From d94eb74cefbe30577933df930a1dea01c157217c Mon Sep 17 00:00:00 2001 From: roxblnfk Date: Thu, 29 Aug 2024 11:25:11 +0400 Subject: [PATCH] Separate TlsConfig --- src/Bootloader/TemporalBridgeBootloader.php | 11 ++-- src/Config/ConnectionConfig.php | 61 ++++++++++++--------- src/Config/TemporalConfig.php | 2 +- src/Config/TlsConfig.php | 24 ++++++++ tests/app/config/temporal.php | 6 +- tests/src/Config/ConnectionConfigTest.php | 50 +++++++++-------- tests/src/Config/TemporalConfigTest.php | 15 +++-- 7 files changed, 104 insertions(+), 65 deletions(-) create mode 100644 src/Config/TlsConfig.php diff --git a/src/Bootloader/TemporalBridgeBootloader.php b/src/Bootloader/TemporalBridgeBootloader.php index e421b2f..acd5946 100644 --- a/src/Bootloader/TemporalBridgeBootloader.php +++ b/src/Bootloader/TemporalBridgeBootloader.php @@ -157,7 +157,7 @@ protected function initConfig(EnvironmentInterface $env): void [ 'connection' => $env->get('TEMPORAL_CONNECTION', 'default'), 'connections' => [ - 'default' => ConnectionConfig::createInsecure( + 'default' => ConnectionConfig::create( address: $env->get('TEMPORAL_ADDRESS', '127.0.0.1:7233'), ), ], @@ -175,12 +175,13 @@ protected function initServiceClient(TemporalConfig $config): ServiceClientInter { $connection = $config->getConnection($config->getDefaultConnection()); - return $connection->secure + return $connection->isSecure() ? ServiceClient::createSSL( address: $connection->address, - crt: $connection->rootCerts, - clientKey: $connection->privateKey, - clientPem: $connection->certChain, + crt: $connection->tlsConfig->rootCerts, + clientKey: $connection->tlsConfig->privateKey, + clientPem: $connection->tlsConfig->certChain, + overrideServerName: $connection->tlsConfig->serverName, ) : ServiceClient::create(address: $connection->address); } diff --git a/src/Config/ConnectionConfig.php b/src/Config/ConnectionConfig.php index a175bd6..f3959a0 100644 --- a/src/Config/ConnectionConfig.php +++ b/src/Config/ConnectionConfig.php @@ -9,7 +9,7 @@ * * How to connect to local Temporal server: * - * ConnectionConfig::createInsecure('localhost:7233'), + * ConnectionConfig::create('localhost:7233'), * * How to connect to Temporal Cloud: * @@ -23,43 +23,32 @@ final class ConnectionConfig { /** * @param non-empty-string $address - * @param non-empty-string|null $rootCerts - * @param non-empty-string|null $privateKey - * @param non-empty-string|null $certChain * @param non-empty-string|\Stringable|null $authToken */ private function __construct( public readonly string $address, - public readonly bool $secure = false, - public readonly ?string $rootCerts = null, - public readonly ?string $privateKey = null, - public readonly ?string $certChain = null, + public readonly ?TlsConfig $tlsConfig = null, public readonly string|\Stringable|null $authToken = null, ) {} /** - * @param non-empty-string $address + * Check if the connection is secure. + * + * @psalm-assert-if-true TlsConfig $this->tlsConfig + * @psalm-assert-if-false null $this->tlsConfig */ - public static function createInsecure( - string $address, - ): self { - return new self($address); + public function isSecure(): bool + { + return $this->tlsConfig !== null; } /** * @param non-empty-string $address - * @param non-empty-string|null $rootCerts Root certificates string or file in PEM format. - * If null provided, default gRPC root certificates are used. - * @param non-empty-string|null $privateKey Client private key string or file in PEM format. - * @param non-empty-string|null $certChain Client certificate chain string or file in PEM format. */ - public static function createSecure( + public static function create( string $address, - ?string $rootCerts = null, - ?string $privateKey = null, - ?string $certChain = null, ): self { - return new self($address, true, $rootCerts, $privateKey, $certChain); + return new self($address); } /** @@ -76,7 +65,28 @@ public static function createCloud( string $privateKey, string $certChain, ): self { - return new self($address, true, null, $privateKey, $certChain); + return new self($address, new TlsConfig(privateKey: $privateKey, certChain: $certChain)); + } + + /** + * Set the TLS configuration for the connection. + * + * @param non-empty-string|null $rootCerts Root certificates string or file in PEM format. + * If null provided, default gRPC root certificates are used. + * @param non-empty-string|null $privateKey Client private key string or file in PEM format. + * @param non-empty-string|null $certChain Client certificate chain string or file in PEM format. + * @param non-empty-string|null $serverName Server name override for TLS verification. + */ + public function withTls( + ?string $rootCerts = null, + ?string $privateKey = null, + ?string $certChain = null, + ?string $serverName = null, + ): self { + return new self( + $this->address, + new TlsConfig($rootCerts, $privateKey, $certChain, $serverName), + ); } /** @@ -93,10 +103,7 @@ public function withAuthKey(string|\Stringable|null $authToken): self { return new self( $this->address, - $this->secure, - $this->rootCerts, - $this->privateKey, - $this->certChain, + $this->tlsConfig, $authToken, ); } diff --git a/src/Config/TemporalConfig.php b/src/Config/TemporalConfig.php index b9f30d0..6a19365 100644 --- a/src/Config/TemporalConfig.php +++ b/src/Config/TemporalConfig.php @@ -69,7 +69,7 @@ public function getConnection(string $name): ConnectionConfig 'Using `address` is deprecated, use `connections` instead.', \E_USER_DEPRECATED, ); - return ConnectionConfig::createInsecure(address: $address); + return ConnectionConfig::create(address: $address); } if (isset($this->config['connections'][$name])) { diff --git a/src/Config/TlsConfig.php b/src/Config/TlsConfig.php new file mode 100644 index 0000000..f87c964 --- /dev/null +++ b/src/Config/TlsConfig.php @@ -0,0 +1,24 @@ + env('TEMPORAL_CONNECTION', 'default'), 'connections' => [ - 'default' => ConnectionConfig::createInsecure( + 'default' => ConnectionConfig::create( address: 'localhost:7233', ), - 'ssl' => ConnectionConfig::createSecure( - address: 'ssl:7233', + 'ssl' => ConnectionConfig::create(address: 'ssl:7233') + ->withTls( rootCerts: '/path/to/crt', privateKey: '/path/to/clientKey', certChain: '/path/to/clientPem', diff --git a/tests/src/Config/ConnectionConfigTest.php b/tests/src/Config/ConnectionConfigTest.php index c665a0c..4f381cc 100644 --- a/tests/src/Config/ConnectionConfigTest.php +++ b/tests/src/Config/ConnectionConfigTest.php @@ -11,27 +11,28 @@ final class ConnectionConfigTest extends TestCase { public function testCreateSecure(): void { - $config = ConnectionConfig::createSecure( + $config = ConnectionConfig::create( address: 'localhost:2222', + )->withTls( rootCerts: 'crt', privateKey: 'clientKey', certChain: 'clientPem', ); - $this->assertTrue($config->secure); + $this->assertTrue($config->isSecure()); $this->assertSame('localhost:2222', $config->address); - $this->assertSame('crt', $config->rootCerts); - $this->assertSame('clientKey', $config->privateKey); - $this->assertSame('clientPem', $config->certChain); + $this->assertSame('crt', $config->tlsConfig->rootCerts); + $this->assertSame('clientKey', $config->tlsConfig->privateKey); + $this->assertSame('clientPem', $config->tlsConfig->certChain); } public function testCreateInsecure(): void { - $config = ConnectionConfig::createInsecure( + $config = ConnectionConfig::create( address: 'localhost:1111', ); - $this->assertFalse($config->secure); + $this->assertFalse($config->isSecure()); $this->assertSame('localhost:1111', $config->address); } @@ -43,16 +44,17 @@ public function testCreateCloud(): void certChain: 'clientPem', ); - $this->assertTrue($config->secure); + $this->assertTrue($config->isSecure()); $this->assertSame('localhost:1111', $config->address); - $this->assertSame('clientKey', $config->privateKey); - $this->assertSame('clientPem', $config->certChain); + $this->assertSame('clientKey', $config->tlsConfig->privateKey); + $this->assertSame('clientPem', $config->tlsConfig->certChain); } public function testWithAuthKey(): void { - $config = ConnectionConfig::createSecure( + $config = ConnectionConfig::create( address: 'localhost:1111', + )->withTls( certChain: 'clientPem', ); @@ -65,29 +67,31 @@ public function testWithAuthKey(): void public function testWithAuthKeyNull(): void { - $config = ConnectionConfig::createSecure( - address: 'localhost:1111', - )->withAuthKey('authKey'); + $config = ConnectionConfig::create(address: 'localhost:1111') + ->withTls() + ->withAuthKey('authKey'); $newConfig = $config->withAuthKey(null); $this->assertNotSame($config, $newConfig); $this->assertNotNull($config->authToken); $this->assertNull($newConfig->authToken); + $this->assertTrue($config->isSecure()); + $this->assertTrue($newConfig->isSecure()); } public function testWithAuthKeyStringable(): void { - $config = ConnectionConfig::createSecure( - address: 'localhost:1111', - )->withAuthKey( - $key = new class() implements \Stringable { - public function __toString(): string - { - return 'authKey'; + $config = ConnectionConfig::create(address: 'localhost:1111') + ->withTls() + ->withAuthKey( + $key = new class() implements \Stringable { + public function __toString(): string + { + return 'authKey'; + } } - } - ); + ); $this->assertSame($key, $config->authToken); } diff --git a/tests/src/Config/TemporalConfigTest.php b/tests/src/Config/TemporalConfigTest.php index 45f9170..a4ebc33 100644 --- a/tests/src/Config/TemporalConfigTest.php +++ b/tests/src/Config/TemporalConfigTest.php @@ -41,26 +41,29 @@ public function testGetConnectionFromAddress(): void $this->assertSame('localhost:1111', $connection->address); } - public function testGetSslConnection(): void + public function testGetTlsConnection(): void { $config = new TemporalConfig([ 'connections' => [ - 'default' => ConnectionConfig::createSecure( + 'default' => ConnectionConfig::create( address: 'localhost:2222', + )->withTls( rootCerts: 'crt', privateKey: 'clientKey', certChain: 'clientPem', + serverName: 'localhost', ), ], ]); $connection = $config->getConnection('default'); - $this->assertTrue($connection->secure); + $this->assertTrue($connection->isSecure()); $this->assertSame('localhost:2222', $connection->address); - $this->assertSame('crt', $connection->rootCerts); - $this->assertSame('clientKey', $connection->privateKey); - $this->assertSame('clientPem', $connection->certChain); + $this->assertSame('crt', $connection->tlsConfig->rootCerts); + $this->assertSame('clientKey', $connection->tlsConfig->privateKey); + $this->assertSame('clientPem', $connection->tlsConfig->certChain); + $this->assertSame('localhost', $connection->tlsConfig->serverName); } public function testGetsDefaultWorker(): void