go-tlsdialer: initial repository setup

To disable SSL by default we want to transfer OpenSslDialer and any other ssl logic to the new go-tlsdialer repository. go-tlsdialer serves as an interlayer between go-tarantool and go-openssl. All ssl logic from go-tarantool is moved to the go-tlsdialer. go-tlsdialer still uses tarantool connection, but also types and methods from go-openssl. This way we are removing the direct go-openssl dependency from go-tarantool, without creating a tarantool dependency in go-openssl. Moved all ssl code from go-tarantool, some test helpers. Part of tarantool/go-tarantool#301
tarantool · Feb 2, 2024 · 85dc5e0 · 85dc5e0
1 parent 0a4ada6
commit 85dc5e0
Show file tree

Hide file tree

Showing 24 changed files with 1,929 additions and 77 deletions.
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -92,80 +92,3 @@ jobs:
           go get github.com/mattn/goveralls
           go install github.com/mattn/goveralls
           goveralls -coverprofile=${COVERAGE_FILE} -service=github
-
-  testing_mac_os:
-    # We want to run on external PRs, but not on our own internal
-    # PRs as they'll be run by the push to the branch.
-    #
-    # The main trick is described here:
-    # https://github.com/Dart-Code/Dart-Code/pull/2375
-    if: (github.event_name == 'push') ||
-      (github.event_name == 'pull_request' &&
-        github.event.pull_request.head.repo.full_name != github.repository) ||
-      (github.event_name == 'workflow_dispatch')
-
-    strategy:
-      fail-fast: false
-      matrix:
-        golang:
-          - '1.20'
-          - 'stable'
-        runs-on:
-          - macos-11
-          - macos-12
-        tarantool-ee:
-          - 'gc64-2.11.2-0-r613'
-
-    env:
-      # Set as absolute paths to avoid any possible confusion
-      # after changing a current directory.
-      SRCDIR: ${{ format('{0}/{1}', github.workspace, github.repository) }}
-
-    runs-on: ${{ matrix.runs-on }}
-    steps:
-      - name: Clone the connector
-        uses: actions/checkout@v3
-        with:
-          path: ${{ env.SRCDIR }}
-
-      - name: Install latest tt from brew
-        run: brew install tt
-
-      - name: Install tarantool
-        env:
-          TT_CLI_EE_USERNAME: ${{secret.TT_EE_USERNAME}}
-          TT_CLI_EE_PASSWORD: ${{secret.TT_EE_PASSWORD}}
-        run: |
-          tt init
-          tt -V install tarantool-ee ${{matrix.tarantool-ee}}
-          # Delete the tt config so that it does not affect the test environment.
-          rm -f tt.yaml
-
-      - name: Add Tarantool to Path
-        run: |
-          echo "${GITHUB_WORKSPACE}/bin" >> $GITHUB_PATH
-
-      - name: Set Tarantool include directory to the environment
-        run: |
-          echo "TT_CLI_TARANTOOL_PREFIX=${GITHUB_WORKSPACE}/include/" >> $GITHUB_ENV
-
-      - name: Setup golang for the connector and tests
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ matrix.golang }}
-
-      # Workaround for Mac OS 12 testrace failure
-      # https://github.com/golang/go/issues/49138
-      - name: disable MallocNanoZone for macos-12
-        run: echo "MallocNanoZone=0" >> $GITHUB_ENV
-        if: matrix.runs-on  == 'macos-12'
-
-      - name: Install test dependencies
-        run: |
-          brew install tt
-
-      - name: Run regression tests
-        run: |
-          cd "${SRCDIR}"
-          go test -v -count=1 -shuffle=on ./...
-          go test -race -v -count=1 -shuffle=on ./...
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,8 @@ Versioning](http://semver.org/spec/v2.0.0.html) except to the first release.
 
 ### Added
 
+* `OpenSslDialer` type (#1).
+
 ### Changed
 
 ### Removed

diff --git a/README.md b/README.md
@@ -18,6 +18,103 @@ To run a default set of tests:
 go test -v ./...
 ```
 
+## OpenSslDialer
+
+User can create a dialer by filling the struct:
+```go
+// OpenSslDialer allows to use SSL transport for connection.
+type OpenSslDialer struct {
+	// Address is an address to connect.
+	// It could be specified in following ways:
+	//
+	// - TCP connections (tcp://192.168.1.1:3013, tcp://my.host:3013,
+	// tcp:192.168.1.1:3013, tcp:my.host:3013, 192.168.1.1:3013, my.host:3013)
+	//
+	// - Unix socket, first '/' or '.' indicates Unix socket
+	// (unix:///abs/path/tnt.sock, unix:path/tnt.sock, /abs/path/tnt.sock,
+	// ./rel/path/tnt.sock, unix/:path/tnt.sock)
+	Address string
+	// Auth is an authentication method.
+	Auth tarantool.Auth
+	// Username for logging in to Tarantool.
+	User string
+	// User password for logging in to Tarantool.
+	Password string
+	// RequiredProtocol contains minimal protocol version and
+	// list of protocol features that should be supported by
+	// Tarantool server. By default, there are no restrictions.
+	RequiredProtocolInfo tarantool.ProtocolInfo
+	// SslKeyFile is a path to a private SSL key file.
+	SslKeyFile string
+	// SslCertFile is a path to an SSL certificate file.
+	SslCertFile string
+	// SslCaFile is a path to a trusted certificate authorities (CA) file.
+	SslCaFile string
+	// SslCiphers is a colon-separated (:) list of SSL cipher suites the connection
+	// can use.
+	//
+	// We don't provide a list of supported ciphers. This is what OpenSSL
+	// does. The only limitation is usage of TLSv1.2 (because other protocol
+	// versions don't seem to support the GOST cipher). To add additional
+	// ciphers (GOST cipher), you must configure OpenSSL.
+	//
+	// See also
+	//
+	// * https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
+	SslCiphers string
+	// SslPassword is a password for decrypting the private SSL key file.
+	// The priority is as follows: try to decrypt with SslPassword, then
+	// try SslPasswordFile.
+	SslPassword string
+	// SslPasswordFile is a path to the list of passwords for decrypting
+	// the private SSL key file. The connection tries every line from the
+	// file as a password.
+	SslPasswordFile string
+}
+```
+To create a connection from the created dialer a `Dial` function could be used:
+```go
+package tarantool
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/tarantool/go-tarantool/v2"
+	"github.com/tarantool/go-tlsdialer"
+)
+
+func main() {
+	dialer := tlsdialer.OpenSslDialer{
+		Address: "127.0.0.1:3301",
+		User:    "guest",
+	}
+	opts := tarantool.Opts{
+		Timeout: 5 * time.Second,
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 500*time.Millisecond)
+	defer cancel()
+
+	conn, err := tarantool.Connect(ctx, dialer, opts)
+	if err != nil {
+		fmt.Printf("Failed to create an example connection: %s", err)
+		return
+	}
+
+	// Use the connection.
+	data, err := conn.Do(tarantool.NewInsertRequest(999).
+		Tuple([]interface{}{99999, "BB"}),
+	).Get()
+	if err != nil {
+		fmt.Println("Error", err)
+	} else {
+		fmt.Printf("Data: %v", data)
+	}
+}
+```
+
 [godoc-badge]: https://pkg.go.dev/badge/github.com/tarantool/go-tlsdialer.svg
 [godoc-url]: https://pkg.go.dev/github.com/tarantool/go-tlsdialer
 [coverage-badge]: https://coveralls.io/repos/github/tarantool/go-tlsdialer/badge.svg?branch=master

diff --git a/conn.go b/conn.go
@@ -0,0 +1,62 @@
+package tlsdialer
+
+import (
+	"errors"
+	"io"
+	"net"
+
+	"github.com/tarantool/go-tarantool/v2"
+)
+
+type tntConn struct {
+	net    net.Conn
+	reader io.Reader
+	writer writeFlusher
+}
+
+// writeFlusher is the interface that groups the basic Write and Flush methods.
+type writeFlusher interface {
+	io.Writer
+	Flush() error
+}
+
+// Addr makes tntConn satisfy the Conn interface.
+func (c *tntConn) Addr() net.Addr {
+	return c.net.RemoteAddr()
+}
+
+// Read makes tntConn satisfy the Conn interface.
+func (c *tntConn) Read(p []byte) (int, error) {
+	return c.reader.Read(p)
+}
+
+// Write makes tntConn satisfy the Conn interface.
+func (c *tntConn) Write(p []byte) (int, error) {
+	if l, err := c.writer.Write(p); err != nil {
+		return l, err
+	} else if l != len(p) {
+		return l, errors.New("wrong length written")
+	} else {
+		return l, nil
+	}
+}
+
+// Flush makes tntConn satisfy the Conn interface.
+func (c *tntConn) Flush() error {
+	return c.writer.Flush()
+}
+
+// Close makes tntConn satisfy the Conn interface.
+func (c *tntConn) Close() error {
+	return c.net.Close()
+}
+
+// Greeting makes tntConn satisfy the Conn interface.
+func (c *tntConn) Greeting() tarantool.Greeting {
+	return tarantool.Greeting{}
+}
+
+// ProtocolInfo makes tntConn satisfy the Conn interface.
+func (c *tntConn) ProtocolInfo() tarantool.ProtocolInfo {
+	return tarantool.ProtocolInfo{}
+}
diff --git a/deadline_io.go b/deadline_io.go
@@ -0,0 +1,31 @@
+package tlsdialer
+
+import (
+	"net"
+	"time"
+)
+
+type deadlineIO struct {
+	to time.Duration
+	c  net.Conn
+}
+
+func (d *deadlineIO) Write(b []byte) (n int, err error) {
+	if d.to > 0 {
+		if err := d.c.SetWriteDeadline(time.Now().Add(d.to)); err != nil {
+			return 0, err
+		}
+	}
+	n, err = d.c.Write(b)
+	return
+}
+
+func (d *deadlineIO) Read(b []byte) (n int, err error) {
+	if d.to > 0 {
+		if err := d.c.SetReadDeadline(time.Now().Add(d.to)); err != nil {
+			return 0, err
+		}
+	}
+	n, err = d.c.Read(b)
+	return
+}