https to reactors

aep · aep · commit 8c259d43798b · 2025-03-13T20:23:13.000+01:00
diff --git a/reactor/builtins.go b/reactor/builtins.go
@@ -15,14 +15,14 @@ func (*immutableReactor) Ready(model *openapi.Document, args interface{}) (inter
 
 func (*immutableReactor) Stop() {}
 
-func (*immutableReactor) Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+func (*immutableReactor) Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
 	if old != nil && nuw != nil {
 		return nil, fmt.Errorf("Document is immutable")
 	}
 	return nuw, nil
 }
 
-func (*immutableReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+func (*immutableReactor) Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
 	return nil
 }
 
diff --git a/reactor/cue.go b/reactor/cue.go
@@ -84,7 +84,7 @@ func (cr *cueReactor) Ready(model *openapi.Document, args interface{}) (interfac
 	return &cueReady{cctx: ctx, schema: schema2}, nil
 }
 
-func (jsr *cueReactor) Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+func (jsr *cueReactor) Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
 
 	if nuw == nil {
 		return nil, nil
@@ -140,6 +140,6 @@ func (jsr *cueReactor) Validate(ctx context.Context, old *openapi.Document, nuw
 	return nuw, nil
 }
 
-func (cr *cueReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+func (cr *cueReactor) Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
 	return nil
 }
diff --git a/reactor/http.go b/reactor/http.go
@@ -8,6 +8,7 @@ import (
 	openapi "github.com/aep/apogy/api/go"
 	"log/slog"
 	"net/http"
+	"strings"
 	"time"
 )
 
@@ -39,11 +40,11 @@ func (*HttpReactor) Ready(model *openapi.Document, args interface{}) (interface{
 	return nil, nil
 }
 
-func (hr *HttpReactor) Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+func (hr *HttpReactor) Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
 	return nuw, nil
 }
 
-func (hr *HttpReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+func (hr *HttpReactor) Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
 	payload := openapi.ValidationRequest{
 		Current: old,
 		Pending: nuw,
@@ -54,7 +55,7 @@ func (hr *HttpReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw
 		return err
 	}
 
-	resp, err := hr.makeValidationRequest(ctx, hr.url, payloadBytes)
+	resp, err := hr.makeValidationRequest(ctx, hr.url, payloadBytes, ro)
 	if err != nil {
 		return fmt.Errorf("reconciler failed to respond in time: %w", err)
 	}
@@ -83,16 +84,33 @@ func (hr *HttpReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw
 	return nil
 }
 
-func (hr *HttpReactor) makeValidationRequest(ctx context.Context, url string, payloadBytes []byte) (*http.Response, error) {
+func (hr *HttpReactor) makeValidationRequest(ctx context.Context, url string, payloadBytes []byte, ro *Reactor) (*http.Response, error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second)
 	defer cancel()
 
 	initialBackoff := 100 * time.Millisecond
 	maxAttempts := 5
 
+	// Create a custom client with mTLS for https URLs
+	client := &http.Client{}
+
 	backoff := initialBackoff
 	for attempt := 1; attempt <= maxAttempts; attempt++ {
-		resp, err := http.Post(url, "application/json", bytes.NewBuffer(payloadBytes))
+		req, err := http.NewRequestWithContext(ctx, "POST", url, bytes.NewBuffer(payloadBytes))
+		if err != nil {
+			return nil, err
+		}
+		req.Header.Set("Content-Type", "application/json")
+
+		var resp *http.Response
+
+		// If URL starts with https://, use mTLS
+		if strings.HasPrefix(url, "https://") {
+			resp, err = hr.doMTLSRequest(req, ro)
+		} else {
+			resp, err = client.Do(req)
+		}
+
 		if err != nil {
 			slog.Error("validator failed", "validator", url, "error", err)
 			if attempt == maxAttempts {
@@ -119,3 +137,13 @@ func (hr *HttpReactor) makeValidationRequest(ctx context.Context, url string, pa
 	}
 	return nil, fmt.Errorf("request failed after %d attempts", maxAttempts)
 }
+
+func (hr *HttpReactor) doMTLSRequest(req *http.Request, ro *Reactor) (*http.Response, error) {
+	// Check if TLS client is already created
+	if ro.tlsClient == nil {
+		return nil, fmt.Errorf("apogy cant make https request to reactor since its not running with tls")
+	}
+
+	// Use the pre-configured HTTP client
+	return ro.tlsClient.Do(req)
+}
diff --git a/reactor/reactor.go b/reactor/reactor.go
@@ -2,8 +2,12 @@ package reactor
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"log/slog"
+	"net/http"
+	"os"
 	"sync"
 	"time"
 
@@ -12,8 +16,8 @@ import (
 
 type Runtime interface {
 	Ready(model *openapi.Document, arg interface{}) (interface{}, error)
-	Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error)
-	Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error
+	Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error)
+	Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error
 	Stop()
 }
 
@@ -26,13 +30,52 @@ type Reactor struct {
 	lock            sync.RWMutex
 	running         map[string]Runtime
 	models2reactors map[string][]reactorReadyArgs
+
+	tlsConfig *tls.Config
+	tlsClient *http.Client
 }
 
-func NewReactor() *Reactor {
+func NewReactor(caCertPath, serverCertPath, serverKeyPath string) *Reactor {
 	ro := &Reactor{
 		running:         make(map[string]Runtime),
 		models2reactors: make(map[string][]reactorReadyArgs),
 	}
+
+	// Load TLS configuration if paths are provided
+	if caCertPath != "" && serverCertPath != "" && serverKeyPath != "" {
+		// Load the CA cert
+		caCert, err := os.ReadFile(caCertPath)
+		if err != nil {
+			slog.Error("failed to read CA certificate", "error", err)
+		} else {
+			// Create a cert pool and add the CA cert
+			caCertPool := x509.NewCertPool()
+			if !caCertPool.AppendCertsFromPEM(caCert) {
+				slog.Error("failed to append CA certificate to pool")
+			} else {
+				// Load client certificate
+				cert, err := tls.LoadX509KeyPair(serverCertPath, serverKeyPath)
+				if err != nil {
+					slog.Error("failed to load client certificate/key", "error", err)
+				} else {
+					// Create a TLS config with the certificate and key
+					ro.tlsConfig = &tls.Config{
+						Certificates: []tls.Certificate{cert},
+						RootCAs:      caCertPool,
+					}
+
+					// Create a reusable HTTP client with TLS configuration
+					ro.tlsClient = &http.Client{
+						Transport: &http.Transport{
+							TLSClientConfig: ro.tlsConfig,
+						},
+					}
+					slog.Info("TLS configuration loaded successfully")
+				}
+			}
+		}
+	}
+
 	ro.startBuiltins()
 	return ro
 }
@@ -129,7 +172,7 @@ func (ro *Reactor) Validate(ctx context.Context, old *openapi.Document, nuw *ope
 
 		if rt != nil {
 			var err error
-			nuw, err = rt.Validate(ctx, old, nuw, runArgs.args)
+			nuw, err = rt.Validate(ctx, ro, old, nuw, runArgs.args)
 			if err != nil {
 				return nuw, fmt.Errorf("reactor %s rejected change: %w", runArgs.reactorName, err)
 			}
@@ -181,7 +224,7 @@ func (ro *Reactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *op
 			var delay = 10 * time.Millisecond
 			for i := 0; ; i++ {
 
-				err := rt.Reconcile(ctx, old, nuw, a.args)
+				err := rt.Reconcile(ctx, ro, old, nuw, a.args)
 
 				if err == nil {
 					break
diff --git a/reactor/yema.go b/reactor/yema.go
@@ -42,7 +42,7 @@ func (*yemaReactor) Ready(model *openapi.Document, args interface{}) (interface{
 func (cr *yemaReactor) Stop() {
 }
 
-func (yr *yemaReactor) Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+func (yr *yemaReactor) Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
 
 	if nuw == nil {
 		return nil, nil
@@ -72,6 +72,6 @@ func (yr *yemaReactor) Validate(ctx context.Context, old *openapi.Document, nuw
 	return nuw, nil
 }
 
-func (cr *yemaReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+func (cr *yemaReactor) Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
 	return nil
 }
diff --git a/server/crud_test.go b/server/crud_test.go
@@ -7,12 +7,15 @@ import (
 	"net/http/httptest"
 	"sync"
 	"testing"
+	"time"
 
 	"encoding/json"
 	openapi "github.com/aep/apogy/api/go"
 	"github.com/aep/apogy/bus"
 	"github.com/aep/apogy/kv"
+	"github.com/aep/apogy/reactor"
 	"github.com/labstack/echo/v4"
+	"github.com/maypok86/otter"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -27,7 +30,20 @@ func setupTestServer(t *testing.T) (*echo.Echo, *server) {
 		t.Fatalf("Failed to create test bus: %v", err)
 	}
 
-	s := newServer(kv, bs)
+	cache, err := otter.MustBuilder[string, *Model](100000).
+		WithTTL(60 * time.Second).
+		Build()
+
+	if err != nil {
+		panic(err)
+	}
+
+	s := &server{
+		kv:         kv,
+		bs:         bs,
+		modelCache: cache,
+		ro:         reactor.NewReactor("", "", ""),
+	}
 	e := echo.New()
 	e.Binder = &Binder{
 		defaultBinder: &echo.DefaultBinder{},
diff --git a/server/server.go b/server/server.go
@@ -26,7 +26,17 @@ type server struct {
 	modelCache otter.Cache[string, *Model]
 }
 
-func newServer(kv kv.KV, bs bus.Bus) *server {
+func Main(caCertPath, serverCertPath, serverKeyPath string) {
+
+	kv, err := kv.NewTikv()
+	if err != nil {
+		panic(err)
+	}
+
+	bs, err := bus.NewSolo()
+	if err != nil {
+		panic(err)
+	}
 
 	cache, err := otter.MustBuilder[string, *Model](100000).
 		WithTTL(60 * time.Second).
@@ -36,28 +46,14 @@ func newServer(kv kv.KV, bs bus.Bus) *server {
 		panic(err)
 	}
 
-	nu := &server{
+	s := &server{
 		kv:         kv,
 		bs:         bs,
 		modelCache: cache,
 	}
-	nu.ro = reactor.NewReactor()
-	return nu
-}
 
-func Main(caCertPath, serverCertPath, serverKeyPath string) {
-
-	kv, err := kv.NewTikv()
-	if err != nil {
-		panic(err)
-	}
-
-	st, err := bus.NewSolo()
-	if err != nil {
-		panic(err)
-	}
+	s.ro = reactor.NewReactor(caCertPath, serverCertPath, serverKeyPath)
 
-	s := newServer(kv, st)
 	e := echo.New()
 	e.HideBanner = true
 

Original file line number	Diff line number	Diff line change
`@@ -15,14 +15,14 @@ func (immutableReactor) Ready(model openapi.Document, args interface{}) (inter`
`15`	`15`
`16`	`16`	`func (*immutableReactor) Stop() {}`
`17`	`17`
`18`		`-func (immutableReactor) Validate(ctx context.Context, old openapi.Document, nuw openapi.Document, args interface{}) (openapi.Document, error) {`
	`18`	`+func (immutableReactor) Validate(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) (*openapi.Document, error) {`
`19`	`19`	`if old != nil && nuw != nil {`
`20`	`20`	`return nil, fmt.Errorf("Document is immutable")`
`21`	`21`	`}`
`22`	`22`	`return nuw, nil`
`23`	`23`	`}`
`24`	`24`
`25`		`-func (immutableReactor) Reconcile(ctx context.Context, old openapi.Document, nuw *openapi.Document, args interface{}) error {`
	`25`	`+func (immutableReactor) Reconcile(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) error {`
`26`	`26`	`return nil`
`27`	`27`	`}`
`28`	`28`
Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ func (cr cueReactor) Ready(model openapi.Document, args interface{}) (interfac`
`84`	`84`	`return &cueReady{cctx: ctx, schema: schema2}, nil`
`85`	`85`	`}`
`86`	`86`
`87`		`-func (jsr cueReactor) Validate(ctx context.Context, old openapi.Document, nuw openapi.Document, args interface{}) (openapi.Document, error) {`
	`87`	`+func (jsr cueReactor) Validate(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) (*openapi.Document, error) {`
`88`	`88`
`89`	`89`	`if nuw == nil {`
`90`	`90`	`return nil, nil`
`@@ -140,6 +140,6 @@ func (jsr cueReactor) Validate(ctx context.Context, old openapi.Document, nuw`
`140`	`140`	`return nuw, nil`
`141`	`141`	`}`
`142`	`142`
`143`		`-func (cr cueReactor) Reconcile(ctx context.Context, old openapi.Document, nuw *openapi.Document, args interface{}) error {`
	`143`	`+func (cr cueReactor) Reconcile(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) error {`
`144`	`144`	`return nil`
`145`	`145`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ func (yemaReactor) Ready(model openapi.Document, args interface{}) (interface{`
`42`	`42`	`func (cr *yemaReactor) Stop() {`
`43`	`43`	`}`
`44`	`44`
`45`		`-func (yr yemaReactor) Validate(ctx context.Context, old openapi.Document, nuw openapi.Document, args interface{}) (openapi.Document, error) {`
	`45`	`+func (yr yemaReactor) Validate(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) (*openapi.Document, error) {`
`46`	`46`
`47`	`47`	`if nuw == nil {`
`48`	`48`	`return nil, nil`
`@@ -72,6 +72,6 @@ func (yr yemaReactor) Validate(ctx context.Context, old openapi.Document, nuw`
`72`	`72`	`return nuw, nil`
`73`	`73`	`}`
`74`	`74`
`75`		`-func (cr yemaReactor) Reconcile(ctx context.Context, old openapi.Document, nuw *openapi.Document, args interface{}) error {`
	`75`	`+func (cr yemaReactor) Reconcile(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) error {`
`76`	`76`	`return nil`
`77`	`77`	`}`