From bfbb62c33c460d729a8a3cfb11dbf0811aaf2ceb Mon Sep 17 00:00:00 2001 From: ryjiang Date: Fri, 5 Jul 2024 16:03:25 +0800 Subject: [PATCH] support cert buffer Signed-off-by: ryjiang --- milvus/grpc/BaseClient.ts | 32 ++++++++++++++++++++++++-------- milvus/types/Client.ts | 6 ++++++ test/grpc/MilvusClient.spec.ts | 15 +++++++++++++++ 3 files changed, 45 insertions(+), 8 deletions(-) diff --git a/milvus/grpc/BaseClient.ts b/milvus/grpc/BaseClient.ts index 05562474..383f83a7 100644 --- a/milvus/grpc/BaseClient.ts +++ b/milvus/grpc/BaseClient.ts @@ -171,13 +171,15 @@ export class BaseClient { // If the root certificate path is provided, also set to one-way authentication this.tlsMode = - this.config.tls && this.config.tls.rootCertPath + this.config.tls && + (this.config.tls.rootCert || this.config.tls.rootCertPath) ? TLS_MODE.ONE_WAY : this.tlsMode; // If the private key path is provided, set to two-way authentication this.tlsMode = - this.config.tls && this.config.tls.privateKeyPath + this.config.tls && + (this.config.tls.privateKey || this.config.tls.privateKeyPath) ? TLS_MODE.TWO_WAY : this.tlsMode; @@ -187,20 +189,34 @@ export class BaseClient { // For one-way authentication, create SSL credentials with the root certificate if provided const sslOption = this.config.tls?.rootCertPath ? readFileSync(this.config.tls?.rootCertPath) - : undefined; + : this.config.tls?.rootCert || undefined; this.creds = credentials.createSsl(sslOption); break; case TLS_MODE.TWO_WAY: // For two-way authentication, create SSL credentials with the root certificate, private key, certificate chain, and verify options - const { rootCertPath, privateKeyPath, certChainPath, verifyOptions } = - this.config.tls!; - const rootCertBuff: Buffer | null = rootCertPath + const { + rootCertPath, + rootCert, + privateKeyPath, + privateKey, + certChainPath, + certChain, + verifyOptions, + } = this.config.tls!; + + const rootCertBuff: Buffer | null = rootCert + ? rootCert + : rootCertPath ? readFileSync(rootCertPath) : null; - const privateKeyBuff: Buffer | null = privateKeyPath + const privateKeyBuff: Buffer | null = privateKey + ? privateKey + : privateKeyPath ? readFileSync(privateKeyPath) : null; - const certChainBuff: Buffer | null = certChainPath + const certChainBuff: Buffer | null = certChain + ? certChain + : certChainPath ? readFileSync(certChainPath) : null; this.creds = credentials.createSsl( diff --git a/milvus/types/Client.ts b/milvus/types/Client.ts index 9240c777..43eb8263 100644 --- a/milvus/types/Client.ts +++ b/milvus/types/Client.ts @@ -40,10 +40,16 @@ export interface ClientConfig { tls?: { // root certificate file path, it can be a CA PEM (Certificate Authority PEM) or Server PEM (Server Certificate PEM): rootCertPath?: string; + // root certificate buffer + rootCert?: Buffer; // private key path privateKeyPath?: string; + // private key buffer + privateKey?: Buffer; // certificate path certChainPath?: string; + // certificate buffer + certChain?: Buffer; // verify options verifyOptions?: Record; // server name diff --git a/test/grpc/MilvusClient.spec.ts b/test/grpc/MilvusClient.spec.ts index 024143d0..ff4b6767 100644 --- a/test/grpc/MilvusClient.spec.ts +++ b/test/grpc/MilvusClient.spec.ts @@ -1,4 +1,5 @@ import path from 'path'; +import { readFileSync } from 'fs'; import { MilvusClient, ERROR_REASONS, @@ -215,5 +216,19 @@ describe(`Milvus client`, () => { // const healthy = await mc.checkHealth(); // expect(healthy.isHealthy).toEqual(true); + + // const mc2 = new MilvusClient({ + // address: 'localhost:19530', + // tls: { + // rootCert: readFileSync(`test/cert/ca.pem`), + // privateKey: readFileSync(`test/cert/client.key`), + // certChain: readFileSync(`test/cert/client.pem`), + // serverName: 'localhost', + // }, + // logLevel: 'debug', + // }); + + // const healthy2 = await mc2.checkHealth(); + // expect(healthy2.isHealthy).toEqual(true); // }); });