Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TLS/mTLS options and configure the GraphQL HTTP service #7910

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add TLS/mTLS options and configure the GraphQL HTTP service #7910

wants to merge 2 commits into from

Conversation

pullurib
Copy link
Contributor

PR Description

Summary

The changes include the addition of command-line options to enable and configure TLS and mTLS for the GraphQL HTTP service.

Changes

  1. New Command-Line Options:

    • --graphql-tls-enabled: Enable TLS for the GraphQL HTTP service.
    • --graphql-tls-keystore-file: Path to the TLS keystore file.
    • --graphql-tls-keystore-password-file: Path to the file containing the password for the TLS keystore.
    • --graphql-mtls-enabled: Enable mTLS for the GraphQL HTTP service.
    • --graphql-tls-truststore-file: Path to the TLS truststore file.
    • --graphql-tls-truststore-password-file: Path to the file containing the password for the TLS truststore.

  2. Validation of Option Dependencies:

    • Added checks to ensure that the necessary TLS options are provided when TLS or mTLS is enabled.

Testing

  • Added unit tests to verify the new TLS options and their dependencies.
  • Ensured existing tests for GraphQL HTTP service are passing.

Documentation

  • Updated the CHANGELOG.md to reflect the addition of new TLS options.

Thanks for sending a pull request! Have you done the following?

  • Checked out our contribution guidelines?
  • Considered documentation and added the doc-change-required label to this PR if updates are required.
  • Considered the changelog and included an update if required.
  • For database changes (e.g. KeyValueSegmentIdentifier) considered compatibility and performed forwards and backwards compatibility tests

Locally, you can run these tests to catch failures early:

  • unit tests: ./gradlew build
  • acceptance tests: ./gradlew acceptanceTest
  • integration tests: ./gradlew integrationTest
  • reference tests: ./gradlew ethereum:referenceTests:referenceTests

Bhanu Pulluri added 2 commits November 22, 2024 12:50
Add TLS/mTLS options and configure the GraphQL HTTP service
4c4fe0c 
Signed-off-by: Bhanu Pulluri <bhanu.pulluri@kaleido.io>
update changelog
4bab86e 
Signed-off-by: Bhanu Pulluri <bhanu.pulluri@kaleido.io>
macfarla
macfarla requested changes Dec 3, 2024
View reviewed changes
Copy link
Contributor

@macfarla macfarla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall looks good, just would like to not be adding (test) code that references ommers

...eum/api/src/test/java/org/hyperledger/besu/ethereum/api/graphql/GraphQLHttpsServiceTest.java
@@ -0,0 +1,545 @@
/*
* Copyright ConsenSys AG.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

newly added files should be Copyright contributors to Besu.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright ConsenSys AG.
* Copyright contributors to Besu.

...eum/api/src/test/java/org/hyperledger/besu/ethereum/api/graphql/GraphQLHttpsServiceTest.java
Assertions.assertThat(redirectUrl).isNotNull();
final Request.Builder redirectBuilder = resp.request().newBuilder();
redirectBuilder.get();
// resp.body().close();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

residual commented line

...eum/api/src/test/java/org/hyperledger/besu/ethereum/api/graphql/GraphQLHttpsServiceTest.java
}

@Test
public void ethGetUncleCountByBlockHash() throws Exception {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can this test use getBlockNumber or something more basic? PoW is deprecated so ommers might go away at some point

@bgravenorst bgravenorst added the doc-change-required Indicates an issue or PR that requires doc to be updated label Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@macfarla macfarla macfarla requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
doc-change-required Indicates an issue or PR that requires doc to be updated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pullurib @macfarla @bgravenorst