From 76cd676f124edf9227e127e3b4de543b12f521f9 Mon Sep 17 00:00:00 2001 From: Eshan <60269431+Eshanatnight@users.noreply.github.com> Date: Sat, 13 Jan 2024 11:11:58 +0530 Subject: [PATCH] feat: allow tls for gRPC port (#622) This PR adds a fix for case where Parseable server is running with TLS enabled but gRPC server (Tonic) was still not configured with TLS. Fixes #608 --- Cargo.lock | 192 ++++++++++++++++++++------------ server/Cargo.toml | 2 +- server/src/handlers/livetail.rs | 54 +++++++-- 3 files changed, 170 insertions(+), 78 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7a4ae41e8..59c342deb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -36,18 +36,18 @@ dependencies = [ [[package]] name = "actix-http" -version = "3.3.0" +version = "3.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0070905b2c4a98d184c4e81025253cb192aa8a73827553f38e9410801ceb35bb" +checksum = "129d4c88e98860e1758c5de288d1632b07970a16d59bdf7b8d66053d582bb71f" dependencies = [ "actix-codec", "actix-rt", "actix-service", "actix-tls", "actix-utils", - "ahash 0.7.6", + "ahash", "base64 0.21.0", - "bitflags 1.3.2", + "bitflags 2.4.0", "brotli", "bytes", "bytestring", @@ -71,7 +71,7 @@ dependencies = [ "tokio", "tokio-util", "tracing", - "zstd", + "zstd 0.13.0", ] [[package]] @@ -120,7 +120,7 @@ dependencies = [ "futures-util", "mio", "num_cpus", - "socket2", + "socket2 0.4.9", "tokio", "tracing", ] @@ -138,19 +138,22 @@ dependencies = [ [[package]] name = "actix-tls" -version = "3.0.3" +version = "3.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fde0cf292f7cdc7f070803cb9a0d45c018441321a78b1042ffbbb81ec333297" +checksum = "72616e7fbec0aa99c6f3164677fa48ff5a60036d0799c98cab894a44f3e0efc3" dependencies = [ - "actix-codec", "actix-rt", "actix-service", "actix-utils", "futures-core", - "log", + "impl-more", "pin-project-lite", + "rustls 0.21.10", + "rustls-webpki", + "tokio", "tokio-rustls 0.23.4", "tokio-util", + "tracing", "webpki-roots", ] @@ -166,9 +169,9 @@ dependencies = [ [[package]] name = "actix-web" -version = "4.3.0" +version = "4.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "464e0fddc668ede5f26ec1f9557a8d44eda948732f40c6b0ad79126930eb775f" +checksum = "e43428f3bf11dee6d166b00ec2df4e3aa8cc1606aaa0b7433c146852e2f4e03b" dependencies = [ "actix-codec", "actix-http", @@ -180,7 +183,7 @@ dependencies = [ "actix-tls", "actix-utils", "actix-web-codegen", - "ahash 0.7.6", + "ahash", "bytes", "bytestring", "cfg-if", @@ -189,7 +192,6 @@ dependencies = [ "encoding_rs", "futures-core", "futures-util", - "http", "itoa 1.0.5", "language-tags", "log", @@ -201,21 +203,21 @@ dependencies = [ "serde_json", "serde_urlencoded", "smallvec", - "socket2", + "socket2 0.5.5", "time", "url", ] [[package]] name = "actix-web-codegen" -version = "4.1.0" +version = "4.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fa9362663c8643d67b2d5eafba49e4cb2c8a053a29ed00a0bea121f17c76b13" +checksum = "eb1f50ebbb30eca122b188319a4398b3f7bb4a8cdf50ecfb73bfc6a3c3ce54f5" dependencies = [ "actix-router", "proc-macro2", "quote", - "syn 1.0.107", + "syn 2.0.37", ] [[package]] @@ -275,17 +277,6 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -[[package]] -name = "ahash" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" -dependencies = [ - "getrandom", - "once_cell", - "version_check", -] - [[package]] name = "ahash" version = "0.8.3" @@ -382,7 +373,7 @@ version = "47.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fab9e93ba8ce88a37d5a30dce4b9913b75413dc1ac56cb5d72e5a840543f829" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow-arith", "arrow-array", "arrow-buffer", @@ -419,7 +410,7 @@ version = "47.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d02efa7253ede102d45a4e802a129e83bcc3f49884cab795b1ac223918e4318d" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow-buffer", "arrow-data", "arrow-schema", @@ -565,7 +556,7 @@ version = "47.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "114a348ab581e7c9b6908fcab23cb39ff9f060eb19e72b13f8fb8eaa37f65d22" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow-array", "arrow-buffer", "arrow-data", @@ -589,7 +580,7 @@ version = "47.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d5c71e003202e67e9db139e5278c79f5520bb79922261dfe140e4637ee8b6108" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow-array", "arrow-buffer", "arrow-data", @@ -627,8 +618,8 @@ dependencies = [ "pin-project-lite", "tokio", "xz2", - "zstd", - "zstd-safe", + "zstd 0.12.3+zstd.1.5.2", + "zstd-safe 6.0.4+zstd.1.5.4", ] [[package]] @@ -759,7 +750,7 @@ dependencies = [ "num-bigint", "num-traits", "once_cell", - "ring", + "ring 0.16.20", "serde", "serde_json", ] @@ -1290,7 +1281,7 @@ version = "32.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7014432223f4d721cb9786cd88bb89e7464e0ba984d4a7f49db7787f5f268674" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow", "arrow-array", "arrow-schema", @@ -1329,7 +1320,7 @@ dependencies = [ "url", "uuid", "xz2", - "zstd", + "zstd 0.12.3+zstd.1.5.2", ] [[package]] @@ -1338,7 +1329,7 @@ version = "32.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb3903ed8f102892f17b48efa437f3542159241d41c564f0d1e78efdc5e663aa" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow", "arrow-array", "arrow-buffer", @@ -1378,7 +1369,7 @@ version = "32.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24c382676338d8caba6c027ba0da47260f65ffedab38fda78f6d8043f607557c" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow", "arrow-array", "datafusion-common", @@ -1411,7 +1402,7 @@ version = "32.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57b4968e9a998dc0476c4db7a82f280e2026b25f464e4aa0c3bb9807ee63ddfd" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow", "arrow-array", "arrow-buffer", @@ -1445,7 +1436,7 @@ version = "32.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "efd0d1fe54e37a47a2d58a1232c22786f2c28ad35805fdcd08f0253a8b0aaa90" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow", "arrow-array", "arrow-buffer", @@ -1798,7 +1789,7 @@ version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" dependencies = [ - "ahash 0.8.3", + "ahash", ] [[package]] @@ -1807,7 +1798,7 @@ version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2c6201b9ff9fd90a5a3bac2e56a830d0caa509576f0e503818ee82c181b3437a" dependencies = [ - "ahash 0.8.3", + "ahash", "allocator-api2", ] @@ -1947,7 +1938,7 @@ dependencies = [ "httpdate", "itoa 1.0.5", "pin-project-lite", - "socket2", + "socket2 0.4.9", "tokio", "tower-service", "tracing", @@ -1963,7 +1954,7 @@ dependencies = [ "futures-util", "http", "hyper", - "rustls 0.21.5", + "rustls 0.21.10", "tokio", "tokio-rustls 0.24.1", ] @@ -2020,6 +2011,12 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb56e1aa765b4b4f3aadfab769793b7087bb03a4ea4920644a6d238e2df5b9ed" +[[package]] +name = "impl-more" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "206ca75c9c03ba3d4ace2460e57b189f39f43de612c2f85836e65c929701bb2d" + [[package]] name = "indexmap" version = "1.9.2" @@ -2209,9 +2206,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.146" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "libm" @@ -2539,7 +2536,7 @@ dependencies = [ "quick-xml", "rand", "reqwest", - "ring", + "ring 0.16.20", "serde", "serde_json", "snafu", @@ -2624,7 +2621,7 @@ version = "47.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0463cc3b256d5f50408c49a4be3a16674f4c8ceef60941709620a062b1f6bf4d" dependencies = [ - "ahash 0.8.3", + "ahash", "arrow-array", "arrow-buffer", "arrow-cast", @@ -2649,7 +2646,7 @@ dependencies = [ "thrift", "tokio", "twox-hash", - "zstd", + "zstd 0.12.3+zstd.1.5.2", ] [[package]] @@ -3143,7 +3140,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls 0.21.5", + "rustls 0.21.10", "rustls-pemfile", "serde", "serde_json", @@ -3170,12 +3167,26 @@ dependencies = [ "cc", "libc", "once_cell", - "spin", - "untrusted", + "spin 0.5.2", + "untrusted 0.7.1", "web-sys", "winapi", ] +[[package]] +name = "ring" +version = "0.17.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9babe80d5c16becf6594aa32ad2be8fe08498e7ae60b77de8df700e67f191d7e" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys 0.48.0", +] + [[package]] name = "rstest" version = "0.16.0" @@ -3238,19 +3249,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f" dependencies = [ "log", - "ring", + "ring 0.16.20", "sct", "webpki", ] [[package]] name = "rustls" -version = "0.21.5" +version = "0.21.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79ea77c539259495ce8ca47f53e66ae0330a8819f67e23ac96ca02f50e7b7d36" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", - "ring", + "ring 0.17.3", "rustls-webpki", "sct", ] @@ -3266,12 +3277,12 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.101.4" +version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring", - "untrusted", + "ring 0.17.3", + "untrusted 0.9.0", ] [[package]] @@ -3313,8 +3324,8 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -3510,12 +3521,28 @@ dependencies = [ "winapi", ] +[[package]] +name = "socket2" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" +dependencies = [ + "libc", + "windows-sys 0.48.0", +] + [[package]] name = "spin" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "sqlparser" version = "0.38.0" @@ -3778,7 +3805,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2", + "socket2 0.4.9", "tokio-macros", "windows-sys 0.48.0", ] @@ -3821,7 +3848,7 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls 0.21.5", + "rustls 0.21.10", "tokio", ] @@ -3903,7 +3930,10 @@ dependencies = [ "percent-encoding", "pin-project", "prost", + "rustls 0.21.10", + "rustls-pemfile", "tokio", + "tokio-rustls 0.24.1", "tokio-stream", "tower", "tower-layer", @@ -4094,6 +4124,12 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "uptime_lib" version = "0.2.2" @@ -4334,8 +4370,8 @@ version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07ecc0cd7cac091bf682ec5efa18b1cff79d617b84181f38b3951dbe135f607f" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -4595,7 +4631,16 @@ version = "0.12.3+zstd.1.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "76eea132fb024e0e13fd9c2f5d5d595d8a967aa72382ac2f9d39fcc95afd0806" dependencies = [ - "zstd-safe", + "zstd-safe 6.0.4+zstd.1.5.4", +] + +[[package]] +name = "zstd" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bffb3309596d527cfcba7dfc6ed6052f1d39dfbd7c867aa2e865e4a449c10110" +dependencies = [ + "zstd-safe 7.0.0", ] [[package]] @@ -4608,6 +4653,15 @@ dependencies = [ "zstd-sys", ] +[[package]] +name = "zstd-safe" +version = "7.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43747c7422e2924c11144d5229878b98180ef8b06cca4ab5af37afc8a8d8ea3e" +dependencies = [ + "zstd-sys", +] + [[package]] name = "zstd-sys" version = "2.0.7+zstd.1.5.4" diff --git a/server/Cargo.toml b/server/Cargo.toml index d86bc21c9..9c151e6d1 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -20,7 +20,7 @@ parquet = "^47.0.0" ### LiveTail server deps arrow-flight = "47.0.0" -tonic = "0.10.0" +tonic = {version = "0.10.0", features = ["tls"] } tonic-web = "0.10.0" tower-http = { version = "0.4.4", features = ["cors"] } diff --git a/server/src/handlers/livetail.rs b/server/src/handlers/livetail.rs index 5be8e9f33..de9970a1e 100644 --- a/server/src/handlers/livetail.rs +++ b/server/src/handlers/livetail.rs @@ -26,7 +26,7 @@ use futures_util::{Future, StreamExt, TryFutureExt, TryStreamExt}; use http_auth_basic::Credentials; use rand::distributions::{Alphanumeric, DistString}; use tonic::metadata::MetadataMap; -use tonic::transport::Server; +use tonic::transport::{Identity, Server, ServerTlsConfig}; use tonic::{Request, Response, Status, Streaming}; use arrow_flight::{ @@ -176,13 +176,51 @@ pub fn server() -> impl Future) + let identity = match ( + &CONFIG.parseable.tls_cert_path, + &CONFIG.parseable.tls_key_path, + ) { + (Some(cert), Some(key)) => { + match (std::fs::read_to_string(cert), std::fs::read_to_string(key)) { + (Ok(cert_file), Ok(key_file)) => { + let identity = Identity::from_pem(cert_file, key_file); + Some(identity) + } + _ => None, + } + } + (_, _) => None, + }; + + let config = identity.map(|id| ServerTlsConfig::new().identity(id)); + + // rust is treating closures as different types + let err_map_fn = |err| Box::new(err) as Box; + + // match on config to decide if we want to use tls or not + match config { + Some(config) => { + let server = match Server::builder().tls_config(config) { + Ok(server) => server, + Err(_) => Server::builder(), + }; + + server + .accept_http1(true) + .layer(cors) + .layer(GrpcWebLayer::new()) + .add_service(svc) + .serve(addr) + .map_err(err_map_fn) + } + None => Server::builder() + .accept_http1(true) + .layer(cors) + .layer(GrpcWebLayer::new()) + .add_service(svc) + .serve(addr) + .map_err(err_map_fn), + } } fn extract_stream(body: &serde_json::Value) -> Result<&str, Status> {