Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support gRPC TLS communication and TLS registry and FW support for gRPC on same server #1272

Merged
merged 1 commit into from
Sep 3, 2024

Conversation

michalvavrik
Copy link
Member

@michalvavrik michalvavrik commented Sep 2, 2024

Summary

Please check the relevant options

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Dependency update
  • Refactoring
  • Release (follows conventions described in the RELEASE.md)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • This change requires a documentation update
  • This change requires execution against OCP (use run tests phrase in comment)

Checklist:

  • Example scenarios has been updated / added
  • Methods and classes used in PR scenarios are meaningful
  • Commits are well encapsulated and follow the best practices

@michalvavrik michalvavrik force-pushed the feature/tls-registry-grpc branch 2 times, most recently from 8235fb4 to 6fb8fd3 Compare September 2, 2024 19:34
@michalvavrik michalvavrik changed the title Support gRPC TLS communication and TLS registry Support gRPC TLS communication and TLS registry and FW support for gRPC on same server Sep 2, 2024
@michalvavrik michalvavrik added the triage/backport-1.5? Quarkus 3.15 stream label Sep 2, 2024
@michalvavrik michalvavrik force-pushed the feature/tls-registry-grpc branch from 6fb8fd3 to 8ed7b70 Compare September 2, 2024 21:16
@michalvavrik
Copy link
Member Author

Issues on Windows are related to escaping, I don't know if I fixed them as obviously I didn't try it (it's bit late...). If it's red tomorrow, I'll work around that, but it's a small thing, I think you can freely comment on changes. Thanks

@michalvavrik
Copy link
Member Author

Interesting, Quarkus turns -Dquarkus.tls.grpc-tls.trust-store.pem.certs="C:\Users\RUNNER~1\AppData\Local\Temp\quarkus-qe-certs809756706346777605\quarkus-qe-server-ca.crt" into:

2024-09-02T21:43:49.8846143Z 21:43:49,799 INFO  [app] Caused by: java.nio.file.NoSuchFileException: C:UsersRUNNER~1AppDataLocalTempquarkus-qe-certs809756706346777605quarkus-qe-server-ca.crt
2024-09-02T21:43:49.8847380Z 21:43:49,799 INFO  [app] 	at java.base/sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:85)
2024-09-02T21:43:49.8848370Z 21:43:49,799 INFO  [app] 	at java.base/sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:103)
2024-09-02T21:43:49.8849385Z 21:43:49,799 INFO  [app] 	at java.base/sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:108)
2024-09-02T21:43:49.8850459Z 21:43:49,799 INFO  [app] 	at java.base/sun.nio.fs.WindowsFileSystemProvider.newByteChannel(WindowsFileSystemProvider.java:236)
2024-09-02T21:43:49.8851372Z 21:43:49,799 INFO  [app] 	at java.base/java.nio.file.Files.newByteChannel(Files.java:380)
2024-09-02T21:43:49.8852109Z 21:43:49,799 INFO  [app] 	at java.base/java.nio.file.Files.newByteChannel(Files.java:432)
2024-09-02T21:43:49.8852987Z 21:43:49,799 INFO  [app] 	at java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:422)
2024-09-02T21:43:49.8853880Z 21:43:49,799 INFO  [app] 	at java.base/java.nio.file.Files.newInputStream(Files.java:160)
2024-09-02T21:43:49.8854673Z 21:43:49,799 INFO  [app] 	at io.quarkus.tls.runtime.config.TlsConfigUtils.read(TlsConfigUtils.java:43)
2024-09-02T21:43:49.8855286Z 21:43:49,799 INFO  [app] 	... 20 more

I'll play with it tomorrow.

@michalvavrik
Copy link
Member Author

Starting experiments on Windows, will report back when I fix it.

@michalvavrik michalvavrik force-pushed the feature/tls-registry-grpc branch 2 times, most recently from 4d37c90 to 3c9f345 Compare September 3, 2024 09:33
@michalvavrik
Copy link
Member Author

I have doubled backslashes for my use case, which fixed the issue. I think we need to do it for everywhere #1275 but I do not there to do this in here. I am in hurry and don't have time to fix/debug side-effects in backports etc.

@michalvavrik michalvavrik force-pushed the feature/tls-registry-grpc branch from 3c9f345 to e835cc1 Compare September 3, 2024 09:47
Copy link
Contributor

@fedinskiy fedinskiy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a couple of small changes.

And what about Openshift? Will it work there?

@michalvavrik
Copy link
Member Author

And what about Openshift? Will it work there?

#1053 IIRC you cannot have both enabled HTTP2 and HTTP1 in OpenShift cluster. Things might have changed, but it's beyond what I can do ATM.

Copy link

github-actions bot commented Sep 3, 2024

Following jobs contain at least one flaky test: 'Linux - JVM build - Released Versions'

@michalvavrik michalvavrik force-pushed the feature/tls-registry-grpc branch from e835cc1 to 7555535 Compare September 3, 2024 10:54
@fedinskiy fedinskiy merged commit 9a7ecda into quarkus-qe:main Sep 3, 2024
8 checks passed
@michalvavrik michalvavrik deleted the feature/tls-registry-grpc branch September 3, 2024 12:44
@michalvavrik michalvavrik mentioned this pull request Sep 3, 2024
11 tasks
@michalvavrik michalvavrik removed the triage/backport-1.5? Quarkus 3.15 stream label Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants