feat: Add JSON Schema + remove redundant CA file check

[nickdnk]

Remove redundant CA cert check

Reason for This PR

Add JSON schema

Description of Changes

Added JSON schema.
Removed Redundant check for Root CA file, as key + cert was already being checked.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the MIT license.

PR Checklist

[Author TODO: Meet these criteria.]
[Reviewer TODO: Verify that these criteria are met. Request changes if not]

• All commits in this PR are signed (git commit -s).
• The reason for this PR is clearly provided (issue no. or explanation).
• The description of changes is clear and encompassing.
• Any required documentation changes (code and docs) are included in this PR.
• Any user-facing changes are mentioned in CHANGELOG.md.
• All added/changed functionality is tested.

Summary by CodeRabbit

• New Features

  • Simplified TLS configuration logic, requiring only the presence of Key and Cert.
  • Introduced a new JSON schema for gRPC plugin configuration, enforcing structure and validation for parameters such as listen, proto, and tls.

• Bug Fixes

  • Enhanced validation of gRPC configuration parameters to ensure correct usage and adherence to defined structure.

[coderabbitai]

Warning

Rate limit exceeded

@nickdnk has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 17 minutes and 54 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Files that changed from the base of the PR and between 38f9847 and 9f7685a.

Walkthrough

The changes include modifications to the EnableTLS method in config.go, simplifying the logic to require only the presence of both Key and Cert for enabling TLS, while removing the RootCA condition. Additionally, a new JSON schema file, schema.json, has been introduced for the gRPC plugin for RoadRunner. This schema defines valid configuration parameters, including properties for gRPC address, proto files, TLS configuration, message sizes, connection management, and more.

Changes

File	Change Summary
config.go	Modified EnableTLS method to require only Key and Cert for TLS enabling, removing RootCA check.
schema.json	Added new JSON schema defining valid configuration parameters for the gRPC plugin, including properties like listen, proto, tls, and various connection management settings.

Possibly related PRs

• feat: Add JSON Schema + remove redundant CA file check #137: The changes in this PR directly modify the EnableTLS method in config.go, which is the same method altered in the main PR, simplifying the logic by removing the condition related to RootCA.

Suggested reviewers

• rustatian

Poem

In the meadow where bunnies play,
TLS is simpler, hip-hip-hooray!
With keys and certs, we hop with glee,
New schemas guide us, wild and free!
Hops of joy, under the sun's ray,
Configurations clear, come what may! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

schema.json (3)

2-2: Consider using versioned URLs for schema $id.

The schema $id points to the master branch, which could lead to breaking changes if the schema evolves. Consider using a tagged/versioned URL (e.g., v1.0.0) to ensure schema stability.

-  "$id": "https://raw.githubusercontent.com/roadrunner-server/grpc/refs/heads/master/schema.json",
+  "$id": "https://raw.githubusercontent.com/roadrunner-server/grpc/v1.0.0/schema.json",

---

64-64: Remove leading space in description.

There's an extra space at the start of the MaxConnectionIdle description.

-      "description": " MaxConnectionIdle is a duration for the amount of time after which an idle connection would be closed by sending a GoAway. Idle duration is defined by the most recent time the number of outstanding RPCs became zero or since the connection was established. Defaults to infinite.",
+      "description": "MaxConnectionIdle is a duration for the amount of time after which an idle connection would be closed by sending a GoAway. Idle duration is defined by the most recent time the number of outstanding RPCs became zero or since the connection was established. Defaults to infinite.",

---

53-62: Clarify message size unit conversion in descriptions.

The descriptions could be more explicit about how the MB value is converted to bytes.

-      "description": "Maximum send message size in MB.",
+      "description": "Maximum send message size in MB (will be converted to bytes, e.g., 50 becomes 50*1024*1024 bytes).",
-      "description": "Maximum receive message size in MB.",
+      "description": "Maximum receive message size in MB (will be converted to bytes, e.g., 50 becomes 50*1024*1024 bytes).",

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 714e81a and 38f9847.

📒 Files selected for processing (2)

• config.go (1 hunks)
• schema.json (1 hunks)

🔇 Additional comments (4)

schema.json (2)

30-52: TLS configuration structure looks good!

The schema correctly:

• Makes key and cert required fields
• Keeps root_ca optional
• References appropriate external SSL definitions

---

94-98: Schema definitions section is well-structured!

Good practice to reference the common duration definition from the main RoadRunner schema.

config.go (2)

Line range hint 42-183: Verify TLS configuration in dependent services.

While the TLS enablement logic is simplified, the code maintains robust validation in InitDefaults:

• Key and Cert files are validated for existence
• RootCA is still validated when provided
• Client authentication types are properly handled

Let's check for any services that might be affected:

✅ Verification successful

Let me try a different search strategy to verify the TLS configuration usage.

---

Based on the search results, I can now provide a final response:

TLS configuration changes are safely contained within the package

The verification shows that:

• EnableTLS() is only used internally within the same package (in config.go and server.go)
• The TLS struct is not exposed or used outside this package
• The server initialization properly handles TLS credentials using the validated configuration

The simplified TLS enablement logic is safe as:

1. All TLS usage is encapsulated within this package
2. The server still properly initializes TLS credentials when enabled
3. The robust validation in InitDefaults ensures configuration correctness

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for imports of this package and EnableTLS usage
rg -A 3 "github.com/roadrunner-server/grpc.*EnableTLS"

Length of output: 56

---

Script:

#!/bin/bash
# Search for EnableTLS method usage
rg "EnableTLS\(\)"

# Search for TLS configuration usage in general
rg "TLS\s+struct|type\s+TLS\s+struct"

# Search for potential gRPC server initialization with TLS
rg -A 5 "NewServer|grpc.NewServer"

Length of output: 813

---

181-183: LGTM! Simplified TLS enablement logic.

The change correctly simplifies the TLS enablement check to only require Key and Cert, which are the essential components for TLS. This is safe because:

1. RootCA remains optional and is still validated in InitDefaults if provided
2. The change aligns with standard TLS configuration where RootCA is only needed for client authentication

Let's verify if any documentation needs updates:

✅ Verification successful

Let me try a different approach to find documentation files and TLS-related content.

---

Let me check the test configuration files mentioned in the output to understand the TLS configuration examples.

---

Verified: TLS configuration change is correct and well-documented

The change to simplify the EnableTLS method is correct and properly documented across the codebase:

1. The schema.json explicitly shows that only key and cert are required fields, while root_ca is optional
2. Test configurations demonstrate both use cases:
   • Basic TLS setup with just cert/key in .rr-grpc-rq-tls.yaml
   • Advanced setup with root_ca in .rr-grpc-rq-tls-rootca.yaml
3. The change aligns with the actual TLS implementation in server.go which handles root_ca separately and optionally

No documentation updates are needed as the configuration structure is properly defined in schema.json and demonstrated in test configurations.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for any documentation mentioning TLS configuration
rg -i "tls|certificate|root.?ca" "*.md" "docs/"

Length of output: 138

---

Script:

#!/bin/bash
# First, let's find all documentation files in the repository
echo "=== Documentation files ==="
fd -e md

# Then search for TLS configuration in all files
echo -e "\n=== TLS configuration mentions ==="
rg -i "tls|certificate|root.?ca"

# Look for any configuration examples
echo -e "\n=== Configuration examples ==="
rg -i "example.*config|config.*example"

Length of output: 8421

---

Script:

#!/bin/bash
# Check the test configuration files
echo "=== TLS Test Configs ==="
cat tests/configs/.rr-grpc-rq-tls.yaml
echo -e "\n=== TLS with RootCA Test Configs ==="
cat tests/configs/.rr-grpc-rq-tls-rootca.yaml

# Check schema.json for TLS configuration documentation
echo -e "\n=== Schema TLS Definition ==="
cat schema.json | jq '.properties.tls'

Length of output: 5111

[rustatian]

LGTM 👍