Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/add TLS encryption #549

Merged
merged 6 commits into from
May 27, 2021
Merged

Feature/add TLS encryption #549

merged 6 commits into from
May 27, 2021

Conversation

carpawell
Copy link
Member

@carpawell carpawell commented May 21, 2021
edited
Loading

Add TLS(turns on with config(env vars)) to GRPC server and client.

In network pkg add implementation of tls protocol for multiaddr lib.

Make CLI support multiaddresess with /tls protocol.

Closes #455.

@codecov
Copy link

codecov bot commented May 21, 2021
edited
Loading

Codecov Report

Merging #549 (6555984) into master (5a3a27b) will increase coverage by 0.09%.
The diff coverage is 67.85%.

❗ Current head 6555984 differs from pull request most recent head 007f6f7. Consider uploading reports for the commit 007f6f7 to get more accurate results
Impacted file tree graph

@@            Coverage Diff             @@
##           master     #549      +/-   ##
==========================================
+ Coverage   41.89%   41.99%   +0.09%     
==========================================
  Files         172      173       +1     
  Lines        7507     7513       +6     
==========================================
+ Hits         3145     3155      +10     
+ Misses       4036     4030       -6     
- Partials      326      328       +2
Impacted Files Coverage Δ
pkg/innerring/processors/audit/process.go 0.00% <0.00%> (ø)
pkg/innerring/processors/audit/processor.go 0.00% <ø> (ø)
pkg/services/object/get/service.go 0.00% <ø> (ø)
pkg/services/object/get/util.go 17.39% <ø> (ø)
pkg/services/object/search/service.go 0.00% <ø> (ø)
pkg/services/object/search/util.go 28.20% <ø> (ø)
pkg/network/address.go 68.18% <66.66%> (+2.32%) ⬆️
pkg/services/object/get/exec.go 71.97% <66.66%> (+1.24%) ⬆️
pkg/services/object/search/exec.go 54.83% <66.66%> (+1.21%) ⬆️
pkg/network/tls.go 76.47% <76.47%> (ø)
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5a3a27b...007f6f7. Read the comment docs.

@alexvanin alexvanin mentioned this pull request May 21, 2021
Closed
@carpawell carpawell self-assigned this May 25, 2021
@carpawell carpawell added enhancement Improving existing functionality neofs-storage Storage node application issues labels May 25, 2021
@carpawell carpawell marked this pull request as ready for review May 25, 2021 05:39
@carpawell carpawell requested review from cthulhu-rider and alexvanin and removed request for cthulhu-rider May 25, 2021 05:39
@carpawell carpawell marked this pull request as draft May 25, 2021 06:23
@carpawell carpawell marked this pull request as ready for review May 25, 2021 12:42
@carpawell carpawell mentioned this pull request May 25, 2021
Closed
alexvanin
alexvanin suggested changes May 26, 2021
View reviewed changes
cmd/neofs-node/config.go Show resolved Hide resolved
cmd/neofs-node/container.go Outdated Show resolved Hide resolved
pkg/innerring/rpc.go Outdated Show resolved Hide resolved
pkg/network/cache/client.go Outdated Show resolved Hide resolved
pkg/network/tls.go Outdated Show resolved Hide resolved
pkg/services/object/head/remote.go Show resolved Hide resolved
@alexvanin
Copy link
Contributor

Can you point out where /tls protocol is added to multiaddress in NodeInfo structure, that is announced at bootstrap?

@carpawell
Copy link
Member Author

carpawell commented May 26, 2021
edited
Loading

Can you point out where /tls protocol is added to multiaddress in NodeInfo structure, that is announced at bootstrap?

Did not get the whole idea, so have just added it now. And also added Encapsulate, Decaplulate methods to network.Address struct

@carpawell carpawell requested a review from alexvanin May 26, 2021 17:10
@carpawell
[#549] grpc/server: Add TLS encryption
09ce0ff 
Add TLS to config. Add server side encryption
if it is configured so.

Signed-off-by: Pavel Karpy <[email protected]>
@carpawell
[#549] network/cache: Change Get signature
485fe4f 
Make network cache's `Get` method accept
`network.Address` argument instead of
string.

Signed-off-by: Pavel Karpy <[email protected]>
@carpawell
[#549] network/Address: Add TLS
6d475a9 
There is no TLS protocol support in
`go-multiaddr` library, but there is
public function that can register any
protocol that can be implemented outside
the library. Also `TLSEnabled` function
for parsing TLS protocol from
`network.Address` was added.

Signed-off-by: Pavel Karpy <[email protected]>
@carpawell
[#549] clientCache: Add TLS to client
18d2081 
Signed-off-by: Pavel Karpy <[email protected]>
@carpawell
[#549] node: Add TLS to bootstrap address
6edd146 
Signed-off-by: Pavel Karpy <[email protected]>
@carpawell
[#549] cli: Add TLS support to control service
007f6f7 
Signed-off-by: Pavel Karpy <[email protected]>
@carpawell carpawell requested a review from alexvanin May 27, 2021 12:44
@alexvanin alexvanin merged commit 3e0eccb into nspcc-dev:master May 27, 2021
@carpawell carpawell deleted the feature/add-tls-to-grpc branch May 27, 2021 15:04
@carpawell carpawell mentioned this pull request Jul 2, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexvanin alexvanin alexvanin approved these changes

@cthulhu-rider cthulhu-rider Awaiting requested review from cthulhu-rider cthulhu-rider is a code owner

Assignees

@carpawell carpawell

Labels
enhancement Improving existing functionality neofs-storage Storage node application issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add TLS encryption for gRPC servers
2 participants
@carpawell @alexvanin