Skip to content

Commit

Permalink
feat: support ssl (vesoft-inc#294)
Browse files Browse the repository at this point in the history
  • Loading branch information
veezhang authored Oct 9, 2023
1 parent bc8b40d commit e0d8be4
Show file tree
Hide file tree
Showing 14 changed files with 338 additions and 189 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ $(GOBIN)/gofumpt:
$(GOBIN)/golangci-lint:
@[ -f $(GOBIN)/golangci-lint ] || { \
set -e ;\
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.49.0 ;\
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.51.2 ;\
}

$(GOBIN)/mockgen:
Expand Down
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,12 @@ client:
address: "127.0.0.1:9669"
user: root
password: nebula
ssl:
enable: true
certPath: "your/cert/file/path"
keyPath: "your/key/file/path"
caPath: "your/ca/file/path"
insecureSkipVerify: false
concurrencyPerAddress: 16
reconnectInitialInterval: 1s
retry: 3
Expand All @@ -96,6 +102,12 @@ client:
* `client.address`: **Required**. The address of graph in NebulaGraph.
* `client.user`: **Optional**. The user of NebulaGraph. The default value is `root`.
* `client.password`: **Optional**. The password of NebulaGraph. The default value is `nebula`.
* `client.ssl`: **Optional**. SSL related configuration.
* `client.ssl.enable`: **Optional**. Specifies whether to enable ssl authentication. The default value is `false`.
* `client.ssl.certPath`: **Required**. Specifies the path of the certificate file.
* `client.ssl.keyPath`: **Required**. Specifies the path of the private key file.
* `client.ssl.caPath`: **Required**. Specifies the path of the certification authority file.
* `client.ssl.insecureSkipVerify`: **Optional**. Specifies whether a client verifies the server's certificate chain and host name. The default value is `false`.
* `client.concurrencyPerAddress`: **Optional**. The number of client connections to each graph in NebulaGraph. The default value is `10`.
* `client.reconnectInitialInterval`: **Optional**. The initialization interval for reconnecting NebulaGraph. The default value is `1s`.
* `client.retry`: **Optional**. The failed retrying times to execute nGQL queries in NebulaGraph client. The default value is `3`.
Expand Down
218 changes: 112 additions & 106 deletions docs/configuration-reference.md

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ require (
github.com/spf13/afero v1.9.3
github.com/spf13/cobra v1.6.1
github.com/valyala/bytebufferpool v1.0.0
github.com/vesoft-inc/nebula-go/v3 v3.5.0
github.com/vesoft-inc/nebula-go/v3 v3.6.1
go.uber.org/zap v1.23.0
golang.org/x/crypto v0.7.0
google.golang.org/api v0.114.0
Expand All @@ -35,7 +35,6 @@ require (
cloud.google.com/go/compute v1.18.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v0.12.0 // indirect
github.com/facebook/fbthrift v0.31.1-0.20211129061412-801ed7f9f295 // indirect
github.com/fclairamb/go-log v0.4.1 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
Expand All @@ -57,6 +56,7 @@ require (
github.com/kr/fs v0.1.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/vesoft-inc/fbthrift v0.0.0-20230214024353-fa2f34755b28 // indirect
go.opencensus.io v0.24.0 // indirect
go.uber.org/atomic v1.7.0 // indirect
go.uber.org/multierr v1.6.0 // indirect
Expand Down
12 changes: 8 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,6 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/facebook/fbthrift v0.31.1-0.20211129061412-801ed7f9f295 h1:ZA+qQ3d2In0RNzVpk+D/nq1sjDSv+s1Wy2zrAPQAmsg=
github.com/facebook/fbthrift v0.31.1-0.20211129061412-801ed7f9f295/go.mod h1:2tncLx5rmw69e5kMBv/yJneERbzrr1yr5fdlnTbu8lU=
github.com/fclairamb/ftpserverlib v0.21.0 h1:QO4ex827FU6Y7FNi1cj4dmAs6bcmy+UtWcX5yzVzFAw=
github.com/fclairamb/ftpserverlib v0.21.0/go.mod h1:03sR5yGPYyUH/8hFKML02SVNLY7A//3qIy0q0ZJGhTw=
github.com/fclairamb/go-log v0.4.1 h1:rLtdSG9x2pK41AIAnE8WYpl05xBJfw1ZyYxZaXFcBsM=
Expand Down Expand Up @@ -255,8 +253,10 @@ github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKs
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/vesoft-inc/nebula-go/v3 v3.5.0 h1:2ZSkoBxtIfs15AXJXqrAPDPd0Z9HrzKR7YKXPqlJcR0=
github.com/vesoft-inc/nebula-go/v3 v3.5.0/go.mod h1:+sXv05jYQBARdTbTcIEsWVXCnF/6ttOlDK35xQ6m54s=
github.com/vesoft-inc/fbthrift v0.0.0-20230214024353-fa2f34755b28 h1:gpoPCGeOEuk/TnoY9nLVK1FoBM5ie7zY3BPVG8q43ME=
github.com/vesoft-inc/fbthrift v0.0.0-20230214024353-fa2f34755b28/go.mod h1:xu7e9za8StcJhBZmCDwK1Hyv4/Y0xFsjS+uqp10ECJg=
github.com/vesoft-inc/nebula-go/v3 v3.6.1 h1:RHdt8WC+jmrRqM9r9WWzz4tzM8VrykPHe9RhtLZjSVA=
github.com/vesoft-inc/nebula-go/v3 v3.6.1/go.mod h1:mjMPlpNKnHYhe1pWz4caT7x9R+wKoX7dIm6u1+Rdcws=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
Expand Down Expand Up @@ -361,6 +361,7 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
Expand Down Expand Up @@ -429,11 +430,13 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand All @@ -444,6 +447,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
Expand Down
66 changes: 37 additions & 29 deletions pkg/client/option.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package client

import (
"crypto/tls"
"strings"
"time"

Expand Down Expand Up @@ -30,6 +31,7 @@ type (
addresses []string
user string
password string
tlsConfig *tls.Config
retry int
retryInitialInterval time.Duration
logger logger.Logger
Expand All @@ -44,98 +46,104 @@ type (
)

func WithV3() Option {
return func(c *options) {
return func(o *options) {
WithNewSessionFunc(func(hostAddress HostAddress) Session {
return newSessionV3(hostAddress, c.user, c.password, c.logger)
})(c)
return newSessionV3(hostAddress, o.user, o.password, o.tlsConfig.Clone(), o.logger)
})(o)
}
}

func WithAddress(addresses ...string) Option {
return func(c *options) {
return func(o *options) {
for _, addr := range addresses {
if strings.IndexByte(addr, ',') != -1 {
c.addresses = append(c.addresses, strings.Split(addr, ",")...)
o.addresses = append(o.addresses, strings.Split(addr, ",")...)
} else {
c.addresses = append(c.addresses, addr)
o.addresses = append(o.addresses, addr)
}
}
}
}

func WithUser(user string) Option {
return func(c *options) {
c.user = user
return func(o *options) {
o.user = user
}
}

func WithPassword(password string) Option {
return func(c *options) {
c.password = password
return func(o *options) {
o.password = password
}
}

func WithUserPassword(user, password string) Option {
return func(c *options) {
WithUser(user)(c)
WithPassword(password)(c)
return func(o *options) {
WithUser(user)(o)
WithPassword(password)(o)
}
}

func WithTLSConfig(tlsConfig *tls.Config) Option {
return func(o *options) {
o.tlsConfig = tlsConfig
}
}

func WithRetry(retry int) Option {
return func(c *options) {
return func(o *options) {
if retry > 0 {
c.retry = retry
o.retry = retry
}
}
}

func WithRetryInitialInterval(interval time.Duration) Option {
return func(c *options) {
return func(o *options) {
if interval > 0 {
c.retryInitialInterval = interval
o.retryInitialInterval = interval
}
}
}

func WithLogger(l logger.Logger) Option {
return func(m *options) {
m.logger = l
return func(o *options) {
o.logger = l
}
}

func WithNewSessionFunc(fn NewSessionFunc) Option {
return func(m *options) {
m.fnNewSession = fn
return func(o *options) {
o.fnNewSession = fn
}
}

func WithClientInitFunc(fn func(Client) error) Option {
return func(c *options) {
c.clientInitFunc = fn
return func(o *options) {
o.clientInitFunc = fn
}
}

func WithReconnectInitialInterval(interval time.Duration) Option {
return func(c *options) {
return func(o *options) {
if interval > 0 {
c.reconnectInitialInterval = interval
o.reconnectInitialInterval = interval
}
}
}

func WithConcurrencyPerAddress(concurrencyPerAddress int) Option {
return func(c *options) {
return func(o *options) {
if concurrencyPerAddress > 0 {
c.concurrencyPerAddress = concurrencyPerAddress
o.concurrencyPerAddress = concurrencyPerAddress
}
}
}

func WithQueueSize(queueSize int) Option {
return func(c *options) {
return func(o *options) {
if queueSize > 0 {
c.queueSize = queueSize
o.queueSize = queueSize
}
}
}
Expand Down
10 changes: 10 additions & 0 deletions pkg/client/option_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package client

import (
"crypto/tls"

"github.com/vesoft-inc/nebula-importer/v4/pkg/logger"

. "github.com/onsi/ginkgo/v2"
Expand All @@ -15,6 +17,7 @@ var _ = Describe("Option", func() {
Expect(o.addresses).To(Equal([]string(nil)))
Expect(o.user).To(Equal(DefaultUser))
Expect(o.password).To(Equal(DefaultPassword))
Expect(o.tlsConfig).To(BeNil())
Expect(o.retry).To(Equal(DefaultRetry))
Expect(o.retryInitialInterval).To(Equal(DefaultRetryInitialInterval))
Expect(o.logger).NotTo(BeNil())
Expand All @@ -29,6 +32,7 @@ var _ = Describe("Option", func() {
Expect(o1.addresses).To(Equal([]string(nil)))
Expect(o1.user).To(Equal(DefaultUser))
Expect(o1.password).To(Equal(DefaultPassword))
Expect(o1.tlsConfig).To(BeNil())
Expect(o1.retry).To(Equal(DefaultRetry))
Expect(o1.retryInitialInterval).To(Equal(DefaultRetryInitialInterval))
Expect(o1.logger).NotTo(BeNil())
Expand All @@ -53,6 +57,8 @@ var _ = Describe("Option", func() {
WithUser("u0"),
WithPassword("p0"),
WithUserPassword("newUser", "newPassword"),
WithTLSConfig(&tls.Config{}), //nolint:gosec
WithTLSConfig(&tls.Config{InsecureSkipVerify: true}), //nolint:gosec
WithRetry(DefaultRetry-1),
WithRetry(DefaultRetry+1),
WithRetryInitialInterval(DefaultRetryInitialInterval-1),
Expand All @@ -78,6 +84,8 @@ var _ = Describe("Option", func() {
}))
Expect(o.user).To(Equal("newUser"))
Expect(o.password).To(Equal("newPassword"))
Expect(o.tlsConfig).NotTo(BeNil())
Expect(o.tlsConfig.InsecureSkipVerify).To(BeTrue())
Expect(o.retry).To(Equal(DefaultRetry + 1))
Expect(o.retryInitialInterval).To(Equal(DefaultRetryInitialInterval + 1))
Expect(o.logger).NotTo(BeNil())
Expand All @@ -100,6 +108,8 @@ var _ = Describe("Option", func() {
}))
Expect(o1.user).To(Equal("newUser"))
Expect(o1.password).To(Equal("newPassword"))
Expect(o1.tlsConfig).NotTo(BeNil())
Expect(o1.tlsConfig.InsecureSkipVerify).To(BeTrue())
Expect(o1.retry).To(Equal(DefaultRetry + 1))
Expect(o1.retryInitialInterval).To(Equal(DefaultRetryInitialInterval + 1))
Expect(o1.logger).NotTo(BeNil())
Expand Down
14 changes: 9 additions & 5 deletions pkg/client/session_v3.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
package client

import (
"crypto/tls"
"fmt"
"time"

Expand All @@ -15,11 +16,12 @@ type (
hostAddress nebula.HostAddress
user string
password string
tlsConfig *tls.Config
logger logger.Logger
}
)

func newSessionV3(hostAddress HostAddress, user, password string, l logger.Logger) Session {
func newSessionV3(hostAddress HostAddress, user, password string, tlsConfig *tls.Config, l logger.Logger) Session {
if l == nil {
l = logger.NopLogger
}
Expand All @@ -28,19 +30,21 @@ func newSessionV3(hostAddress HostAddress, user, password string, l logger.Logge
Host: hostAddress.Host,
Port: hostAddress.Port,
},
user: user,
password: password,
logger: l,
user: user,
password: password,
tlsConfig: tlsConfig,
logger: l,
}
}

func (s *defaultSessionV3) Open() error {
hostAddress := s.hostAddress
pool, err := nebula.NewConnectionPool(
pool, err := nebula.NewSslConnectionPool(
[]nebula.HostAddress{hostAddress},
nebula.PoolConfig{
MaxConnPoolSize: 1,
},
s.tlsConfig,
newNebulaLogger(s.logger.With(logger.Field{
Key: "address",
Value: fmt.Sprintf("%s:%d", hostAddress.Host, hostAddress.Port),
Expand Down
Loading

0 comments on commit e0d8be4

Please sign in to comment.