAZ2TD9Q2WekzjSDwhVgXARtWsd5lPE0o4hvN2gwbRy+DL90HOHsVXfIZZ +OvtVrSwd+Jq5MtuJV2DVx7AsyafqMkNL+l6eitHTJjfItMQYK1zjDJGkDwNRl3T3 +zWu0qrga308JwMu8jvncaX0qCIPCdY2l56tIVquqSxviEC899o83U7tosHqOxS+5 +Et7VPl+vtw/uT379zudbuxRRlSibdg8Y29Td9KbJGystrtU/lXJ1fUxmVrz1At33 +lrTVMpeOr9UjHsnVC9xngnGnfFBTkctvhBvdDlylTbZ0z84mF0Vhq1wuVoI0AZgu +2/GlTo9c9RvB9guyoeGhG7n9TqqSxQ== +-----END PRIVATE KEY----- diff --git a/certs/cluster.pem b/certs/cluster.pem new file mode 100644 index 0000000..71a5885 --- /dev/null +++ b/certs/cluster.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFdTCCA12gAwIBAgIUEI7nS+4t8W3HYGNShYOTzlIIdoQwDQYJKoZIhvcNAQEL +BQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB +LCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowSzELMAkGA1UE +BhMCVVMxCzAJBgNVBAgMAldBMRswGQYDVQQKDBJUZXN0IENsdXN0ZXIsIEluYy4x +EjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAKvqyPeaqVo4f2qv18FFwcmg2OVjRWJJo2rC1A2ZvFjcQwF7e3k4DYM/g1NC +IbEV/O3d9/FfFg32x+KJxU7SRFd/soMl/BXzx6uipHZFfIrTzkFantaVLvVGOuGg +1Ho2qDl8vW9JhHE9J/Jrc7c+uDDBDuBIEMUHOSa7Qn5+U1FUjidQB0/KkK/viZHG +smL6mWQb8lTAATRPx5mN1IX2rsyYIeSHFflgA2JMz5uVYoZ5k6Rh27oL5vFM0aVk +UQMs6iAtWu5CseMjPBgatruBw0qYZo9cfKlr/1C5dFKWLfYzI5tX3PsUreP4RbD2 +4E0bj18kRiaY/RG9ZBrCVe4Dx3IXUvQAZ25JXMopWL5Vj74IYbFY7EgZ9rS3t/5Y +fSJyZ8Qz636qqz0GcQTBI86XxtVSICcbC6ahYRnlCAdrFkmFiY8eek/8RoRrE1Rt +1bi2w3PR2rgDUx4UeTIPDr8X5eOKMEGfdNJOt2+wuigZHyaCl6SoEAVsnl7BqhmN +eNuPkj2yFswqj/RBwlZM/QpZWCTbQ4+4ctEVvesVldbOdTHR7/4QuoRo1Ej+lhO6 +JzL2d9qnLr0/HF7fsZTH0o2ToGYOmZqcyGaMEpHEoIUcY3Lw4uiN9NFAFaqjG/59 +jt+xqeoZ0XHzqozfCM7Hi88pZtPjQu1vvt8tvlGS9VfPX54TAgMBAAGjajBoMCYG +A1UdEQQfMB2CCWxvY2FsaG9zdIcQAAAAAAAAAAAAAAAAAAAAATAdBgNVHQ4EFgQU +ZZEqU8TCqT8g2kMFORgQjNzcWPMwHwYDVR0jBBgwFoAUveeUsFKPHiTClCuaSQie +3YBID6UwDQYJKoZIhvcNAQELBQADggIBAG9ux4A3G1gHP+coM9cEjrl2vxNgIZQX +0Gs47oPH98Bw7j8OvTngf7g0cz4Q+Afv2mdK8s95pxy09SDUpZcKinrM1CSoSl7A +6iMymOiRmS5C2gbpfe9Nd+MbuuCqxIfUha7Y2s/XO1+E+Cxf2wBztXteISLmkAVZ +ZearrYYhpySflbMiNeCU0/yvmdAC0BL51zR8fvZ/LvYOK0mEkAvc5jKJrXNBNlkL +IoElKE7lkRSb5ZbiXBBfJ+m9bc+i53Vbr9NoHHqA/nWPnCg8YmrJhl7/qaZOC1u+ +czs1Dj05oHx+WNfR8A5xnTcmCrgtLpf0Bg+1mx6QHAgHk73+SoOu8OEAqeCmKz10 +U30LguB6TDPK90yUhIZHo6FJxQJoKex7ph0WhLwGM8NAiTSApZcvuZbVOu4y7kKm ++y7QK80XCICajr4iKJQSm7kqsoEA5HawZGH0LcaO7+zp+Jnka4bB6RIbfbAePkYx +r8dF3vs69JdPAkklRcW6NIWUA3tQT/RcFBQlG8+dO8MynrTsrWQh+VuqSdZBtcyk +/AYAfXJPKO2JrzwE9PnN32FFvbvhJ967C3WVcDB0nTw7sQDvr42GGT8pfqOkN1z6 +qvjteAgbOceRsnR/Zl/SjENo5By67n7EmKFIznWffGeZurtoA5KM7YuhCdnd51uS +LwpXS8CJoWtJ +-----END CERTIFICATE----- diff --git a/certs/generate-test-certs.sh b/certs/generate-test-certs.sh new file mode 100755 index 0000000..e5b4437 --- /dev/null +++ b/certs/generate-test-certs.sh @@ -0,0 +1,22 @@ +# This scripts generates test keys and certificates for the sample. +# In a production environment such artifacts should be genrated +# by a proper certificate authority and handled in a secure manner. + +CERTS_DIR=./certs +mkdir $CERTS_DIR + +# Generate a private key and a certificate for a test certificate authority +openssl genrsa -out $CERTS_DIR/ca.key 4096 +openssl req -new -x509 -key $CERTS_DIR/ca.key -sha256 -subj "/C=US/ST=WA/O=Test CA, Inc." -days 365 -out $CERTS_DIR/ca.cert + +# Generate a private key and a certificate for cluster +openssl genrsa -out $CERTS_DIR/cluster.key 4096 +openssl req -new -key $CERTS_DIR/cluster.key -out $CERTS_DIR/cluster.csr -config $CERTS_DIR/cluster-cert.conf +openssl x509 -req -in $CERTS_DIR/cluster.csr -CA $CERTS_DIR/ca.cert -CAkey $CERTS_DIR/ca.key -CAcreateserial -out $CERTS_DIR/cluster.pem -days 365 -sha256 -extfile $CERTS_DIR/cluster-cert.conf -extensions req_ext + +# Generate a private key and a certificate for clients +openssl req -newkey rsa:4096 -nodes -keyout "$CERTS_DIR/client.key" -out "$CERTS_DIR/client.csr" -config $CERTS_DIR/client-cert.conf +openssl x509 -req -in $CERTS_DIR/client.csr -CA $CERTS_DIR/ca.cert -CAkey $CERTS_DIR/ca.key -CAcreateserial -out $CERTS_DIR/client.pem -days 365 -sha256 -extfile $CERTS_DIR/client-cert.conf -extensions req_ext +# Export to .pfx +# "-keypbe NONE -certpbe NONE -passout pass:" specifies an unencrypted archive +openssl pkcs12 -export -out $CERTS_DIR/client.pfx -inkey $CERTS_DIR/client.key -in $CERTS_DIR/client.pem -keypbe NONE -certpbe NONE -passout pass: diff --git a/go.mod b/go.mod index f2d6be4..d380182 100644 --- a/go.mod +++ b/go.mod @@ -88,7 +88,7 @@ require ( google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect - google.golang.org/grpc v1.61.0 // indirect + google.golang.org/grpc v1.61.0 google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/internal/clients/namespace_test.go b/internal/clients/namespace_test.go index 3bb103f..2d7621f 100644 --- a/internal/clients/namespace_test.go +++ b/internal/clients/namespace_test.go @@ -22,6 +22,16 @@ func createTemporalNamespaceService(t *testing.T) *TemporalServiceImpl { return temporalService } +func createTemporalNamespaceServiceTLS(t *testing.T) *TemporalServiceImpl { + temporalService := createTemporalServiceTLS(t) + + _, err := temporalService.DeleteAllNamespaces(context.Background()) + if err != nil { + t.Fatal(err) + } + return temporalService +} + func createDefaultNamespaceParametersWithName(name string) *core.TemporalNamespaceParameters { desc := "Desc1" mail := "Test1@mail.local" @@ -234,6 +244,64 @@ func TestCreateDelete(t *testing.T) { assertNamespacesCount(t, temporalService, 0) } +func TestCreateTLS(t *testing.T) { + skipIfIsShort(t) + + temporalService := createTemporalNamespaceServiceTLS(t) + testNamespace := createDefaultNamespaceParametersWithName("TestTLS007") + + err := temporalService.CreateNamespace(context.Background(), testNamespace) + if err != nil { + t.Fatal(err) + } + + created, err := temporalService.DescribeNamespaceByName(context.Background(), testNamespace.Name) + if err != nil { + t.Fatal(err) + } + + assertNamespaceAreEqual(t, temporalService, created, testNamespace) + assertNamespacesCount(t, temporalService, 1) + + _, err = temporalService.DeleteNamespaceByName(context.Background(), testNamespace.Name) + if err != nil { + t.Fatal(err) + } + + assertNamespacesCount(t, temporalService, 0) +} + +func TestCreateDeleteTLS(t *testing.T) { + skipIfIsShort(t) + + temporalService := createTemporalNamespaceServiceTLS(t) + testNamespace1 := createDefaultNamespaceParametersWithName("TestTLS004") + + err1 := temporalService.CreateNamespace(context.Background(), testNamespace1) + if err1 != nil { + t.Fatal(err1) + } + + created1, err1 := temporalService.DescribeNamespaceByName(context.Background(), testNamespace1.Name) + if err1 != nil { + t.Fatal(err1) + } + + assertNamespaceAreEqual(t, temporalService, created1, testNamespace1) + assertNamespacesCount(t, temporalService, 1) + + deleted, err1 := temporalService.DeleteNamespaceByName(context.Background(), created1.Name) + if err1 != nil { + t.Fatal(err1) + } + + if deleted == nil { + t.Fatal("Namespace " + created1.Name + " not deleted") + } + t.Logf("Deleted: %s", *deleted) + assertNamespacesCount(t, temporalService, 0) +} + func assertNamespaceAreEqual(t *testing.T, temporalService NamespaceService, actual *core.TemporalNamespaceObservation, expected *core.TemporalNamespaceParameters) { mappedActual, err := temporalService.MapToNamespaceCompare(actual) if err != nil { diff --git a/internal/clients/searchattribute_test.go b/internal/clients/searchattribute_test.go index 5b4289e..8fad266 100644 --- a/internal/clients/searchattribute_test.go +++ b/internal/clients/searchattribute_test.go @@ -16,6 +16,11 @@ func createSearchAttributeService(t *testing.T) *TemporalServiceImpl { return temporalService } +func createSearchAttributeServiceTLS(t *testing.T) *TemporalServiceImpl { + temporalService := createTemporalServiceTLS(t) + return temporalService +} + func createSearchAttributeParameters(namespace string, attrName string, attrType string) *core.SearchAttributeParameters { return &core.SearchAttributeParameters{ Name: attrName, @@ -50,6 +55,32 @@ func TestCreateSearchAttribute(t *testing.T) { assertSearchAttributeCount(t, temporalService, testNamespace.Name, 0) } +func TestCreateSearchAttributeTLS(t *testing.T) { + skipIfIsShort(t) + + temporalService := createSearchAttributeServiceTLS(t) + testNamespace := createDefaultNamespaceParametersWithName("Test010") + + err := temporalService.CreateNamespace(context.Background(), testNamespace) + if err != nil { + t.Fatal(err) + } + + testAttr := createSearchAttributeParameters(testNamespace.Name, "test1TLS", "Keyword") + temporalService.CreateSearchAttribute(context.Background(), testAttr) + + foundSearchAttr, err := temporalService.DescribeSearchAttributeByName(context.Background(), testNamespace.Name, testAttr.Name) + if err != nil { + t.Fatal(err) + } + + assertSearchAttributesAreEqual(t, temporalService, foundSearchAttr, testAttr) + assertSearchAttributeCount(t, temporalService, testNamespace.Name, 1) + + temporalService.DeleteSearchAttributeByName(context.Background(), testNamespace.Name, testAttr.Name) + assertSearchAttributeCount(t, temporalService, testNamespace.Name, 0) +} + func assertSearchAttributesAreEqual(t *testing.T, temporalService SearchAttributeService, actual *core.SearchAttributeObservation, expected *core.SearchAttributeParameters) { mappedActual, err := temporalService.MapToSearchAttributeCompare(actual) if err != nil { diff --git a/internal/clients/service.go b/internal/clients/service.go index 7ac2bbc..e7c2e9c 100644 --- a/internal/clients/service.go +++ b/internal/clients/service.go @@ -1,16 +1,26 @@ package clients import ( + "crypto/tls" + "crypto/x509" "encoding/json" + "fmt" "os" "golang.org/x/exp/slog" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/credentials/insecure" "go.temporal.io/sdk/client" ) type TemporalServiceConfig struct { HostPort string `json:"hostPort"` + UseTLS bool `json:"useTLS"` + CACert string `json:"caCert"` + CertFile string `json:"certFile"` + KeyFile string `json:"keyFile"` } type TemporalServiceImpl struct { @@ -22,7 +32,7 @@ func NewTemporalService(configData []byte) (*TemporalServiceImpl, error) { var conf = TemporalServiceConfig{} err := json.Unmarshal(configData, &conf) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to unmarshal config data: %w", err) } logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{ @@ -30,20 +40,53 @@ func NewTemporalService(configData []byte) (*TemporalServiceImpl, error) { Level: slog.LevelDebug, })) + logger.Debug("Starting NewTemporalService", slog.String("hostPort", conf.HostPort), slog.Bool("useTLS", conf.UseTLS)) + + var dialOptions []grpc.DialOption + if conf.UseTLS && conf.CACert != "" && conf.CertFile != "" && conf.KeyFile != "" { + logger.Debug("Loading client certificate from strings") + cert, err := tls.X509KeyPair([]byte(conf.CertFile), []byte(conf.KeyFile)) + if err != nil { + return nil, fmt.Errorf("failed to load client certificate: %w", err) + } + + logger.Debug("Loading CA certificate from string") + caCertPool := x509.NewCertPool() + if !caCertPool.AppendCertsFromPEM([]byte(conf.CACert)) { + return nil, fmt.Errorf("failed to append CA certificate") + } + + logger.Debug("Creating TLS credentials") + creds := credentials.NewTLS(&tls.Config{ + MinVersion: tls.VersionTLS12, + Certificates: []tls.Certificate{cert}, + RootCAs: caCertPool, + }) + dialOptions = append(dialOptions, grpc.WithTransportCredentials(creds)) + } else { + logger.Debug("Using insecure credentials") + dialOptions = append(dialOptions, grpc.WithTransportCredentials(insecure.NewCredentials())) + } + clientOptions := client.Options{ HostPort: conf.HostPort, Logger: logger, + ConnectionOptions: client.ConnectionOptions{ + DialOptions: dialOptions, + }, } + logger.Debug("Dialing Temporal client", slog.String("hostPort", conf.HostPort)) temporalClient, err := client.Dial(clientOptions) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to dial Temporal client: %w", err) } + logger.Debug("Successfully created Temporal client") return &TemporalServiceImpl{ client: temporalClient, logger: logger, - }, err + }, nil } func (s *TemporalServiceImpl) Close() { diff --git a/internal/clients/service_test.go b/internal/clients/service_test.go index 1fe6513..f4f8e32 100644 --- a/internal/clients/service_test.go +++ b/internal/clients/service_test.go @@ -14,6 +14,20 @@ func createTemporalService(t *testing.T) *TemporalServiceImpl { return temporalService } +func createTemporalServiceTLS(t *testing.T) *TemporalServiceImpl { + jsonConfig := `{ + "HostPort": "localhost:7223", + "UseTLS": true, + "CACert": "-----BEGIN CERTIFICATE-----\nMIIFRTCCAy2gAwIBAgIUTfLoHTSYNEx0LXYnju+wJF6EP4EwDQYJKoZIhvcNAQEL\nBQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB\nLCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowMjELMAkGA1UE\nBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENBLCBJbmMuMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2+PV/h7kTWoUI3KhadR5yvrnqW4\n/NiBAV6TToxMK97KSs2J5EAIKjtg3o+1vL2Tkc6mOAegqGLsVWwpxUCTChBPDjiM\nLsBx1c7uTU0m7eDIBoMDMNy5Vy+tvT5vey+pdM4KORdzHIkjctilWWdJuUF+qRzp\nijgIruNsEj5CbYz57xXoS3wErfJlUu9GX+LFizR2OQMvIiF09dTbTyQ1a2bOmQYD\n8nVz7yo7ENCJlPonQYkSBfVuXIyR5LTouPsv2DYNGlT63rwEY3t0aq23Datmv9QP\n2k1jCMz3HcTUFHa+ErSd6opJYr9Fw+J6k/Ifho8xq3R6iJ5D9Wk15ozPA9tdZt/T\nvBmDb0QD9SvIirLuDBZ2eHbdCG2uLq/tLf87f04y3Q4VcAa0CCp+mGCMil9pnSki\nLqmcD0iAApQU3RtdX6uqV1TC9oK7UYomJY4nB2EwneIpYDupQPjZhCtlxGJboxkC\npZR79TTe1duoUKS6sm0LiJZ65eXmADLJeqrNBoSheHFrQOYcFZ5bfoA83uEhcNnw\n4NqhKrIm2L5NZZOITNvnsASGftL38O2FkflU24pYMIRf4q2IoTGSxXbzMMoveKXw\np2FPUUEv/EVJbPWnWKKATRJY6BJaHEPzsSqUX2GaEqxQPsVigWf9wyVcf4XrkIP4\nlbNtWyRIXi3D3hcCAwEAAaNTMFEwHQYDVR0OBBYEFL3nlLBSjx4kwpQrmkkInt2A\nSA+lMB8GA1UdIwQYMBaAFL3nlLBSjx4kwpQrmkkInt2ASA+lMA8GA1UdEwEB/wQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAEtkQ4MeRo7KYonhE5373xbtMNXkKhK\nvnDHJQL3YWUa+sY/+siZYK0dj+ZVSk3WAlI4MQyml66RV97uj/ywGIXvPFIU0v31\nqEAiqJ6ARDnxkfRFj3m7Kk7O3LN20TS4khFSXLvn4NHDswbyVpTePHTnN8Kqwn8b\ntx657Y1zWvSqPrHYU4D0b2EjNt4P/DufMUJFtgyu26qOef0iAuhK+Tb6ZAUndZJd\nBkxEl82/N5IYeSV6TnwuK3WmkgVqLt7jQ9ycOQGP23AloKsgDyAIaftw3Dl0RcR9\n4u7lEEoNq5RAOMewyPsCAz+l8kUvjXJ7zkAaI9MHWcAqutU96xExA1UlyBflTjE/\ncTbLa8Bv5Z1HgUnvTpuPZMUMEogRYpmsyPliWx+zmnlW+3JfyqyDchWst47wBJ96\nmBZ3bAPHTkU9TMmEuFz83awJlTKfYGBYovH3LOecYpgil6D5e8BkdICQRFBZlI+6\nFoGQAXm99KOvoS0t+fyoszhWDxkCR8qsdXqZNjMl9TLweLazSqd+oXoNcQ7TvA6r\noTnrnRZMOrVk68ad3MtalYJoBRAx2QfMNR6fPzS2xJ85tpCXcLMDSbFoW5jamX0x\nY42DQDWrqdV8j9q2J3HvevRHljTO7viSFa7s7QJj78vwP4ExlSTwojQaToAEhbL8\njo2clz/N0p+0\n-----END CERTIFICATE-----", + "CertFile": "-----BEGIN CERTIFICATE-----\nMIIFejCCA2KgAwIBAgIUEI7nS+4t8W3HYGNShYOTzlIIdoUwDQYJKoZIhvcNAQEL\nBQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB\nLCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowSjELMAkGA1UE\nBhMCVVMxCzAJBgNVBAgMAldBMRowGAYDVQQKDBFUZXN0IENsaWVudCwgSW5jLjES\nMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC\nAgEAt9KS+Cgaqaj1YdQw0Pkzb3lij3Iqt37pWMWxiqo/8ujUYRxOdhz9J320wBVC\nqUENnag8bvXmJxmRaeBC7rCCxoNXxsEuWAU+iN4dJvmjSbyJ+xoe9SyNfo/D4BxV\ntuhGxBp1g6doLnpC69priIK3k7uvP0bhP8hSahSit4FdXg5me4zq1FHWbTJ9Aw5C\nx8x2pENvPAwjhgOPF7WhJ2Qw0b5aSP2bzJiKPRswOKU3sCqbkio93RhkoTfX9SlU\noYuwIC0UO1+9v8rNI/AzaXKOFYfGf8wo76ecE/TSOrfbgbcFbcHfDi/i25Z2kz+B\n33rhu8B1hgqOscDLKbIo5c3pdMPskL7G3ac4Og3MLymvygYXi2hC2W3UpH1nergh\nrwRNWohTnLHAwU6U/i9QjGI5WNAokitYJNauO9a8r0nP21eWpbjCVLOsZaoN5blx\nlnzVpIyC8IFPpKgP428iivAqA43WeTo1zeH2ZGw3KzT+UDCBvgkgeZQtI4HacXSk\nMDyfGwFvDAHbX31y9/Frjead/BsBr8DQxVqU+eMa46OmRey5jcKs/KUg5MAwLQKc\nrB1mr5kJVgSkBAsgBBoXvB05S9tM4YPgHj/d57U2XkOJ8pp8MsoC6VlwQrCGC/UM\nnk0/zIctjJszdQ6yGVQeEJEpQQuve8+VbHBwz6uyr85++CECAwEAAaNwMG4wLAYD\nVR0RBCUwI4IJbG9jYWxob3N0hxAAAAAAAAAAAAAAAAAAAAABhwR/AAABMB0GA1Ud\nDgQWBBSyv1xsyjmiMpxPoDwXyqv3m40etDAfBgNVHSMEGDAWgBS955SwUo8eJMKU\nK5pJCJ7dgEgPpTANBgkqhkiG9w0BAQsFAAOCAgEAgvdRnBGB5mqtcUaYeKFBsl0w\nRDUOOQpMXJ1KF4oUovJnAIG0RlY93+ULi78riTfHoHZ0spQCL+cplW2PPJaWIaOr\nnYGjr92EoR2wQ+wU1sCbq+q+UbzNc3tB1OcYXDbWZew1mkWQpLi/WW4n2rqJM81H\nVb1AqlAFXEf20Z7+2L3gPzz7tq8uaGffiTAO1GLUNd3XcnMiXwvI9MzVJfIwOQyb\niVFHKI4BLYNV8M3rJp1bs0C4jdFxhP5wR+X3F9UftgmKjIjBVV4DvcP6Otwk/qPi\nvBd7Zbe4Don4tRr/ihQZ9AE0UghloKfic+xadEkDQsiZ4/VIVqWmRldyriDSsGKY\nyayoukVPGQFvNw+4HUZPnpTwn16pn90k5MCEanVHo0MkXqnHziN+R8aV2nBbj1um\nSS6oNUjxQENuQBSFXZjKurssLQVVqolBjI/phD5miY8FfAcxjnAcU/LuYrq75u8K\nFb5cO9ra19YmWtumMiabaoyVxjLLH/QYu6NMmVBa1NrLObz9UAIEUUbdWN05vPBK\niJuLXwD1XeBYxmjiI59cl/H2urpX20FxiHJeC3T49p/SiryixxK6fp+hnJNOfY75\nQfccXTAFYngqrs7UGkiDn7AYEl2Ffv44CvWRvACIiL1TqxRgPdJZHceYqLwCfbgV\ncmoFO2F27/Uo4XmKOgw=\n-----END CERTIFICATE-----", + "KeyFile": "-----BEGIN PRIVATE KEY-----\nMIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC30pL4KBqpqPVh\n1DDQ+TNveWKPciq3fulYxbGKqj/y6NRhHE52HP0nfbTAFUKpQQ2dqDxu9eYnGZFp\n4ELusILGg1fGwS5YBT6I3h0m+aNJvIn7Gh71LI1+j8PgHFW26EbEGnWDp2guekLr\n2muIgreTu68/RuE/yFJqFKK3gV1eDmZ7jOrUUdZtMn0DDkLHzHakQ288DCOGA48X\ntaEnZDDRvlpI/ZvMmIo9GzA4pTewKpuSKj3dGGShN9f1KVShi7AgLRQ7X72/ys0j\n8DNpco4Vh8Z/zCjvp5wT9NI6t9uBtwVtwd8OL+LblnaTP4HfeuG7wHWGCo6xwMsp\nsijlzel0w+yQvsbdpzg6DcwvKa/KBheLaELZbdSkfWd6uCGvBE1aiFOcscDBTpT+\nL1CMYjlY0CiSK1gk1q471ryvSc/bV5aluMJUs6xlqg3luXGWfNWkjILwgU+kqA/j\nbyKK8CoDjdZ5OjXN4fZkbDcrNP5QMIG+CSB5lC0jgdpxdKQwPJ8bAW8MAdtffXL3\n8WuN5p38GwGvwNDFWpT54xrjo6ZF7LmNwqz8pSDkwDAtApysHWavmQlWBKQECyAE\nGhe8HTlL20zhg+AeP93ntTZeQ4nymnwyygLpWXBCsIYL9QyeTT/Mhy2MmzN1DrIZ\nVB4QkSlBC697z5VscHDPq7Kvzn74IQIDAQABAoICAEIwzmASHMuzvav82pkc6qL8\nu/s4Gl6Zkc+32/644C8JHJRdO3l3ZcbHEoNKBIdql8sJzb0MyVOR9tT/fkpxf52Y\npM46OIRUWxiwliG3KU9/VtX2qWgSI18LyHXV7h1fFUA+4MrHyJFXz+oaa7crjovh\nPLDVxn0PlnGBPbhDGkooeEmLy/EpCMOoNvCXPX+xRZVPfOnL2yzB8lAQxFcpUhTs\nbJk0zNmGodxwAlSbVWqXZQ5kLIOE6ZNNxvMN713+LSzg3pSknHBHx8dlkjWpnLTu\n/5B8BM+K9H4RHXQsSRuzuf40Hav/nToBu2+5IfxFRKw1GHxsJ8aky+MXNnfNRf77\nGUrzxUE5X6wV15rjYHnEu/TnXlzqeZVusLtpqpava0tEPWsPNqOwwrQsn6ZTzG6Q\n30aqPVwjKUHjrzuQEHG8o4K6qkCBZq6+klKbFOI9WtI6B30N2ThfuONEIf4PrCZr\nas5oOhkFzt2ZD3rBL9UAKJRjNCxL6ZbJagckSEvAFfZK8CEUKYrk9oqzB2gthwcb\n8c+hjhxgC6RyPkPJmCwNpKrB+sC1zto8oM7PzNy1BbrWwNsaD6mOtvzYC/jzgPm/\nbL6baxIsJtQBaKHkzVx1wmSqvJmpl+s1EQZqExcl+zx3qSAZEnKq24s8PcCLHrhq\n6vB8mlkEanWv3Ar/1a17AoIBAQDwAAGDQdsQKOV0DVwwrrKkj0M2Y8OKyGuMb2Qc\n4sS0Liyv5CooLLOERKa8ECGPs9+Ryu/dg8y+eFZCm8nMV0GA74YOEkbUwGWjnjZy\nM4c/xfYIOv9+CvdqHU5Wh1Lt/8SFw4XZCr+5BeBNG46M9os2DMVnkbXplcSvl6Lb\n1SjTvDIBiG3+5Z0yU8hDI3ZDy1mELbzW4b+4P6QSdS6uIE2jgNFom1tIjdo0QNNF\n0gylIZflO3zbmb/R3kaxgWORQoYg3+UzcpqllG3W2FmcF/cKgfye7Gidg+SO8p/L\nzhqtn38qNG3bKuI2TacjWu5mArqLEK2Swe0nrjdCXDSbKWlHAoIBAQDEE867P7OM\nkL/S0MDr6t4JEDJrRuTNARqlFaM12oGmZFQeClxy/CMweNPdMlCx9TYDrG892vUY\nGmr6mqzQ8SzBCQNtV3YAIEJshEA3S7a/YoMIlo6cafyMSN5iz23Gh8y1JfmOpiQf\nffMolTdcKE/VsRHHiVAo6IocX0F0J0tm2ZvzpK6YYCmSuyuFDrg7ksVFYB9VPxDZ\ncnkyj3T9NEmCEwodfL4sc4mmLntjIpXF1xrPf08sO2V/Ct0nv/nFq+VO6k2U0AUK\nVQRLOLPj7SOKvUR7JPLBwNjbPUhyq3nX2ROXrUclgEqKAFlk2YmH9X3KNHIsobVV\nDogBb+vzusdXAoIBAEV4Gvf9ZgWFcPVosJi+2KLdfR0PP5i6brcVvyrFUR6+htza\n9IDwf333yTOCj9RiwoIW9dtuvSMc/gsFwSHO1/0UV/9Wtv36OvFjaGsiEzIYgSDc\nwvue/QLQPM67GPwfHqmBcQrkG57Y3pYzNc4Dx0P76mASQ0+7tFUHVXLAfrLbNLZQ\n4VX47MmWis80QpVZFS43dwPUEISqlzlohfyNCSwcq4DWB1Q3C0Q4x27cYCCkWq1V\nzMxb8rQy3M+gnkt7sAtwA44izDTFhA2+TiHqpe16tr7hu15swQnHnQ2HOR2sn0h+\nKJZaEWSakZigR4VroMeEKlninFzyBrjEq82F7R0CggEAE4lttdaZC0547oaCUn9q\ndDi67Vl4/rw3bW+EfZ8x/+RLRVr+7y4US4YehhG3XKP0J9WMl/szJJ2tPx8eTQta\nzDkbsE9goI6WT721sEzI/rTQHZDy0L72vPudvPayF2/8g6gu/3mqa8De85I6m+Ig\nYkhsXxddd1YEPON44BvyNWNFWLd19hTOz6H6qh1XWgg7w7faJ2JLSX9QeCs3GuuU\nz3MaNOnzAPbaJkbHYI9XoQjX0Qj8WInqiQgKFSXZu0pvZLeP114KwobKELyrn/BG\n9FH7etGppoiSkvW+PD69uzYT768CQchQpQN35MaQH43kZLtpDO1n5fu2rX37YqOf\nrQKCAQBIMsdsjvgvKVaglIJIzIgR9eFTryFo3HRKD7wasb8dcmlzbN1dwTE4Cck2\nXeQI5Ne4ks/CLkS/ygi8yrsPx1N8eMnYz0aGJbPVk/zxfor1vrIBpUMKFMR2KhWC\nhCXz2TenOYcujc7KFJq828Ku5O6REfdo6CYFT8ag2PwZOVQwp6Okm1ehUq+f+QMN\nDrmxZadj5zL9qjMf2QXnQ5J1ihfDmuX0e36DarAq9f3jujblKFMEkAx+hocXoMmj\nmru+V50PbFH2uc4t/dcmCWMPm/BX7zrQwkJffatj7lwwcyIPbIPwSObLgWfSEI1d\njLG9z3ZTkwHuHm/qkFZG/RKSsOgw\n-----END PRIVATE KEY-----" + }` + + temporalService := createTemporalServiceWithConfig(t, jsonConfig) + + return temporalService +} + func createTemporalServiceWithConfig(t *testing.T, jsonConfig string) *TemporalServiceImpl { service, err := NewTemporalService([]byte(jsonConfig)) if err != nil { diff --git a/tests/docker-compose.yaml b/tests/docker-compose.yaml index 0c50a9c..eebd995 100644 --- a/tests/docker-compose.yaml +++ b/tests/docker-compose.yaml @@ -19,15 +19,77 @@ services: depends_on: - temporal environment: - - TEMPORAL_ADDRESS=temporal:7233 + - TEMPORAL_ADDRESS=temporal-for-tests:7233 ports: - 8181:8080 postgresql: image: postgres:13 + container_name: postgres environment: POSTGRES_PASSWORD: temporal POSTGRES_USER: temporal ports: - 5432:5432 volumes: - - /var/lib/postgresql/data \ No newline at end of file + - /var/lib/postgresql/data + temporal-tls: + image: temporalio/auto-setup:1.22.3.0 + container_name: temporal-tls-for-tests + ports: + - "7223:7233" + volumes: + - ${PWD}/certs:/certs + environment: + - DB=postgres12 + - DB_PORT=5432 + - POSTGRES_USER=temporal + - POSTGRES_PWD=temporal + - POSTGRES_SEEDS=postgresql-tls + - TEMPORAL_TLS_SERVER_CA_CERT=/certs/ca.cert + - TEMPORAL_TLS_SERVER_CERT=/certs/cluster.pem + - TEMPORAL_TLS_SERVER_KEY=/certs/cluster.key + - TEMPORAL_TLS_REQUIRE_CLIENT_AUTH=true + - TEMPORAL_TLS_FRONTEND_CERT=/certs/cluster.pem + - TEMPORAL_TLS_FRONTEND_KEY=/certs/cluster.key + - TEMPORAL_TLS_CLIENT1_CA_CERT=/certs/ca.cert + - TEMPORAL_TLS_CLIENT2_CA_CERT=/certs/ca.cert + - TEMPORAL_TLS_INTERNODE_SERVER_NAME=localhost + - TEMPORAL_TLS_FRONTEND_SERVER_NAME=localhost + - TEMPORAL_TLS_FRONTEND_DISABLE_HOST_VERIFICATION=false + - TEMPORAL_TLS_INTERNODE_DISABLE_HOST_VERIFICATION=false + - TEMPORAL_CLI_TLS_CA=/certs/ca.cert + - TEMPORAL_CLI_TLS_CERT=/certs/cluster.pem + - TEMPORAL_CLI_TLS_KEY=/certs/cluster.key + - TEMPORAL_CLI_TLS_ENABLE_HOST_VERIFICATION=true + - TEMPORAL_CLI_TLS_SERVER_NAME=localhost + - TEMPORAL_TLS_CA=/certs/ca.cert + - TEMPORAL_TLS_CERT=/certs/cluster.pem + - TEMPORAL_TLS_KEY=/certs/cluster.key + - TEMPORAL_TLS_ENABLE_HOST_VERIFICATION=true + - TEMPORAL_TLS_SERVER_NAME=localhost + depends_on: + - postgresql-tls + temporal-ui-tls: + image: temporalio/ui:2.21.4 + container_name: temporal-ui-tls + depends_on: + - temporal-tls + environment: + - TEMPORAL_ADDRESS=temporal-tls-for-tests:7233 + - TEMPORAL_TLS_CA=/certs/ca.cert + - TEMPORAL_TLS_CERT=/certs/cluster.pem + - TEMPORAL_TLS_KEY=/certs/cluster.key + ports: + - 8282:8080 + volumes: + - ${PWD}/certs:/certs + postgresql-tls: + container_name: postgres-tls + image: postgres:13 + environment: + POSTGRES_PASSWORD: temporal + POSTGRES_USER: temporal + ports: + - 5433:5432 + volumes: + - /var/lib/postgresql/data From 50b60a1ce47019f6e1a87d95c7a600f15841a37d Mon Sep 17 00:00:00 2001 From: Mihaela Balas Date: Mon, 30 Sep 2024 15:15:35 +0300 Subject: [PATCH 2/3] address review comments --- .github/workflows/release.yml | 6 +++--- README.md | 8 ++++---- internal/clients/service.go | 20 ++++++++++++-------- internal/clients/service_test.go | 6 +++--- 4 files changed, 22 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a3f14d1..2eb05cd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -150,8 +150,8 @@ jobs: key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} restore-keys: ${{ runner.os }}-pkg- - - name: Start Temporal with docker-compose - run: docker-compose -f tests/docker-compose.yaml up -d + - name: Start Temporal with docker compose + run: docker compose -f tests/docker-compose.yaml up -d - name: Show docker container run: docker ps @@ -265,4 +265,4 @@ jobs: _output/bin/** body: | **This is a Github draft release.** - Once ready please remove this and publish the release. \ No newline at end of file + Once ready please remove this and publish the release. diff --git a/README.md b/README.md index 9e17ab1..4989e66 100644 --- a/README.md +++ b/README.md @@ -56,9 +56,9 @@ Provider Credentials with TLS: { "HostPort": "temporal:7233", "UseTLS": true, - "CACert": "-----BEGIN CERTIFICATE-----\nhere insert CA certificate\n-----END CERTIFICATE-----", - "CertFile": "-----BEGIN CERTIFICATE-----\nhere insert certificate\n-----END CERTIFICATE-----", - "KeyFile": "-----BEGIN RSA PRIVATE KEY-----\nhere insert key\n-----END RSA PRIVATE KEY-----", + "CACertPem": "-----BEGIN CERTIFICATE-----\nhere insert CA certificate\n-----END CERTIFICATE-----", + "CertPem": "-----BEGIN CERTIFICATE-----\nhere insert certificate\n-----END CERTIFICATE-----", + "KeyPem": "-----BEGIN RSA PRIVATE KEY-----\nhere insert key\n-----END RSA PRIVATE KEY-----", } ``` # Troubleshooting @@ -214,5 +214,5 @@ Then, edit `internal/clients/service_test.go` and update the new test certificat ``` awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/client.pem awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/client.key -awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/ca.crt +awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/ca.cert ``` diff --git a/internal/clients/service.go b/internal/clients/service.go index e7c2e9c..75868d6 100644 --- a/internal/clients/service.go +++ b/internal/clients/service.go @@ -16,11 +16,11 @@ import ( ) type TemporalServiceConfig struct { - HostPort string `json:"hostPort"` - UseTLS bool `json:"useTLS"` - CACert string `json:"caCert"` - CertFile string `json:"certFile"` - KeyFile string `json:"keyFile"` + HostPort string `json:"hostPort"` + UseTLS bool `json:"useTLS"` + CACertPem string `json:"caCertPem"` + CertPem string `json:"certPem"` + KeyPem string `json:"keyPem"` } type TemporalServiceImpl struct { @@ -43,16 +43,20 @@ func NewTemporalService(configData []byte) (*TemporalServiceImpl, error) { logger.Debug("Starting NewTemporalService", slog.String("hostPort", conf.HostPort), slog.Bool("useTLS", conf.UseTLS)) var dialOptions []grpc.DialOption - if conf.UseTLS && conf.CACert != "" && conf.CertFile != "" && conf.KeyFile != "" { + if conf.UseTLS { + if conf.CACertPem == "" || conf.CertPem == "" || conf.KeyPem == "" { + return nil, fmt.Errorf("TLS is enabled but one or more of the certificates or key are missing") + } + logger.Debug("Loading client certificate from strings") - cert, err := tls.X509KeyPair([]byte(conf.CertFile), []byte(conf.KeyFile)) + cert, err := tls.X509KeyPair([]byte(conf.CertPem), []byte(conf.KeyPem)) if err != nil { return nil, fmt.Errorf("failed to load client certificate: %w", err) } logger.Debug("Loading CA certificate from string") caCertPool := x509.NewCertPool() - if !caCertPool.AppendCertsFromPEM([]byte(conf.CACert)) { + if !caCertPool.AppendCertsFromPEM([]byte(conf.CACertPem)) { return nil, fmt.Errorf("failed to append CA certificate") } diff --git a/internal/clients/service_test.go b/internal/clients/service_test.go index f4f8e32..1300451 100644 --- a/internal/clients/service_test.go +++ b/internal/clients/service_test.go @@ -18,9 +18,9 @@ func createTemporalServiceTLS(t *testing.T) *TemporalServiceImpl { jsonConfig := `{ "HostPort": "localhost:7223", "UseTLS": true, - "CACert": "-----BEGIN CERTIFICATE-----\nMIIFRTCCAy2gAwIBAgIUTfLoHTSYNEx0LXYnju+wJF6EP4EwDQYJKoZIhvcNAQEL\nBQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB\nLCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowMjELMAkGA1UE\nBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENBLCBJbmMuMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2+PV/h7kTWoUI3KhadR5yvrnqW4\n/NiBAV6TToxMK97KSs2J5EAIKjtg3o+1vL2Tkc6mOAegqGLsVWwpxUCTChBPDjiM\nLsBx1c7uTU0m7eDIBoMDMNy5Vy+tvT5vey+pdM4KORdzHIkjctilWWdJuUF+qRzp\nijgIruNsEj5CbYz57xXoS3wErfJlUu9GX+LFizR2OQMvIiF09dTbTyQ1a2bOmQYD\n8nVz7yo7ENCJlPonQYkSBfVuXIyR5LTouPsv2DYNGlT63rwEY3t0aq23Datmv9QP\n2k1jCMz3HcTUFHa+ErSd6opJYr9Fw+J6k/Ifho8xq3R6iJ5D9Wk15ozPA9tdZt/T\nvBmDb0QD9SvIirLuDBZ2eHbdCG2uLq/tLf87f04y3Q4VcAa0CCp+mGCMil9pnSki\nLqmcD0iAApQU3RtdX6uqV1TC9oK7UYomJY4nB2EwneIpYDupQPjZhCtlxGJboxkC\npZR79TTe1duoUKS6sm0LiJZ65eXmADLJeqrNBoSheHFrQOYcFZ5bfoA83uEhcNnw\n4NqhKrIm2L5NZZOITNvnsASGftL38O2FkflU24pYMIRf4q2IoTGSxXbzMMoveKXw\np2FPUUEv/EVJbPWnWKKATRJY6BJaHEPzsSqUX2GaEqxQPsVigWf9wyVcf4XrkIP4\nlbNtWyRIXi3D3hcCAwEAAaNTMFEwHQYDVR0OBBYEFL3nlLBSjx4kwpQrmkkInt2A\nSA+lMB8GA1UdIwQYMBaAFL3nlLBSjx4kwpQrmkkInt2ASA+lMA8GA1UdEwEB/wQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAEtkQ4MeRo7KYonhE5373xbtMNXkKhK\nvnDHJQL3YWUa+sY/+siZYK0dj+ZVSk3WAlI4MQyml66RV97uj/ywGIXvPFIU0v31\nqEAiqJ6ARDnxkfRFj3m7Kk7O3LN20TS4khFSXLvn4NHDswbyVpTePHTnN8Kqwn8b\ntx657Y1zWvSqPrHYU4D0b2EjNt4P/DufMUJFtgyu26qOef0iAuhK+Tb6ZAUndZJd\nBkxEl82/N5IYeSV6TnwuK3WmkgVqLt7jQ9ycOQGP23AloKsgDyAIaftw3Dl0RcR9\n4u7lEEoNq5RAOMewyPsCAz+l8kUvjXJ7zkAaI9MHWcAqutU96xExA1UlyBflTjE/\ncTbLa8Bv5Z1HgUnvTpuPZMUMEogRYpmsyPliWx+zmnlW+3JfyqyDchWst47wBJ96\nmBZ3bAPHTkU9TMmEuFz83awJlTKfYGBYovH3LOecYpgil6D5e8BkdICQRFBZlI+6\nFoGQAXm99KOvoS0t+fyoszhWDxkCR8qsdXqZNjMl9TLweLazSqd+oXoNcQ7TvA6r\noTnrnRZMOrVk68ad3MtalYJoBRAx2QfMNR6fPzS2xJ85tpCXcLMDSbFoW5jamX0x\nY42DQDWrqdV8j9q2J3HvevRHljTO7viSFa7s7QJj78vwP4ExlSTwojQaToAEhbL8\njo2clz/N0p+0\n-----END CERTIFICATE-----", - "CertFile": "-----BEGIN CERTIFICATE-----\nMIIFejCCA2KgAwIBAgIUEI7nS+4t8W3HYGNShYOTzlIIdoUwDQYJKoZIhvcNAQEL\nBQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB\nLCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowSjELMAkGA1UE\nBhMCVVMxCzAJBgNVBAgMAldBMRowGAYDVQQKDBFUZXN0IENsaWVudCwgSW5jLjES\nMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC\nAgEAt9KS+Cgaqaj1YdQw0Pkzb3lij3Iqt37pWMWxiqo/8ujUYRxOdhz9J320wBVC\nqUENnag8bvXmJxmRaeBC7rCCxoNXxsEuWAU+iN4dJvmjSbyJ+xoe9SyNfo/D4BxV\ntuhGxBp1g6doLnpC69priIK3k7uvP0bhP8hSahSit4FdXg5me4zq1FHWbTJ9Aw5C\nx8x2pENvPAwjhgOPF7WhJ2Qw0b5aSP2bzJiKPRswOKU3sCqbkio93RhkoTfX9SlU\noYuwIC0UO1+9v8rNI/AzaXKOFYfGf8wo76ecE/TSOrfbgbcFbcHfDi/i25Z2kz+B\n33rhu8B1hgqOscDLKbIo5c3pdMPskL7G3ac4Og3MLymvygYXi2hC2W3UpH1nergh\nrwRNWohTnLHAwU6U/i9QjGI5WNAokitYJNauO9a8r0nP21eWpbjCVLOsZaoN5blx\nlnzVpIyC8IFPpKgP428iivAqA43WeTo1zeH2ZGw3KzT+UDCBvgkgeZQtI4HacXSk\nMDyfGwFvDAHbX31y9/Frjead/BsBr8DQxVqU+eMa46OmRey5jcKs/KUg5MAwLQKc\nrB1mr5kJVgSkBAsgBBoXvB05S9tM4YPgHj/d57U2XkOJ8pp8MsoC6VlwQrCGC/UM\nnk0/zIctjJszdQ6yGVQeEJEpQQuve8+VbHBwz6uyr85++CECAwEAAaNwMG4wLAYD\nVR0RBCUwI4IJbG9jYWxob3N0hxAAAAAAAAAAAAAAAAAAAAABhwR/AAABMB0GA1Ud\nDgQWBBSyv1xsyjmiMpxPoDwXyqv3m40etDAfBgNVHSMEGDAWgBS955SwUo8eJMKU\nK5pJCJ7dgEgPpTANBgkqhkiG9w0BAQsFAAOCAgEAgvdRnBGB5mqtcUaYeKFBsl0w\nRDUOOQpMXJ1KF4oUovJnAIG0RlY93+ULi78riTfHoHZ0spQCL+cplW2PPJaWIaOr\nnYGjr92EoR2wQ+wU1sCbq+q+UbzNc3tB1OcYXDbWZew1mkWQpLi/WW4n2rqJM81H\nVb1AqlAFXEf20Z7+2L3gPzz7tq8uaGffiTAO1GLUNd3XcnMiXwvI9MzVJfIwOQyb\niVFHKI4BLYNV8M3rJp1bs0C4jdFxhP5wR+X3F9UftgmKjIjBVV4DvcP6Otwk/qPi\nvBd7Zbe4Don4tRr/ihQZ9AE0UghloKfic+xadEkDQsiZ4/VIVqWmRldyriDSsGKY\nyayoukVPGQFvNw+4HUZPnpTwn16pn90k5MCEanVHo0MkXqnHziN+R8aV2nBbj1um\nSS6oNUjxQENuQBSFXZjKurssLQVVqolBjI/phD5miY8FfAcxjnAcU/LuYrq75u8K\nFb5cO9ra19YmWtumMiabaoyVxjLLH/QYu6NMmVBa1NrLObz9UAIEUUbdWN05vPBK\niJuLXwD1XeBYxmjiI59cl/H2urpX20FxiHJeC3T49p/SiryixxK6fp+hnJNOfY75\nQfccXTAFYngqrs7UGkiDn7AYEl2Ffv44CvWRvACIiL1TqxRgPdJZHceYqLwCfbgV\ncmoFO2F27/Uo4XmKOgw=\n-----END CERTIFICATE-----", - "KeyFile": "-----BEGIN PRIVATE KEY-----\nMIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC30pL4KBqpqPVh\n1DDQ+TNveWKPciq3fulYxbGKqj/y6NRhHE52HP0nfbTAFUKpQQ2dqDxu9eYnGZFp\n4ELusILGg1fGwS5YBT6I3h0m+aNJvIn7Gh71LI1+j8PgHFW26EbEGnWDp2guekLr\n2muIgreTu68/RuE/yFJqFKK3gV1eDmZ7jOrUUdZtMn0DDkLHzHakQ288DCOGA48X\ntaEnZDDRvlpI/ZvMmIo9GzA4pTewKpuSKj3dGGShN9f1KVShi7AgLRQ7X72/ys0j\n8DNpco4Vh8Z/zCjvp5wT9NI6t9uBtwVtwd8OL+LblnaTP4HfeuG7wHWGCo6xwMsp\nsijlzel0w+yQvsbdpzg6DcwvKa/KBheLaELZbdSkfWd6uCGvBE1aiFOcscDBTpT+\nL1CMYjlY0CiSK1gk1q471ryvSc/bV5aluMJUs6xlqg3luXGWfNWkjILwgU+kqA/j\nbyKK8CoDjdZ5OjXN4fZkbDcrNP5QMIG+CSB5lC0jgdpxdKQwPJ8bAW8MAdtffXL3\n8WuN5p38GwGvwNDFWpT54xrjo6ZF7LmNwqz8pSDkwDAtApysHWavmQlWBKQECyAE\nGhe8HTlL20zhg+AeP93ntTZeQ4nymnwyygLpWXBCsIYL9QyeTT/Mhy2MmzN1DrIZ\nVB4QkSlBC697z5VscHDPq7Kvzn74IQIDAQABAoICAEIwzmASHMuzvav82pkc6qL8\nu/s4Gl6Zkc+32/644C8JHJRdO3l3ZcbHEoNKBIdql8sJzb0MyVOR9tT/fkpxf52Y\npM46OIRUWxiwliG3KU9/VtX2qWgSI18LyHXV7h1fFUA+4MrHyJFXz+oaa7crjovh\nPLDVxn0PlnGBPbhDGkooeEmLy/EpCMOoNvCXPX+xRZVPfOnL2yzB8lAQxFcpUhTs\nbJk0zNmGodxwAlSbVWqXZQ5kLIOE6ZNNxvMN713+LSzg3pSknHBHx8dlkjWpnLTu\n/5B8BM+K9H4RHXQsSRuzuf40Hav/nToBu2+5IfxFRKw1GHxsJ8aky+MXNnfNRf77\nGUrzxUE5X6wV15rjYHnEu/TnXlzqeZVusLtpqpava0tEPWsPNqOwwrQsn6ZTzG6Q\n30aqPVwjKUHjrzuQEHG8o4K6qkCBZq6+klKbFOI9WtI6B30N2ThfuONEIf4PrCZr\nas5oOhkFzt2ZD3rBL9UAKJRjNCxL6ZbJagckSEvAFfZK8CEUKYrk9oqzB2gthwcb\n8c+hjhxgC6RyPkPJmCwNpKrB+sC1zto8oM7PzNy1BbrWwNsaD6mOtvzYC/jzgPm/\nbL6baxIsJtQBaKHkzVx1wmSqvJmpl+s1EQZqExcl+zx3qSAZEnKq24s8PcCLHrhq\n6vB8mlkEanWv3Ar/1a17AoIBAQDwAAGDQdsQKOV0DVwwrrKkj0M2Y8OKyGuMb2Qc\n4sS0Liyv5CooLLOERKa8ECGPs9+Ryu/dg8y+eFZCm8nMV0GA74YOEkbUwGWjnjZy\nM4c/xfYIOv9+CvdqHU5Wh1Lt/8SFw4XZCr+5BeBNG46M9os2DMVnkbXplcSvl6Lb\n1SjTvDIBiG3+5Z0yU8hDI3ZDy1mELbzW4b+4P6QSdS6uIE2jgNFom1tIjdo0QNNF\n0gylIZflO3zbmb/R3kaxgWORQoYg3+UzcpqllG3W2FmcF/cKgfye7Gidg+SO8p/L\nzhqtn38qNG3bKuI2TacjWu5mArqLEK2Swe0nrjdCXDSbKWlHAoIBAQDEE867P7OM\nkL/S0MDr6t4JEDJrRuTNARqlFaM12oGmZFQeClxy/CMweNPdMlCx9TYDrG892vUY\nGmr6mqzQ8SzBCQNtV3YAIEJshEA3S7a/YoMIlo6cafyMSN5iz23Gh8y1JfmOpiQf\nffMolTdcKE/VsRHHiVAo6IocX0F0J0tm2ZvzpK6YYCmSuyuFDrg7ksVFYB9VPxDZ\ncnkyj3T9NEmCEwodfL4sc4mmLntjIpXF1xrPf08sO2V/Ct0nv/nFq+VO6k2U0AUK\nVQRLOLPj7SOKvUR7JPLBwNjbPUhyq3nX2ROXrUclgEqKAFlk2YmH9X3KNHIsobVV\nDogBb+vzusdXAoIBAEV4Gvf9ZgWFcPVosJi+2KLdfR0PP5i6brcVvyrFUR6+htza\n9IDwf333yTOCj9RiwoIW9dtuvSMc/gsFwSHO1/0UV/9Wtv36OvFjaGsiEzIYgSDc\nwvue/QLQPM67GPwfHqmBcQrkG57Y3pYzNc4Dx0P76mASQ0+7tFUHVXLAfrLbNLZQ\n4VX47MmWis80QpVZFS43dwPUEISqlzlohfyNCSwcq4DWB1Q3C0Q4x27cYCCkWq1V\nzMxb8rQy3M+gnkt7sAtwA44izDTFhA2+TiHqpe16tr7hu15swQnHnQ2HOR2sn0h+\nKJZaEWSakZigR4VroMeEKlninFzyBrjEq82F7R0CggEAE4lttdaZC0547oaCUn9q\ndDi67Vl4/rw3bW+EfZ8x/+RLRVr+7y4US4YehhG3XKP0J9WMl/szJJ2tPx8eTQta\nzDkbsE9goI6WT721sEzI/rTQHZDy0L72vPudvPayF2/8g6gu/3mqa8De85I6m+Ig\nYkhsXxddd1YEPON44BvyNWNFWLd19hTOz6H6qh1XWgg7w7faJ2JLSX9QeCs3GuuU\nz3MaNOnzAPbaJkbHYI9XoQjX0Qj8WInqiQgKFSXZu0pvZLeP114KwobKELyrn/BG\n9FH7etGppoiSkvW+PD69uzYT768CQchQpQN35MaQH43kZLtpDO1n5fu2rX37YqOf\nrQKCAQBIMsdsjvgvKVaglIJIzIgR9eFTryFo3HRKD7wasb8dcmlzbN1dwTE4Cck2\nXeQI5Ne4ks/CLkS/ygi8yrsPx1N8eMnYz0aGJbPVk/zxfor1vrIBpUMKFMR2KhWC\nhCXz2TenOYcujc7KFJq828Ku5O6REfdo6CYFT8ag2PwZOVQwp6Okm1ehUq+f+QMN\nDrmxZadj5zL9qjMf2QXnQ5J1ihfDmuX0e36DarAq9f3jujblKFMEkAx+hocXoMmj\nmru+V50PbFH2uc4t/dcmCWMPm/BX7zrQwkJffatj7lwwcyIPbIPwSObLgWfSEI1d\njLG9z3ZTkwHuHm/qkFZG/RKSsOgw\n-----END PRIVATE KEY-----" + "CACertPem": "-----BEGIN CERTIFICATE-----\nMIIFRTCCAy2gAwIBAgIUTfLoHTSYNEx0LXYnju+wJF6EP4EwDQYJKoZIhvcNAQEL\nBQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB\nLCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowMjELMAkGA1UE\nBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENBLCBJbmMuMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2+PV/h7kTWoUI3KhadR5yvrnqW4\n/NiBAV6TToxMK97KSs2J5EAIKjtg3o+1vL2Tkc6mOAegqGLsVWwpxUCTChBPDjiM\nLsBx1c7uTU0m7eDIBoMDMNy5Vy+tvT5vey+pdM4KORdzHIkjctilWWdJuUF+qRzp\nijgIruNsEj5CbYz57xXoS3wErfJlUu9GX+LFizR2OQMvIiF09dTbTyQ1a2bOmQYD\n8nVz7yo7ENCJlPonQYkSBfVuXIyR5LTouPsv2DYNGlT63rwEY3t0aq23Datmv9QP\n2k1jCMz3HcTUFHa+ErSd6opJYr9Fw+J6k/Ifho8xq3R6iJ5D9Wk15ozPA9tdZt/T\nvBmDb0QD9SvIirLuDBZ2eHbdCG2uLq/tLf87f04y3Q4VcAa0CCp+mGCMil9pnSki\nLqmcD0iAApQU3RtdX6uqV1TC9oK7UYomJY4nB2EwneIpYDupQPjZhCtlxGJboxkC\npZR79TTe1duoUKS6sm0LiJZ65eXmADLJeqrNBoSheHFrQOYcFZ5bfoA83uEhcNnw\n4NqhKrIm2L5NZZOITNvnsASGftL38O2FkflU24pYMIRf4q2IoTGSxXbzMMoveKXw\np2FPUUEv/EVJbPWnWKKATRJY6BJaHEPzsSqUX2GaEqxQPsVigWf9wyVcf4XrkIP4\nlbNtWyRIXi3D3hcCAwEAAaNTMFEwHQYDVR0OBBYEFL3nlLBSjx4kwpQrmkkInt2A\nSA+lMB8GA1UdIwQYMBaAFL3nlLBSjx4kwpQrmkkInt2ASA+lMA8GA1UdEwEB/wQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAEtkQ4MeRo7KYonhE5373xbtMNXkKhK\nvnDHJQL3YWUa+sY/+siZYK0dj+ZVSk3WAlI4MQyml66RV97uj/ywGIXvPFIU0v31\nqEAiqJ6ARDnxkfRFj3m7Kk7O3LN20TS4khFSXLvn4NHDswbyVpTePHTnN8Kqwn8b\ntx657Y1zWvSqPrHYU4D0b2EjNt4P/DufMUJFtgyu26qOef0iAuhK+Tb6ZAUndZJd\nBkxEl82/N5IYeSV6TnwuK3WmkgVqLt7jQ9ycOQGP23AloKsgDyAIaftw3Dl0RcR9\n4u7lEEoNq5RAOMewyPsCAz+l8kUvjXJ7zkAaI9MHWcAqutU96xExA1UlyBflTjE/\ncTbLa8Bv5Z1HgUnvTpuPZMUMEogRYpmsyPliWx+zmnlW+3JfyqyDchWst47wBJ96\nmBZ3bAPHTkU9TMmEuFz83awJlTKfYGBYovH3LOecYpgil6D5e8BkdICQRFBZlI+6\nFoGQAXm99KOvoS0t+fyoszhWDxkCR8qsdXqZNjMl9TLweLazSqd+oXoNcQ7TvA6r\noTnrnRZMOrVk68ad3MtalYJoBRAx2QfMNR6fPzS2xJ85tpCXcLMDSbFoW5jamX0x\nY42DQDWrqdV8j9q2J3HvevRHljTO7viSFa7s7QJj78vwP4ExlSTwojQaToAEhbL8\njo2clz/N0p+0\n-----END CERTIFICATE-----", + "CertPem": "-----BEGIN CERTIFICATE-----\nMIIFejCCA2KgAwIBAgIUEI7nS+4t8W3HYGNShYOTzlIIdoUwDQYJKoZIhvcNAQEL\nBQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB\nLCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowSjELMAkGA1UE\nBhMCVVMxCzAJBgNVBAgMAldBMRowGAYDVQQKDBFUZXN0IENsaWVudCwgSW5jLjES\nMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC\nAgEAt9KS+Cgaqaj1YdQw0Pkzb3lij3Iqt37pWMWxiqo/8ujUYRxOdhz9J320wBVC\nqUENnag8bvXmJxmRaeBC7rCCxoNXxsEuWAU+iN4dJvmjSbyJ+xoe9SyNfo/D4BxV\ntuhGxBp1g6doLnpC69priIK3k7uvP0bhP8hSahSit4FdXg5me4zq1FHWbTJ9Aw5C\nx8x2pENvPAwjhgOPF7WhJ2Qw0b5aSP2bzJiKPRswOKU3sCqbkio93RhkoTfX9SlU\noYuwIC0UO1+9v8rNI/AzaXKOFYfGf8wo76ecE/TSOrfbgbcFbcHfDi/i25Z2kz+B\n33rhu8B1hgqOscDLKbIo5c3pdMPskL7G3ac4Og3MLymvygYXi2hC2W3UpH1nergh\nrwRNWohTnLHAwU6U/i9QjGI5WNAokitYJNauO9a8r0nP21eWpbjCVLOsZaoN5blx\nlnzVpIyC8IFPpKgP428iivAqA43WeTo1zeH2ZGw3KzT+UDCBvgkgeZQtI4HacXSk\nMDyfGwFvDAHbX31y9/Frjead/BsBr8DQxVqU+eMa46OmRey5jcKs/KUg5MAwLQKc\nrB1mr5kJVgSkBAsgBBoXvB05S9tM4YPgHj/d57U2XkOJ8pp8MsoC6VlwQrCGC/UM\nnk0/zIctjJszdQ6yGVQeEJEpQQuve8+VbHBwz6uyr85++CECAwEAAaNwMG4wLAYD\nVR0RBCUwI4IJbG9jYWxob3N0hxAAAAAAAAAAAAAAAAAAAAABhwR/AAABMB0GA1Ud\nDgQWBBSyv1xsyjmiMpxPoDwXyqv3m40etDAfBgNVHSMEGDAWgBS955SwUo8eJMKU\nK5pJCJ7dgEgPpTANBgkqhkiG9w0BAQsFAAOCAgEAgvdRnBGB5mqtcUaYeKFBsl0w\nRDUOOQpMXJ1KF4oUovJnAIG0RlY93+ULi78riTfHoHZ0spQCL+cplW2PPJaWIaOr\nnYGjr92EoR2wQ+wU1sCbq+q+UbzNc3tB1OcYXDbWZew1mkWQpLi/WW4n2rqJM81H\nVb1AqlAFXEf20Z7+2L3gPzz7tq8uaGffiTAO1GLUNd3XcnMiXwvI9MzVJfIwOQyb\niVFHKI4BLYNV8M3rJp1bs0C4jdFxhP5wR+X3F9UftgmKjIjBVV4DvcP6Otwk/qPi\nvBd7Zbe4Don4tRr/ihQZ9AE0UghloKfic+xadEkDQsiZ4/VIVqWmRldyriDSsGKY\nyayoukVPGQFvNw+4HUZPnpTwn16pn90k5MCEanVHo0MkXqnHziN+R8aV2nBbj1um\nSS6oNUjxQENuQBSFXZjKurssLQVVqolBjI/phD5miY8FfAcxjnAcU/LuYrq75u8K\nFb5cO9ra19YmWtumMiabaoyVxjLLH/QYu6NMmVBa1NrLObz9UAIEUUbdWN05vPBK\niJuLXwD1XeBYxmjiI59cl/H2urpX20FxiHJeC3T49p/SiryixxK6fp+hnJNOfY75\nQfccXTAFYngqrs7UGkiDn7AYEl2Ffv44CvWRvACIiL1TqxRgPdJZHceYqLwCfbgV\ncmoFO2F27/Uo4XmKOgw=\n-----END CERTIFICATE-----", + "KeyPem": "-----BEGIN PRIVATE KEY-----\nMIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC30pL4KBqpqPVh\n1DDQ+TNveWKPciq3fulYxbGKqj/y6NRhHE52HP0nfbTAFUKpQQ2dqDxu9eYnGZFp\n4ELusILGg1fGwS5YBT6I3h0m+aNJvIn7Gh71LI1+j8PgHFW26EbEGnWDp2guekLr\n2muIgreTu68/RuE/yFJqFKK3gV1eDmZ7jOrUUdZtMn0DDkLHzHakQ288DCOGA48X\ntaEnZDDRvlpI/ZvMmIo9GzA4pTewKpuSKj3dGGShN9f1KVShi7AgLRQ7X72/ys0j\n8DNpco4Vh8Z/zCjvp5wT9NI6t9uBtwVtwd8OL+LblnaTP4HfeuG7wHWGCo6xwMsp\nsijlzel0w+yQvsbdpzg6DcwvKa/KBheLaELZbdSkfWd6uCGvBE1aiFOcscDBTpT+\nL1CMYjlY0CiSK1gk1q471ryvSc/bV5aluMJUs6xlqg3luXGWfNWkjILwgU+kqA/j\nbyKK8CoDjdZ5OjXN4fZkbDcrNP5QMIG+CSB5lC0jgdpxdKQwPJ8bAW8MAdtffXL3\n8WuN5p38GwGvwNDFWpT54xrjo6ZF7LmNwqz8pSDkwDAtApysHWavmQlWBKQECyAE\nGhe8HTlL20zhg+AeP93ntTZeQ4nymnwyygLpWXBCsIYL9QyeTT/Mhy2MmzN1DrIZ\nVB4QkSlBC697z5VscHDPq7Kvzn74IQIDAQABAoICAEIwzmASHMuzvav82pkc6qL8\nu/s4Gl6Zkc+32/644C8JHJRdO3l3ZcbHEoNKBIdql8sJzb0MyVOR9tT/fkpxf52Y\npM46OIRUWxiwliG3KU9/VtX2qWgSI18LyHXV7h1fFUA+4MrHyJFXz+oaa7crjovh\nPLDVxn0PlnGBPbhDGkooeEmLy/EpCMOoNvCXPX+xRZVPfOnL2yzB8lAQxFcpUhTs\nbJk0zNmGodxwAlSbVWqXZQ5kLIOE6ZNNxvMN713+LSzg3pSknHBHx8dlkjWpnLTu\n/5B8BM+K9H4RHXQsSRuzuf40Hav/nToBu2+5IfxFRKw1GHxsJ8aky+MXNnfNRf77\nGUrzxUE5X6wV15rjYHnEu/TnXlzqeZVusLtpqpava0tEPWsPNqOwwrQsn6ZTzG6Q\n30aqPVwjKUHjrzuQEHG8o4K6qkCBZq6+klKbFOI9WtI6B30N2ThfuONEIf4PrCZr\nas5oOhkFzt2ZD3rBL9UAKJRjNCxL6ZbJagckSEvAFfZK8CEUKYrk9oqzB2gthwcb\n8c+hjhxgC6RyPkPJmCwNpKrB+sC1zto8oM7PzNy1BbrWwNsaD6mOtvzYC/jzgPm/\nbL6baxIsJtQBaKHkzVx1wmSqvJmpl+s1EQZqExcl+zx3qSAZEnKq24s8PcCLHrhq\n6vB8mlkEanWv3Ar/1a17AoIBAQDwAAGDQdsQKOV0DVwwrrKkj0M2Y8OKyGuMb2Qc\n4sS0Liyv5CooLLOERKa8ECGPs9+Ryu/dg8y+eFZCm8nMV0GA74YOEkbUwGWjnjZy\nM4c/xfYIOv9+CvdqHU5Wh1Lt/8SFw4XZCr+5BeBNG46M9os2DMVnkbXplcSvl6Lb\n1SjTvDIBiG3+5Z0yU8hDI3ZDy1mELbzW4b+4P6QSdS6uIE2jgNFom1tIjdo0QNNF\n0gylIZflO3zbmb/R3kaxgWORQoYg3+UzcpqllG3W2FmcF/cKgfye7Gidg+SO8p/L\nzhqtn38qNG3bKuI2TacjWu5mArqLEK2Swe0nrjdCXDSbKWlHAoIBAQDEE867P7OM\nkL/S0MDr6t4JEDJrRuTNARqlFaM12oGmZFQeClxy/CMweNPdMlCx9TYDrG892vUY\nGmr6mqzQ8SzBCQNtV3YAIEJshEA3S7a/YoMIlo6cafyMSN5iz23Gh8y1JfmOpiQf\nffMolTdcKE/VsRHHiVAo6IocX0F0J0tm2ZvzpK6YYCmSuyuFDrg7ksVFYB9VPxDZ\ncnkyj3T9NEmCEwodfL4sc4mmLntjIpXF1xrPf08sO2V/Ct0nv/nFq+VO6k2U0AUK\nVQRLOLPj7SOKvUR7JPLBwNjbPUhyq3nX2ROXrUclgEqKAFlk2YmH9X3KNHIsobVV\nDogBb+vzusdXAoIBAEV4Gvf9ZgWFcPVosJi+2KLdfR0PP5i6brcVvyrFUR6+htza\n9IDwf333yTOCj9RiwoIW9dtuvSMc/gsFwSHO1/0UV/9Wtv36OvFjaGsiEzIYgSDc\nwvue/QLQPM67GPwfHqmBcQrkG57Y3pYzNc4Dx0P76mASQ0+7tFUHVXLAfrLbNLZQ\n4VX47MmWis80QpVZFS43dwPUEISqlzlohfyNCSwcq4DWB1Q3C0Q4x27cYCCkWq1V\nzMxb8rQy3M+gnkt7sAtwA44izDTFhA2+TiHqpe16tr7hu15swQnHnQ2HOR2sn0h+\nKJZaEWSakZigR4VroMeEKlninFzyBrjEq82F7R0CggEAE4lttdaZC0547oaCUn9q\ndDi67Vl4/rw3bW+EfZ8x/+RLRVr+7y4US4YehhG3XKP0J9WMl/szJJ2tPx8eTQta\nzDkbsE9goI6WT721sEzI/rTQHZDy0L72vPudvPayF2/8g6gu/3mqa8De85I6m+Ig\nYkhsXxddd1YEPON44BvyNWNFWLd19hTOz6H6qh1XWgg7w7faJ2JLSX9QeCs3GuuU\nz3MaNOnzAPbaJkbHYI9XoQjX0Qj8WInqiQgKFSXZu0pvZLeP114KwobKELyrn/BG\n9FH7etGppoiSkvW+PD69uzYT768CQchQpQN35MaQH43kZLtpDO1n5fu2rX37YqOf\nrQKCAQBIMsdsjvgvKVaglIJIzIgR9eFTryFo3HRKD7wasb8dcmlzbN1dwTE4Cck2\nXeQI5Ne4ks/CLkS/ygi8yrsPx1N8eMnYz0aGJbPVk/zxfor1vrIBpUMKFMR2KhWC\nhCXz2TenOYcujc7KFJq828Ku5O6REfdo6CYFT8ag2PwZOVQwp6Okm1ehUq+f+QMN\nDrmxZadj5zL9qjMf2QXnQ5J1ihfDmuX0e36DarAq9f3jujblKFMEkAx+hocXoMmj\nmru+V50PbFH2uc4t/dcmCWMPm/BX7zrQwkJffatj7lwwcyIPbIPwSObLgWfSEI1d\njLG9z3ZTkwHuHm/qkFZG/RKSsOgw\n-----END PRIVATE KEY-----" }` temporalService := createTemporalServiceWithConfig(t, jsonConfig) From d0e5436107967e406baa38be9ebf5836dd7a9bc6 Mon Sep 17 00:00:00 2001 From: Mihaela Balas Date: Wed, 2 Oct 2024 08:59:07 +0300 Subject: [PATCH 3/3] replace fmt.Error with errors.wrap --- internal/clients/service.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/clients/service.go b/internal/clients/service.go index 75868d6..48c5d9d 100644 --- a/internal/clients/service.go +++ b/internal/clients/service.go @@ -4,9 +4,9 @@ import ( "crypto/tls" "crypto/x509" "encoding/json" - "fmt" "os" + "github.com/pkg/errors" "golang.org/x/exp/slog" "google.golang.org/grpc" "google.golang.org/grpc/credentials" @@ -32,7 +32,7 @@ func NewTemporalService(configData []byte) (*TemporalServiceImpl, error) { var conf = TemporalServiceConfig{} err := json.Unmarshal(configData, &conf) if err != nil { - return nil, fmt.Errorf("failed to unmarshal config data: %w", err) + return nil, errors.Wrap(err, "failed to unmarshal config data") } logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{ @@ -45,19 +45,19 @@ func NewTemporalService(configData []byte) (*TemporalServiceImpl, error) { var dialOptions []grpc.DialOption if conf.UseTLS { if conf.CACertPem == "" || conf.CertPem == "" || conf.KeyPem == "" { - return nil, fmt.Errorf("TLS is enabled but one or more of the certificates or key are missing") + return nil, errors.New("TLS is enabled but one or more of the certificates or key are missing") } logger.Debug("Loading client certificate from strings") cert, err := tls.X509KeyPair([]byte(conf.CertPem), []byte(conf.KeyPem)) if err != nil { - return nil, fmt.Errorf("failed to load client certificate: %w", err) + return nil, errors.Wrap(err, "failed to load client certificate") } logger.Debug("Loading CA certificate from string") caCertPool := x509.NewCertPool() if !caCertPool.AppendCertsFromPEM([]byte(conf.CACertPem)) { - return nil, fmt.Errorf("failed to append CA certificate") + return nil, errors.New("failed to append CA certificate") } logger.Debug("Creating TLS credentials") @@ -83,7 +83,7 @@ func NewTemporalService(configData []byte) (*TemporalServiceImpl, error) { logger.Debug("Dialing Temporal client", slog.String("hostPort", conf.HostPort)) temporalClient, err := client.Dial(clientOptions) if err != nil { - return nil, fmt.Errorf("failed to dial Temporal client: %w", err) + return nil, errors.Wrap(err, "failed to dial Temporal client") } logger.Debug("Successfully created Temporal client")