Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[mesh] enable mTLS #281

Merged
merged 25 commits into from
Oct 19, 2021
Merged

[mesh] enable mTLS #281

merged 25 commits into from
Oct 19, 2021

Conversation

benja-wu
Copy link
Contributor

  • For supporting mTLS inside Mesh
  • Design doc

@benja-wu benja-wu added the enhancement New feature or request label Sep 28, 2021
megaeasex
megaeasex approved these changes Sep 28, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 11, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

@codecov-commenter
Copy link

codecov-commenter commented Oct 11, 2021
edited
Loading

Codecov Report

Merging #281 (4d79455) into main (c0f5200) will increase coverage by 0.01%.
The diff coverage is 70.21%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #281      +/-   ##
==========================================
+ Coverage   80.22%   80.23%   +0.01%     
==========================================
  Files          53       53              
  Lines        5897     6098     +201     
==========================================
+ Hits         4731     4893     +162     
- Misses        907      943      +36     
- Partials      259      262       +3
Impacted Files Coverage Δ
pkg/filter/proxy/proxy.go 78.30% <55.55%> (-6.21%) ⬇️
pkg/object/meshcontroller/spec/spec.go 86.95% <78.31%> (-2.57%) ⬇️
pkg/filter/proxy/pool.go 84.02% <100.00%> (ø)
pkg/object/mqttproxy/storage.go 94.87% <0.00%> (-5.13%) ⬇️
pkg/object/mqttproxy/session_manager.go 86.36% <0.00%> (-3.81%) ⬇️
pkg/object/mqttproxy/spec.go 100.00% <0.00%> (ø)
pkg/object/mqttproxy/topic.go 100.00% <0.00%> (+0.46%) ⬆️
pkg/object/mqttproxy/session.go 82.31% <0.00%> (+0.83%) ⬆️
pkg/object/mqttproxy/client.go 81.09% <0.00%> (+2.15%) ⬆️
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c0f5200...4d79455. Read the comment docs.

@benja-wu benja-wu marked this pull request as ready for review October 11, 2021 13:54
@benja-wu benja-wu marked this pull request as draft October 11, 2021 14:08
megaeasex
megaeasex approved these changes Oct 12, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

@benja-wu benja-wu marked this pull request as ready for review October 12, 2021 03:14
localvar
localvar reviewed Oct 13, 2021
View reviewed changes
pkg/filter/proxy/proxy.go Outdated Show resolved Hide resolved
pkg/object/httpserver/spec.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/certmanager.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/certmanager.go Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/certmanager.go Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/certmanager.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/layout/layout.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/master/master.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/master/master.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/spec/spec.go Outdated Show resolved Hide resolved
megaeasex
megaeasex suggested changes Oct 13, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test FAILED]megaease/easegress Pull Request 281 Deploy Test failed

megaeasex
megaeasex approved these changes Oct 13, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 13, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

haoel
haoel suggested changes Oct 13, 2021
View reviewed changes
pkg/filter/proxy/proxy.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/certmanager.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/meshcertprovider.go Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/certmanager.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/meshcertprovider.go Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/meshcertprovider.go Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/meshcertprovider.go Show resolved Hide resolved
pkg/object/meshcontroller/informer/informer.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/informer/informer.go Outdated Show resolved Hide resolved
megaeasex
megaeasex suggested changes Oct 13, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test FAILED]megaease/easegress Pull Request 281 Deploy Test failed

megaeasex
megaeasex approved these changes Oct 13, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

@haoel
Copy link
Contributor

haoel commented Oct 13, 2021

by the way, the unit testing code coverage looks decreased, please make sure we need to meet >80% coverage.

@benja-wu
Copy link
Contributor Author

benja-wu commented Oct 13, 2021
edited
Loading

by the way, the unit testing code coverage looks decreased, please make sure we need to meet >80% coverage.

https://codecov.io/github/megaease/easegress/commit/2e9e0e77e82f5738744a176cd7b42882786f76c4
The latest commit brings the coverage rate back to 80.21% already.

megaeasex
megaeasex approved these changes Oct 13, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 13, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 14, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 14, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 14, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 14, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 15, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

benja-wu and others added 18 commits October 15, 2021 13:30
@benja-wu
[mesh] refactor and raise coverage rate
6c7169f
@benja-wu
[mesh] fix provider bug
3f91db9
@benja-wu
[mesh] fix mTLS cert bug
41f3384
@benja-wu @localvar
Apply suggestions from localvar's code review
6fa71ca 
Co-authored-by: Bomin Zhang <[email protected]>
@benja-wu
[mesh] refactor according to localvar's comments
4f098e0
@benja-wu
[mesh] raise coverage rate
9f21ffb
@benja-wu @haoel
Update pkg/filter/proxy/proxy.go
8acf532 
Co-authored-by: Hao Chen <[email protected]>
@benja-wu
[mesh] update with haoel's comments
feabf4c
@benja-wu
[mesh] refactor informer server and ingresscontroller onCert func
7a25939
@benja-wu
[mesh] fix typo
5c700c1
@benja-wu
[mesh] fix ingress httpserver bug and update spec test
80f1075
@benja-wu
[mesh] solve conflict
2219f47
@benja-wu
[mesh] fix warning and bug
bfa1adf
@benja-wu
[mesh] fix typo
b070002
@benja-wu
[mesh] fix init bug and add more info log
da40e57
@benja-wu
[mesh] fix mTLS bugs
7cc86b8
@benja-wu
[mesh] fix auto test
72b2c1b
@benja-wu
[mesh] ingress/egress use its own informer
cc9ff8d
megaeasex
megaeasex approved these changes Oct 15, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

megaeasex
megaeasex approved these changes Oct 15, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

xxx7xxxx
xxx7xxxx reviewed Oct 19, 2021
View reviewed changes
pkg/object/httpserver/spec.go Outdated Show resolved Hide resolved
pkg/object/meshcontroller/certmanager/certmanager.go Outdated
}

// CertProvider is the interface declaring the methods for the Certificate provider, such as
// easemesh-self-sign, Valt, and so on.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// easemesh-self-sign, Valt, and so on.
// easemesh-self-sign, Valt, and so on.

pkg/object/meshcontroller/certmanager/certmanager.go Outdated
// CertProvider is the interface declaring the methods for the Certificate provider, such as
// easemesh-self-sign, Valt, and so on.
CertProvider interface {
// SignAppCertAndKey signs a cert, key pair for one service's instance
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// SignAppCertAndKey signs a cert, key pair for one service's instance
// SignAppCertAndKey signs a cert, key pair for one service's instance

pkg/object/meshcontroller/certmanager/certmanager.go Outdated
// easemesh-self-sign, Valt, and so on.
CertProvider interface {
// SignAppCertAndKey signs a cert, key pair for one service's instance
SignAppCertAndKey(serviceName string, HOST, IP string, ttl time.Duration) (cert *spec.Certificate, err error)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
SignAppCertAndKey(serviceName string, HOST, IP string, ttl time.Duration) (cert *spec.Certificate, err error)
SignAppCertAndKey(serviceName string, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error)

pkg/object/meshcontroller/certmanager/certmanager.go Outdated
SignRootCertAndKey(time.Duration) (cert *spec.Certificate, err error)

// GetAppCertAndKey gets cert and key for one service's instance
GetAppCertAndKey(serviceName, HOST, IP string) (cert *spec.Certificate, err error)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
GetAppCertAndKey(serviceName, HOST, IP string) (cert *spec.Certificate, err error)
GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error)

pkg/object/meshcontroller/certmanager/certmanager.go Outdated
GetRootCertAndKey() (cert *spec.Certificate, err error)

// ReleaseAppCertAndKey releases one service instance's cert and key
ReleaseAppCertAndKey(serviceName, HOST, IP string) error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ReleaseAppCertAndKey(serviceName, HOST, IP string) error
ReleaseAppCertAndKey(serviceName, host, ip string) error

pkg/object/meshcontroller/certmanager/certmanager.go Outdated
// ReleaseRootCertAndKey releases root CA cert and key
ReleaseRootCertAndKey() error

// SetRootCertAndKey sets exists app cert
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// SetRootCertAndKey sets exists app cert
// SetRootCertAndKey sets existing app cert

pkg/object/meshcontroller/certmanager/certmanager.go Outdated
ReleaseRootCertAndKey() error

// SetRootCertAndKey sets exists app cert
SetAppCertAndKey(serviceName, HOST, IP string, cert *spec.Certificate) error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
SetAppCertAndKey(serviceName, HOST, IP string, cert *spec.Certificate) error
SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error

pkg/object/meshcontroller/certmanager/certmanager.go Outdated
}
)

// NewCertManager creates a initialed certmanager.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// NewCertManager creates a initialed certmanager.
// NewCertManager creates a certmanager.

megaeasex
megaeasex approved these changes Oct 19, 2021
View reviewed changes
Copy link

@megaeasex megaeasex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success

@localvar localvar requested a review from haoel October 19, 2021 07:58
@localvar localvar merged commit 514ba09 into easegress-io:main Oct 19, 2021
@benja-wu benja-wu deleted the security branch October 23, 2021 11:18
@samutamm samutamm mentioned this pull request Jan 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@localvar localvar localvar approved these changes

@xxx7xxxx xxx7xxxx xxx7xxxx approved these changes

@megaeasex megaeasex megaeasex approved these changes

@haoel haoel Awaiting requested review from haoel

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@benja-wu @codecov-commenter @haoel @localvar @xxx7xxxx @megaeasex