fix(db) ensure boot when using C* with client-to-node TLS #4214
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bungle
approved these changes
Jan 17, 2019
thibaultcha
force-pushed
the
fix/cassandra-ssl
branch
from
ff70ac3 to
bde77bd
Compare
In the init phase, lua-cassandra fallbacks to LuaSocket (since cosockets are not supported). When we ask Kong to connect to the C* peers over TLS, we use LuaSec. LuaSec wraps the LuaSocket TCP object (which itself wraps the kernel socket). LuaSocket normally returns `1` when calling `sock:close()`, but when wrapped by LuaSec, the latter dismisses that return value, and thus, `sslsock:close()` does _not_ return anything. We could work around this limitation by providing an additional fix to the pgmoon and lua-cassandra LuaSocket metatable wrappers, but this commit presents a faster fix for the sake of efficiency, in the spirit of the 1.0.2 release. Note also how we changed the return value of `db_conn:close()` to `true` when no stored connection is found. While not following the initial design of this API, this changes will help prevent misuses in higher-level modules (such as the DAO). Fix #4212 From #4214
There is no need to assert whether we closed the DB connection. If it isn't the case, this won't prevent Kong from starting nor functioning normally.
thibaultcha
force-pushed
the
fix/cassandra-ssl
branch
from
bde77bd to
26a0e68
Compare
thibaultcha
added a commit
that referenced
this pull request
Jan 18, 2019
In the init phase, lua-cassandra fallbacks to LuaSocket (since cosockets are not supported). When we ask Kong to connect to the C* peers over TLS, we use LuaSec. LuaSec wraps the LuaSocket TCP object (which itself wraps the kernel socket). LuaSocket normally returns `1` when calling `sock:close()`, but when wrapped by LuaSec, the latter dismisses that return value, and thus, `sslsock:close()` does _not_ return anything. We could work around this limitation by providing an additional fix to the pgmoon and lua-cassandra LuaSocket metatable wrappers, but this commit presents a faster fix for the sake of efficiency, in the spirit of the 1.0.2 release. Note also how we changed the return value of `db_conn:close()` to `true` when no stored connection is found. While not following the initial design of this API, this changes will help prevent misuses in higher-level modules (such as the DAO). Fix #4212 From #4214
thibaultcha
added a commit
that referenced
this pull request
Jan 18, 2019
In the init phase, lua-cassandra fallbacks to LuaSocket (since cosockets are not supported). When we ask Kong to connect to the C* peers over TLS, we use LuaSec. LuaSec wraps the LuaSocket TCP object (which itself wraps the kernel socket). LuaSocket normally returns `1` when calling `sock:close()`, but when wrapped by LuaSec, the latter dismisses that return value, and thus, `sslsock:close()` does _not_ return anything. We could work around this limitation by providing an additional fix to the pgmoon and lua-cassandra LuaSocket metatable wrappers, but this commit presents a faster fix for the sake of efficiency, in the spirit of the 1.0.2 release. Note also how we changed the return value of `db_conn:close()` to `true` when no stored connection is found. While not following the initial design of this API, this changes will help prevent misuses in higher-level modules (such as the DAO). Fix #4212 From #4214
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A fix for #4212 - more details to come.
EDIT: adding details below
In the init phase, lua-cassandra fallbacks to LuaSocket (since cosockets
are not supported). When we ask Kong to connect to the C* peers over
TLS, we use LuaSec. LuaSec wraps the LuaSocket TCP object (which itself
wraps the kernel socket).
LuaSocket normally returns
1when callingsock:close(), but whenwrapped by LuaSec, the latter dismisses that return value, and thus,
sslsock:close()does not return anything.We could work around this limitation by providing an additional fix to
the pgmoon and lua-cassandra LuaSocket metatable wrappers, but this
commit presents a faster fix for the sake of efficiency, in the spirit
of the 1.0.2 release.
Note also how we changed the return value of
db_conn:close()totruewhen no stored connection is found. While not following the initial
design of this API, this changes will help prevent misuses in
higher-level modules (such as the DAO).