Support providing an x.509 certificate for user authentication

EventStore · Oct 10, 2024 · ed28baf · ed28baf
1 parent 2f0cfc7
commit ed28baf
Show file tree

Hide file tree

Showing 19 changed files with 447 additions and 47 deletions.
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -40,6 +40,21 @@ jobs:
       esdb_version: ${{ matrix.version }}
       go_version: ${{ needs.go-version.outputs.go_version }}
 
+  plugins-tests:
+    needs: build
+    name: Plugins Tests
+
+    strategy:
+      fail-fast: false
+      matrix:
+        version: [24.2.0-jammy]
+
+    uses: ./.github/workflows/test-plugins.yml
+    with:
+      esdb_version: ${{ matrix.version }}
+      go_version: ${{ needs.go-version.outputs.go_version }}
+      esdb_repository: "docker.eventstore.com/eventstore-ee/eventstoredb-commercial"
+    secrets: inherit
 
   linting:
     needs: tests

diff --git a/.github/workflows/test-dispatch.yml b/.github/workflows/test-dispatch.yml
@@ -19,3 +19,13 @@ jobs:
     with:
       esdb_version: ${{ inputs.version }}
       go_version: ${{ needs.go-version.outputs.go_version }}
+
+  plugins-tests:
+    needs: go-version
+    name: Plugins Tests
+    uses: ./.github/workflows/plugins-tests.yml
+    with:
+      esdb_version: ${{ inputs.version }}
+      go_version: ${{ needs.go-version.outputs.go_version }}
+      esdb_repository: "docker.eventstore.com/eventstore-ee/eventstoredb-commercial"
+    secrets: inherit
diff --git a/.github/workflows/test-plugins.yml b/.github/workflows/test-plugins.yml
@@ -0,0 +1,89 @@
+name: enterprise plugins tests workflow
+
+on:
+  workflow_call:
+    inputs:
+      esdb_repository:
+        required: true
+        type: string
+
+      esdb_version:
+        required: true
+        type: string
+
+      go_version:
+        required: true
+        type: string
+
+jobs:
+  secure:
+    name: Secure
+
+    strategy:
+      fail-fast: false
+      matrix:
+        test: [Plugins]
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ inputs.go_version }}
+
+      - name: Login to Cloudsmith
+        uses: docker/login-action@v3
+        with:
+          registry: docker.eventstore.com
+          username: ${{ secrets.CLOUDSMITH_CICD_USER }}
+          password: ${{ secrets.CLOUDSMITH_CICD_TOKEN }}
+
+      - name: Generate certificates
+        run: docker compose --file docker-compose.yml up
+
+      - name: Run Go Tests
+        run: make ci CI_TARGET=Test${{ matrix.test }}
+
+        env:
+          EVENTSTORE_DOCKER_REPOSITORY: ${{ inputs.esdb_repository }}
+          EVENTSTORE_DOCKER_TAG: ${{ inputs.esdb_version }}
+          EVENTSTORE_INSECURE: false
+
+  cluster:
+    name: Cluster
+
+    strategy:
+      fail-fast: false
+      matrix:
+        test: [Plugins]
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ inputs.go_version }}
+
+      - name: Login to Cloudsmith
+        uses: docker/login-action@v3
+        with:
+          registry: docker.eventstore.com
+          username: ${{ secrets.CLOUDSMITH_CICD_USER }}
+          password: ${{ secrets.CLOUDSMITH_CICD_TOKEN }}
+
+      - name: Set up cluster with Docker Compose
+        run: |
+          docker compose -f cluster-docker-compose.yml up -d
+        env:
+          EVENTSTORE_DOCKER_REPOSITORY: ${{ inputs.esdb_repository }}
+          EVENTSTORE_DOCKER_TAG: ${{ inputs.esdb_version }}
+
+      - name: Run Go Tests
+        run: make ci CI_TARGET=Test${{ matrix.test }}
+        env:
+          EVENTSTORE_INSECURE: false
+          CLUSTER: true
+
+      - name: Shutdown cluster
+        run: docker compose -f cluster-docker-compose.yml down
+        if: always()
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -28,12 +28,12 @@ jobs:
           go-version: ${{ inputs.go_version }}
 
       - name: Generate certificates
-        run: docker-compose --file docker-compose.yml up
+        run: docker compose --file docker-compose.yml up
 
       - name: Run Go Tests
         run: make ci CI_TARGET=Test${{ matrix.test }}
         env:
-          EVENTSTORE_DOCKER_TAG_ENV: ${{ inputs.esdb_version }}
+          EVENTSTORE_DOCKER_TAG: ${{ inputs.esdb_version }}
           EVENTSTORE_INSECURE: true
 
   secure:
@@ -52,13 +52,13 @@ jobs:
           go-version: ${{ inputs.go_version }}
 
       - name: Generate certificates
-        run: docker-compose --file docker-compose.yml up
+        run: docker compose --file docker-compose.yml up
 
       - name: Run Go Tests
         run: make ci CI_TARGET=Test${{ matrix.test }}
 
         env:
-          EVENTSTORE_DOCKER_TAG_ENV: ${{ inputs.esdb_version }}
+          EVENTSTORE_DOCKER_TAG: ${{ inputs.esdb_version }}
           EVENTSTORE_INSECURE: false
 
   cluster:
@@ -80,7 +80,7 @@ jobs:
         run: |
           docker compose -f cluster-docker-compose.yml up -d
         env:
-          EVENTSTORE_DOCKER_TAG_ENV: ${{ inputs.esdb_version }}
+          EVENTSTORE_DOCKER_TAG: ${{ inputs.esdb_version }}
 
       - name: Run Go Tests
         run: make ci CI_TARGET=Test${{ matrix.test }}

diff --git a/.gitignore b/.gitignore
@@ -27,4 +27,4 @@ _testmain.go
 .idea
 
 certs/
-tools/
+tools/
diff --git a/Makefile b/Makefile
@@ -28,7 +28,7 @@ else
 	$(MAKE) build GENERATE_PROTOS_FLAG=-generateProtos
 endif
 
-DOCKER_COMPOSE_CMD := $(shell command -v docker-compose 2> /dev/null)
+DOCKER_COMPOSE_CMD := $(shell command -v docker compose 2> /dev/null)
 ifeq ($(DOCKER_COMPOSE_CMD),)
 	DOCKER_COMPOSE_CMD := docker compose
 endif

diff --git a/README.md b/README.md
@@ -32,10 +32,10 @@ make generate-protos-and-build
 make test
 ```
 
-By default the tests use `docker.eventstore.com/eventstore-ce:ci`. To override this, set the `EVENTSTORE_DOCKER_TAG_ENV` environment variable to the tag you wish to use:
+By default the tests use `docker.eventstore.com/eventstore-ce:ci`. To override this, set the `EVENTSTORE_DOCKER_TAG` environment variable to the tag you wish to use:
 
 ```shell
-export EVENTSTORE_DOCKER_TAG_ENV="21.10.0-focal"
+export EVENTSTORE_DOCKER_TAG="21.10.0-focal"
 make test
 ```
 

diff --git a/cluster-docker-compose.yml b/cluster-docker-compose.yml
@@ -19,14 +19,16 @@ services:
       && es-gencert-cli create-node -out ./node1 -ip-addresses 127.0.0.1,172.30.240.11 -dns-names localhost
       && es-gencert-cli create-node -out ./node2 -ip-addresses 127.0.0.1,172.30.240.12 -dns-names localhost
       && es-gencert-cli create-node -out ./node3 -ip-addresses 127.0.0.1,172.30.240.13 -dns-names localhost
+      && es-gencert-cli create-user -username admin
+      && es-gencert-cli create-user -username invalid
       && find . -type f -print0 | xargs -0 chmod 666"
     volumes:
       - "./certs:/certs"
     depends_on:
       - volumes-provisioner
 
   esdb-node1:
-    image: docker.eventstore.com/eventstore-ce/eventstoredb-ce:${EVENTSTORE_DOCKER_TAG_ENV:-latest}
+    image: ${EVENTSTORE_DOCKER_REPOSITORY:-docker.eventstore.com/eventstore-ce/eventstoredb-ce}:${EVENTSTORE_DOCKER_TAG:-latest}
     env_file:
       - shared.env
     environment:
@@ -47,7 +49,7 @@ services:
       - cert-gen
 
   esdb-node2:
-    image: docker.eventstore.com/eventstore-ce/eventstoredb-ce:${EVENTSTORE_DOCKER_TAG_ENV:-latest}
+    image: ${EVENTSTORE_DOCKER_REPOSITORY:-docker.eventstore.com/eventstore-ce/eventstoredb-ce}:${EVENTSTORE_DOCKER_TAG:-latest}
     env_file:
       - shared.env
     environment:
@@ -68,7 +70,7 @@ services:
       - cert-gen
 
   esdb-node3:
-    image: docker.eventstore.com/eventstore-ce/eventstoredb-ce:${EVENTSTORE_DOCKER_TAG_ENV:-latest}
+    image: ${EVENTSTORE_DOCKER_REPOSITORY:-docker.eventstore.com/eventstore-ce/eventstoredb-ce}:${EVENTSTORE_DOCKER_TAG:-latest}
     env_file:
       - shared.env
     environment:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -18,6 +18,8 @@ services:
       && es-gencert-cli create-ca
       && es-gencert-cli create-node -out ./node --dns-names localhost
       && es-gencert-cli create-ca -out ./untrusted-ca
+      && es-gencert-cli create-user -username admin
+      && es-gencert-cli create-user -username invalid
       && find . -type f -print0 | xargs -0 chmod 666"
     container_name: setup
     volumes:

diff --git a/esdb/client.go b/esdb/client.go
@@ -25,6 +25,10 @@ type Client struct {
 
 // NewClient Creates a gRPC client to an EventStoreDB database.
 func NewClient(configuration *Configuration) (*Client, error) {
+	if err := configuration.Validate(); err != nil {
+		return nil, fmt.Errorf("invalid configuration: %w", err)
+	}
+
 	grpcClient := newGrpcClient(*configuration)
 	return &Client{
 		grpcClient: grpcClient,