go-tlsdialer: initial repository setup

To disable SSL by default we want to transfer OpenSslDialer and any other ssl logic to the new go-tlsdialer repository. go-tlsdialer serves as an interlayer between go-tarantool and go-openssl. All ssl logic from go-tarantool is moved to the go-tlsdialer. go-tlsdialer still uses tarantool connection, but also types and methods from go-openssl. This way we are removing the direct go-openssl dependency from go-tarantool, without creating a tarantool dependency in go-openssl. Moved all ssl code from go-tarantool, some test helpers. Added `README.md`, ci workflow. Part of tarantool/go-tarantool#301
tarantool · Jan 31, 2024 · d4095a9 · d4095a9
1 parent 02359d7
commit d4095a9
Show file tree

Hide file tree

Showing 22 changed files with 1,964 additions and 0 deletions.
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -0,0 +1,72 @@
+name: Run checks
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  luacheck:
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'push' ||
+      github.event_name == 'pull_request' &&
+      github.event.pull_request.head.repo.full_name != github.repository
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Setup Tarantool
+        uses: tarantool/setup-tarantool@v2
+        with:
+          tarantool-version: '2.8'
+
+      - name: Setup tt
+        run: |
+          curl -L https://tarantool.io/release/2/installer.sh | sudo bash
+          sudo apt install -y tt
+          tt version
+
+      - name: Setup luacheck
+        run: tt rocks install luacheck 0.25.0
+
+      - name: Run luacheck
+        run: ./.rocks/bin/luacheck .
+
+  golangci-lint:
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'push' ||
+      github.event_name == 'pull_request' &&
+      github.event.pull_request.head.repo.full_name != github.repository
+    steps:
+      - uses: actions/setup-go@v2
+
+      - uses: actions/checkout@v2
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        continue-on-error: true
+        with:
+          # The first run is for GitHub Actions error format.
+          args: --config=.golangci.yaml
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # The second run is for human-readable error format with a file name
+          # and a line number.
+          args: --out-${NO_FUTURE}format colored-line-number --config=.golangci.yaml
+
+  codespell:
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'push' ||
+      github.event_name == 'pull_request' &&
+      github.event.pull_request.head.repo.full_name != github.repository
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Install codespell
+        run: pip3 install codespell
+
+      - name: Run codespell
+        run: codespell
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -0,0 +1,229 @@
+name: testing
+
+on:
+  push:
+  pull_request:
+  pull_request_target:
+    types: [labeled]
+  workflow_dispatch:
+
+jobs:
+  run-tests-ee:
+    # Does not run on pull requests from forks and on forks by default.
+    # Tests from forks will run only when the pull request is labeled with
+    # `full-ci`. To avoid security problems, the label must be reset manually
+    # for every run.
+    #
+    # We need to use `pull_request_target` because it has access to base
+    # repository secrets unlike `pull_request`.
+    if: |
+      github.repository == 'tarantool/go-tlsdialer' &&
+      (github.event_name == 'push' ||
+        (github.event_name == 'pull_request_target' &&
+          github.event.pull_request.head.repo.full_name != github.repository &&
+          github.event.label.name == 'full-ci')) ||
+      github.event_name == 'workflow_dispatch'
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        sdk-path:
+          - 'release/linux/x86_64/1.10/'
+        sdk-version:
+          - 'sdk-1.10.15-0-r598'
+        coveralls: [ false ]
+        fuzzing: [ false ]
+        ssl: [ false ]
+        include:
+          - sdk-path: 'release/linux/x86_64/2.10/'
+            sdk-version: 'sdk-gc64-2.10.8-0-r598.linux.x86_64'
+            coveralls: false
+            ssl: true
+          - sdk-path: 'release/linux/x86_64/2.11/'
+            sdk-version: 'sdk-gc64-2.11.1-0-r598.linux.x86_64'
+            coveralls: true
+            ssl: true
+
+    steps:
+      - name: Clone the connector
+        # `ref` as merge request is needed for pull_request_target because this
+        # target runs in the context of the base commit of the pull request.
+        uses: actions/checkout@v3
+        if: github.event_name == 'pull_request_target'
+        with:
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+
+      - name: Clone the connector
+        if: github.event_name != 'pull_request_target'
+        uses: actions/checkout@v3
+
+      - name: Setup Tarantool ${{ matrix.sdk-version }}
+        run: |
+          ARCHIVE_NAME=tarantool-enterprise-${{ matrix.sdk-version }}.tar.gz
+          curl -O -L https://${{ secrets.SDK_DOWNLOAD_TOKEN }}@download.tarantool.io/enterprise/${{ matrix.sdk-path }}${ARCHIVE_NAME}
+          tar -xzf ${ARCHIVE_NAME}
+          rm -f ${ARCHIVE_NAME}
+
+      - name: Setup golang for the connector and tests
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.13
+
+      - name: Run regression tests
+        run: go test -v -shuffle=on -coverprofile=module-coverage.txt -coverpkg=./... ./...
+        env:
+          TEST_TNT_SSL: ${{matrix.ssl}}
+
+      - name: Collect coverage files
+        shell: bash
+        run: echo "COVERAGES=$(find . -type f -name 'module-coverage.txt' | tr -s '\n' ',' | sed 's/,$//')" >> $GITHUB_ENV
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # v3.1.0
+        with:
+          files: '${{ env.COVERAGES }}'
+          env_vars: OS=${{ matrix.os }}, GO=${{ matrix.go }}
+
+  testing_mac_os:
+    # We want to run on external PRs, but not on our own internal
+    # PRs as they'll be run by the push to the branch.
+    #
+    # The main trick is described here:
+    # https://github.com/Dart-Code/Dart-Code/pull/2375
+    if: (github.event_name == 'push') ||
+      (github.event_name == 'pull_request' &&
+      github.event.pull_request.head.repo.full_name != github.repository) ||
+      (github.event_name == 'workflow_dispatch')
+
+    strategy:
+      fail-fast: false
+      matrix:
+        golang:
+          - 1.13
+        runs-on:
+          - macos-11
+          - macos-12
+        tarantool:
+          - brew
+          - 1.10.15
+
+    env:
+      # Make sense only for non-brew jobs.
+      #
+      # Set as absolute paths to avoid any possible confusion
+      # after changing a current directory.
+      T_VERSION: ${{ matrix.tarantool }}
+      T_SRCDIR: ${{ format('{0}/tarantool-{1}', github.workspace, matrix.tarantool) }}
+      T_TARDIR: ${{ format('{0}/tarantool-{1}-build', github.workspace, matrix.tarantool) }}
+      SRCDIR: ${{ format('{0}/{1}', github.workspace, github.repository) }}
+
+    runs-on: ${{ matrix.runs-on }}
+    steps:
+      - name: Clone the connector
+        uses: actions/checkout@v3
+        with:
+          path: ${{ env.SRCDIR }}
+
+      - name: Restore cache of tarantool ${{ env.T_VERSION }}
+        uses: actions/cache@v3
+        id: cache
+        with:
+          path: ${{ env.T_TARDIR }}
+          key: ${{ matrix.runs-on }}-${{ matrix.tarantool }}
+        if: matrix.tarantool != 'brew'
+
+      - name: Install latest tarantool from brew
+        run: brew install tarantool
+        if: matrix.tarantool == 'brew'
+
+      - name: Clone tarantool ${{ env.T_VERSION }}
+        uses: actions/checkout@v3
+        with:
+          repository: tarantool/tarantool
+          ref: ${{ env.T_VERSION }}
+          path: ${{ env.T_TARDIR }}
+          submodules: true
+          # fetch-depth is 1 by default and it is okay for
+          # building from a tag. However we have master in
+          # the version list.
+          fetch-depth: 0
+        if: matrix.tarantool != 'brew' && steps.cache.outputs.cache-hit != 'true'
+
+      - name: Build tarantool ${{ env.T_VERSION }} from sources
+        run: |
+          cd "${T_TARDIR}"
+          # Set RelWithDebInfo just to disable -Werror.
+          #
+          # There are tarantool releases on which AppleClang
+          # complains about the problem that was fixed later in
+          # https://github.com/tarantool/tarantool/commit/7e8688ff8885cc7813d12225e03694eb8886de29
+          #
+          # Set OpenSSL root directory for linking tarantool with OpenSSL of version 1.1
+          # This is related to #49. There are too much deprecations which affect the build and tests.
+          # Must be revisited after fixing https://github.com/tarantool/tarantool/issues/6477
+          cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DENABLE_DIST=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1 -DOPENSSL_LIBRARIES=/usr/local/opt/openssl@1.1/lib
+          # {{{ Workaround Mac OS build failure (gh-6076)
+          #
+          # https://github.com/tarantool/tarantool/issues/6076
+          #
+          # In brief: when "src/lib/small" is in include paths,
+          # `#include <version>` from inside Mac OS SDK headers
+          # attempts to include "src/lib/small/VERSION" as a
+          # header file that leads to a syntax error.
+          #
+          # It was fixed in the following commits:
+          #
+          # * 1.10.10-24-g7bce4abd1
+          # * 2.7.2-44-gbb1d32903
+          # * 2.8.1-56-ga6c29c5af
+          # * 2.9.0-84-gc5ae543f3
+          #
+          # However applying the workaround for all versions looks
+          # harmless.
+          #
+          # Added -f just in case: I guess we'll drop this useless
+          # obsoleted VERSION file from the git repository sooner
+          # or later.
+          rm -f src/lib/small/VERSION
+          # The same as above, but for the VERSION file generated
+          # by tarantool's CMake script.
+          rm VERSION
+          # }}} Workaround Mac OS build failure (gh-6076)
+          # Continue the build.
+          make -j$(sysctl -n hw.logicalcpu)
+          make install
+        if: matrix.tarantool != 'brew' && steps.cache.outputs.cache-hit != 'true'
+
+      - name: Install tarantool
+        run: |
+          cd "${T_TARDIR}"
+          make install
+        if: matrix.tarantool != 'brew' && steps.cache.outputs.cache-hit == 'true'
+
+      - name: Verify tarantool version
+        run: |
+          # Workaround https://github.com/tarantool/tarantool/issues/4983
+          # Workaround https://github.com/tarantool/tarantool/issues/5040
+          tarantool -e "require('fiber').sleep(0) assert(_TARANTOOL:startswith('${T_VERSION}'), _TARANTOOL) os.exit()"
+        if: matrix.tarantool != 'brew' && matrix.tarantool != 'master'
+
+      - name: Setup golang for the connector and tests
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.golang }}
+
+      # Workaround for Mac OS 12 testrace failure
+      # https://github.com/golang/go/issues/49138
+      - name: disable MallocNanoZone for macos-12
+        run: echo "MallocNanoZone=0" >> $GITHUB_ENV
+        if: matrix.runs-on  == 'macos-12'
+
+      # Workaround issue https://github.com/tarantool/tt/issues/640
+      - name: Fix tt rocks
+        if: matrix.tarantool == 'brew'
+        run: |
+          brew ls --verbose tarantool | grep macosx.lua | xargs rm -f
+
+      - name: Run regression tests
+        run: go test -v -shuffle=on -coverprofile=module-coverage.txt -coverpkg=./... ./...
diff --git a/README.md b/README.md
diff --git a/connection.go b/connection.go
@@ -0,0 +1,62 @@
+package tlsdialer
+
+import (
+	"errors"
+	"io"
+	"net"
+
+	"github.com/tarantool/go-tarantool/v2"
+)
+
+type tntConn struct {
+	net    net.Conn
+	reader io.Reader
+	writer writeFlusher
+}
+
+// writeFlusher is the interface that groups the basic Write and Flush methods.
+type writeFlusher interface {
+	io.Writer
+	Flush() error
+}
+
+// Addr makes tntConn satisfy the Conn interface.
+func (c *tntConn) Addr() net.Addr {
+	return c.net.RemoteAddr()
+}
+
+// Read makes tntConn satisfy the Conn interface.
+func (c *tntConn) Read(p []byte) (int, error) {
+	return c.reader.Read(p)
+}
+
+// Write makes tntConn satisfy the Conn interface.
+func (c *tntConn) Write(p []byte) (int, error) {
+	if l, err := c.writer.Write(p); err != nil {
+		return l, err
+	} else if l != len(p) {
+		return l, errors.New("wrong length written")
+	} else {
+		return l, nil
+	}
+}
+
+// Flush makes tntConn satisfy the Conn interface.
+func (c *tntConn) Flush() error {
+	return c.writer.Flush()
+}
+
+// Close makes tntConn satisfy the Conn interface.
+func (c *tntConn) Close() error {
+	return c.net.Close()
+}
+
+// Greeting makes tntConn satisfy the Conn interface.
+func (c *tntConn) Greeting() tarantool.Greeting {
+	return tarantool.Greeting{}
+}
+
+// ProtocolInfo makes tntConn satisfy the Conn interface.
+func (c *tntConn) ProtocolInfo() tarantool.ProtocolInfo {
+	return tarantool.ProtocolInfo{}
+}
diff --git a/deadline_io.go b/deadline_io.go
@@ -0,0 +1,27 @@
+package tlsdialer
+
+import (
+	"net"
+	"time"
+)
+
+type deadlineIO struct {
+	to time.Duration
+	c  net.Conn
+}
+
+func (d *deadlineIO) Write(b []byte) (n int, err error) {
+	if d.to > 0 {
+		d.c.SetWriteDeadline(time.Now().Add(d.to))
+	}
+	n, err = d.c.Write(b)
+	return
+}
+
+func (d *deadlineIO) Read(b []byte) (n int, err error) {
+	if d.to > 0 {
+		d.c.SetReadDeadline(time.Now().Add(d.to))
+	}
+	n, err = d.c.Read(b)
+	return
+}