From 4578102515809d45f8f56e74f5d8ea0335cd1040 Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Thu, 13 May 2021 15:10:28 -0700 Subject: [PATCH 1/9] Add option to config for grpc channel credentials --- lib/temporal/client/grpc_client.rb | 2 +- lib/temporal/configuration.rb | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/lib/temporal/client/grpc_client.rb b/lib/temporal/client/grpc_client.rb index 4a295db6..d781d9cd 100644 --- a/lib/temporal/client/grpc_client.rb +++ b/lib/temporal/client/grpc_client.rb @@ -393,7 +393,7 @@ def cancel_polling_request def client @client ||= Temporal::Api::WorkflowService::V1::WorkflowService::Stub.new( url, - :this_channel_is_insecure, + Temporal.configuration.grpc_ssl_config, timeout: 60 ) end diff --git a/lib/temporal/configuration.rb b/lib/temporal/configuration.rb index f6e59fa2..4bc68d5b 100644 --- a/lib/temporal/configuration.rb +++ b/lib/temporal/configuration.rb @@ -1,10 +1,10 @@ -require 'temporal/logger' +require 'logger' require 'temporal/metrics_adapters/null' module Temporal class Configuration attr_reader :timeouts, :error_handlers - attr_accessor :client_type, :host, :port, :logger, :metrics_adapter, :namespace, :task_queue, :headers + attr_accessor :channel_creds, :client_type, :host, :port, :logger, :metrics_adapter, :namespace, :task_queue, :headers # We want an infinite execution timeout for cron schedules and other perpetual workflows. # We choose an 10-year execution timeout because that's the maximum the cassandra DB supports, @@ -26,12 +26,13 @@ class Configuration def initialize @client_type = :grpc - @logger = Temporal::Logger.new(STDOUT, progname: 'temporal_client') + @logger = Logger.new(STDOUT, progname: 'temporal_client') @metrics_adapter = MetricsAdapters::Null.new @timeouts = DEFAULT_TIMEOUTS @namespace = DEFAULT_NAMESPACE @task_queue = DEFAULT_TASK_QUEUE @headers = DEFAULT_HEADERS + @channel_creds = nil @error_handlers = [] end @@ -50,5 +51,13 @@ def task_list=(name) def timeouts=(new_timeouts) @timeouts = DEFAULT_TIMEOUTS.merge(new_timeouts) end + + def grpc_ssl_config + if @channel_creds.nil? + :this_channel_is_insecure + else + @channel_creds + end + end end end From 4c9e5c8c9354dcdfe7e3711520d4b8a0d9f86105 Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Thu, 13 May 2021 15:12:00 -0700 Subject: [PATCH 2/9] Add documentation for connecting via SSL --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index c1737621..6b99c814 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,7 @@ Temporal.configure do |config| config.port = 7233 config.namespace = 'ruby-samples' config.task_queue = 'hello-world' + config.channel_creds = :this_channel_is_insecure end ``` @@ -103,6 +104,24 @@ activities. To set it up locally, download and boot the Docker Compose file from > docker-compose up ``` +### Connecting via SSL + +In many production deployments you will end up connecting to your Temporal Services via SSL. In which +case you must read the public cert of the CA that issued your Temporal server's SSL cert and create +an instance of GRPC Channel Credentials. + +Configure your Temporal connection: + +```ruby +Temporal.configure do |config| + config.host = 'temporal-prod.mycompany.com' + config.port = 7233 + config.namespace = 'ruby-samples' + config.task_queue = 'hello-world' + config.channel_creds = GRPC::Core::ChannelCredentials.new(CA_CERT) +end +``` + ## Workflows A workflow is defined using pure Ruby code, however it should contain only a high-level From ecbe2398da848fedea07cb34d6a5d35abd93bed8 Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Thu, 13 May 2021 15:21:02 -0700 Subject: [PATCH 3/9] correct copy paste error --- lib/temporal/configuration.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/temporal/configuration.rb b/lib/temporal/configuration.rb index 4bc68d5b..1d82d7eb 100644 --- a/lib/temporal/configuration.rb +++ b/lib/temporal/configuration.rb @@ -1,4 +1,4 @@ -require 'logger' +require 'temporal/logger' require 'temporal/metrics_adapters/null' module Temporal From f9672a58098bc2b04bd0fdea20a1488a08a0b0d4 Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Mon, 17 May 2021 17:01:21 -0700 Subject: [PATCH 4/9] remove unnecessary change --- lib/temporal/configuration.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/temporal/configuration.rb b/lib/temporal/configuration.rb index 1d82d7eb..c1cf8404 100644 --- a/lib/temporal/configuration.rb +++ b/lib/temporal/configuration.rb @@ -26,7 +26,7 @@ class Configuration def initialize @client_type = :grpc - @logger = Logger.new(STDOUT, progname: 'temporal_client') + @logger = Temporal::Logger.new(STDOUT, progname: 'temporal_client') @metrics_adapter = MetricsAdapters::Null.new @timeouts = DEFAULT_TIMEOUTS @namespace = DEFAULT_NAMESPACE From b4a6006074a8352ec7f8fd1f77dbe53452c2d54a Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Mon, 17 May 2021 17:10:02 -0700 Subject: [PATCH 5/9] refactor away the dependency on config --- lib/temporal/client.rb | 5 ++++- lib/temporal/client/grpc_client.rb | 7 ++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/temporal/client.rb b/lib/temporal/client.rb index 2c9952ea..7081d06f 100644 --- a/lib/temporal/client.rb +++ b/lib/temporal/client.rb @@ -15,7 +15,10 @@ def self.generate thread_id = Thread.current.object_id identity = "#{thread_id}@#{hostname}" - client_class.new(host, port, identity) + if client_type == :grpc + client_class.new(host, port, identity, Temporal.configuration.grpc_ssl_config) + else + client_class.new(host, port, identity) end end end diff --git a/lib/temporal/client/grpc_client.rb b/lib/temporal/client/grpc_client.rb index d781d9cd..6ef4710a 100644 --- a/lib/temporal/client/grpc_client.rb +++ b/lib/temporal/client/grpc_client.rb @@ -22,9 +22,10 @@ class GRPCClient close: Temporal::Api::Enums::V1::HistoryEventFilterType::HISTORY_EVENT_FILTER_TYPE_CLOSE_EVENT, }.freeze - def initialize(host, port, identity) + def initialize(host, port, identity, grpc_ssl_config) @url = "#{host}:#{port}" @identity = identity + @channel_creds = grpc_ssl_config @poll = true @poll_mutex = Mutex.new @poll_request = nil @@ -388,12 +389,12 @@ def cancel_polling_request private - attr_reader :url, :identity, :poll_mutex, :poll_request + attr_reader :url, :channel_creds, :identity, :poll_mutex, :poll_request def client @client ||= Temporal::Api::WorkflowService::V1::WorkflowService::Stub.new( url, - Temporal.configuration.grpc_ssl_config, + channel_creds, timeout: 60 ) end From 3ff453a56242de8aaffc711d6412805c7f483483 Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Mon, 17 May 2021 17:17:04 -0700 Subject: [PATCH 6/9] client_type from configuration --- lib/temporal/client.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/temporal/client.rb b/lib/temporal/client.rb index 7081d06f..b8b8ca19 100644 --- a/lib/temporal/client.rb +++ b/lib/temporal/client.rb @@ -15,7 +15,7 @@ def self.generate thread_id = Thread.current.object_id identity = "#{thread_id}@#{hostname}" - if client_type == :grpc + if Temporal.configuration.client_type == :grpc client_class.new(host, port, identity, Temporal.configuration.grpc_ssl_config) else client_class.new(host, port, identity) From 4672cc3ec296d4e53a3576159333629fd230b8fe Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Mon, 17 May 2021 17:20:55 -0700 Subject: [PATCH 7/9] missing end --- lib/temporal/client.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/temporal/client.rb b/lib/temporal/client.rb index b8b8ca19..d1ff4719 100644 --- a/lib/temporal/client.rb +++ b/lib/temporal/client.rb @@ -19,6 +19,7 @@ def self.generate client_class.new(host, port, identity, Temporal.configuration.grpc_ssl_config) else client_class.new(host, port, identity) + end end end end From 1ebf0b7d856a3a7336df878e0f0840c9a1aac067 Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Mon, 17 May 2021 17:22:04 -0700 Subject: [PATCH 8/9] add new parameter to test initialize --- spec/unit/lib/temporal/grpc_client_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/unit/lib/temporal/grpc_client_spec.rb b/spec/unit/lib/temporal/grpc_client_spec.rb index 1f1b0118..d79420ef 100644 --- a/spec/unit/lib/temporal/grpc_client_spec.rb +++ b/spec/unit/lib/temporal/grpc_client_spec.rb @@ -11,6 +11,8 @@ describe '#start_workflow_execution' do it 'provides the existing run_id when the workflow is already started' do + client = Temporal::Client::GRPCClient.new(nil, nil, nil, :this_channel_is_insecure) + allow(client).to receive(:client).and_return(grpc_stub) allow(grpc_stub).to receive(:start_workflow_execution).and_raise( GRPC::AlreadyExists, 'Workflow execution already finished successfully. WorkflowId: TestWorkflow-1, RunId: baaf1d86-4459-4ecd-a288-47aeae55245d. Workflow Id reuse policy: allow duplicate workflow Id if last run failed.' From f984a3be29bc9d1a87eaf94f87a924e4b55b8325 Mon Sep 17 00:00:00 2001 From: Tristan Fletcher Date: Thu, 20 May 2021 10:57:36 -0700 Subject: [PATCH 9/9] rspec test fixes --- spec/unit/lib/temporal/grpc_client_spec.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/spec/unit/lib/temporal/grpc_client_spec.rb b/spec/unit/lib/temporal/grpc_client_spec.rb index d79420ef..566f1a33 100644 --- a/spec/unit/lib/temporal/grpc_client_spec.rb +++ b/spec/unit/lib/temporal/grpc_client_spec.rb @@ -1,5 +1,5 @@ describe Temporal::Client::GRPCClient do - subject { Temporal::Client::GRPCClient.new(nil, nil, nil) } + subject { Temporal::Client::GRPCClient.new(nil, nil, nil, :this_channel_is_insecure) } let(:grpc_stub) { double('grpc stub') } let(:namespace) { 'test-namespace' } let(:workflow_id) { SecureRandom.uuid } @@ -11,8 +11,6 @@ describe '#start_workflow_execution' do it 'provides the existing run_id when the workflow is already started' do - client = Temporal::Client::GRPCClient.new(nil, nil, nil, :this_channel_is_insecure) - allow(client).to receive(:client).and_return(grpc_stub) allow(grpc_stub).to receive(:start_workflow_execution).and_raise( GRPC::AlreadyExists, 'Workflow execution already finished successfully. WorkflowId: TestWorkflow-1, RunId: baaf1d86-4459-4ecd-a288-47aeae55245d. Workflow Id reuse policy: allow duplicate workflow Id if last run failed.'