support TLS configuration

hasura · Oct 5, 2024 · 22334ae · 22334ae
1 parent 2776b92
commit 22334ae
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 48 deletions.
diff --git a/README.md b/README.md
@@ -52,17 +52,43 @@ The `Start` function create a CLI application with following commands:
 ```sh
 Commands:
   serve
-    Serve the NDC connector.
-
-    Flags:
-      --configuration=STRING               Configuration directory ($HASURA_CONFIGURATION_DIRECTORY).
-      --port=8080                          Serve Port ($HASURA_CONNECTOR_PORT).
-      --service-token-secret=STRING        Service token secret ($HASURA_SERVICE_TOKEN_SECRET).
-      --service-name=STRING                OpenTelemetry service name ($OTEL_SERVICE_NAME).
-      --otlp-endpoint=STRING               OpenTelemetry receiver endpoint that is set as default for all types ($OTEL_EXPORTER_OTLP_ENDPOINT).
-      --metrics-exporter="none"            Metrics export type. Accept: none, otlp, prometheus ($OTEL_METRICS_EXPORTER).
-      --prometheus-port=PROMETHEUS-PORT    Prometheus port for the Prometheus HTTP server. Use /metrics endpoint of the connector server if empty ($OTEL_EXPORTER_PROMETHEUS_PORT)
-      ...
+Serve the NDC connector.
+
+Flags:
+  -h, --help                                   Show context-sensitive help.
+      --log-level="info"                       Log level ($HASURA_LOG_LEVEL).
+
+      --service-name=STRING                    OpenTelemetry service name ($OTEL_SERVICE_NAME).
+      --otlp-endpoint=STRING                   OpenTelemetry receiver endpoint that is set as default for all types ($OTEL_EXPORTER_OTLP_ENDPOINT).
+      --otlp-traces-endpoint=STRING            OpenTelemetry endpoint for traces ($OTEL_EXPORTER_OTLP_TRACES_ENDPOINT).
+      --otlp-metrics-endpoint=STRING           OpenTelemetry endpoint for metrics ($OTEL_EXPORTER_OTLP_METRICS_ENDPOINT).
+      --otlp-insecure                          Disable LTS for OpenTelemetry exporters ($OTEL_EXPORTER_OTLP_INSECURE).
+      --otlp-traces-insecure                   Disable LTS for OpenTelemetry traces exporter ($OTEL_EXPORTER_OTLP_TRACES_INSECURE).
+      --otlp-metrics-insecure                  Disable LTS for OpenTelemetry metrics exporter ($OTEL_EXPORTER_OTLP_METRICS_INSECURE).
+      --otlp-protocol=STRING                   OpenTelemetry receiver protocol for all types ($OTEL_EXPORTER_OTLP_PROTOCOL).
+      --otlp-traces-protocol=STRING            OpenTelemetry receiver protocol for traces ($OTEL_EXPORTER_OTLP_TRACES_PROTOCOL).
+      --otlp-metrics-protocol=STRING           OpenTelemetry receiver protocol for metrics ($OTEL_EXPORTER_OTLP_METRICS_PROTOCOL).
+      --otlp-compression="gzip"                Enable compression for OTLP exporters. Accept: none, gzip ($OTEL_EXPORTER_OTLP_COMPRESSION)
+      --otlp-trace-compression="gzip"          Enable compression for OTLP traces exporter. Accept: none, gzip ($OTEL_EXPORTER_OTLP_TRACES_COMPRESSION)
+      --otlp-metrics-compression="gzip"        Enable compression for OTLP metrics exporter. Accept: none, gzip ($OTEL_EXPORTER_OTLP_METRICS_COMPRESSION)
+      --metrics-exporter="none"                Metrics export type. Accept: none, otlp, prometheus ($OTEL_METRICS_EXPORTER)
+      --prometheus-port=PROMETHEUS-PORT        Prometheus port for the Prometheus HTTP server. Use /metrics endpoint of the connector server if empty
+                                               ($OTEL_EXPORTER_PROMETHEUS_PORT)
+      --disable-go-metrics                     Disable internal Go and process metrics
+      --server-read-timeout=DURATION           Maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout
+                                               ($HASURA_SERVER_READ_TIMEOUT)
+      --server-read-header-timeout=DURATION    Amount of time allowed to read request headers. If zero, the value of ReadTimeout is used ($HASURA_SERVER_READ_HEADER_TIMEOUT)
+      --server-write-timeout=DURATION          Maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout
+                                               ($HASURA_SERVER_WRITE_TIMEOUT)
+      --server-idle-timeout=DURATION           Maximum amount of time to wait for the next request when keep-alives are enabled. If zero, the value of ReadTimeout is used
+                                               ($HASURA_SERVER_IDLE_TIMEOUT)
+      --server-max-header-kilobytes=1024       Maximum number of kilobytes the server will read parsing the request header's keys and values, including the request line
+                                               ($HASURA_SERVER_MAX_HEADER_KILOBYTES)
+      --server-tls-cert-file=STRING            Path of the TLS certificate file ($HASURA_SERVER_TLS_CERT_FILE)
+      --server-tls-key-file=STRING             Path of the TLS key file ($HASURA_SERVER_TLS_KEY_FILE)
+      --configuration=STRING                   Configuration directory ($HASURA_CONFIGURATION_DIRECTORY)
+      --port=8080                              Serve Port ($HASURA_CONNECTOR_PORT)
+      --service-token-secret=STRING            Service token secret ($HASURA_SERVICE_TOKEN_SECRET)
 ```
 
 Please refer to the [NDC Spec](https://hasura.github.io/ndc-spec/) for details on implementing the Connector interface, or see [examples](./example).

diff --git a/...sura-ndc-go/command/internal/templates/new/.hasura-connector/connector-metadata.yaml.tmpl b/...sura-ndc-go/command/internal/templates/new/.hasura-connector/connector-metadata.yaml.tmpl
@@ -2,9 +2,9 @@ packagingDefinition:
   type: ManagedDockerBuild
 supportedEnvironmentVariables:
   - name: QUERY_CONCURRENCY_LIMIT
-    description: The limit of concurrent query executions if there are many request variables
+    description: The limit of concurrent query executions if there are many request variables in a single request
     defaultValue: "1"
-    required: 
+    required: false
   - name: MUTATION_CONCURRENCY_LIMIT
     description: The limit of concurrent mutation executions if there are many operations in a single request
     defaultValue: "1"

diff --git a/cmd/hasura-ndc-go/command/internal/templates/new/README.md.tmpl b/cmd/hasura-ndc-go/command/internal/templates/new/README.md.tmpl
@@ -2,35 +2,15 @@
 
 ## Get started
 
-Start the connector server at http://localhost:8080
+Read the documentation at https://hasura.io/docs/3.0/getting-started/build/add-business-logic?db=Go
 
-```go
-go run . serve
-```
+## Configuration
 
-## Development
+See the help of [serve](https://github.com/hasura/ndc-sdk-go#using-this-sdk) command of the connector SDK.
 
-### DDN CLI
+Besides that the connector supports extra environments:
 
-The boilerplate follows [Native Connector Packaging](https://github.com/hasura/ndc-hub/blob/main/rfcs/0004-native-packaging.md) with convenience shell scripts at [the connector definition folder](.hasura-connector/scripts). 
-DDN CLI can automatically invoke those scripts when developing with DDN projects.
-
-### Manual 
-
-#### Installation
-
-Install following tools for development:
-
-- [hasura-ndc-go](https://github.com/hasura/ndc-sdk-go/tree/main/cmd/hasura-ndc-go)
-
-```sh
-go install github.com/hasura/ndc-sdk-go/cmd/hasura-ndc-go@latest
-```
-
-#### Code generation
-
-Whenever modifying NDC types and functions in the `functions` folder, you need to generate NDC schema and codes.
-
-```sh
-hasura-ndc-go update
-```
+| Name                         | Description                                                                                      | Default Value |
+| ---------------------------- | ------------------------------------------------------------------------------------------------ | ------------- |
+| `QUERY_CONCURRENCY_LIMIT`    | The limit of concurrent query executions if there are many request variables in a single request | `1`           |
+| `MUTATION_CONCURRENCY_LIMIT` | The limit of concurrent mutation executions if there are many operations in a single request     | `1`           |
diff --git a/connector/server.go b/connector/server.go
@@ -33,11 +33,13 @@ type ServerOptions struct {
 
 // HTTPServerConfig the configuration of the HTTP server
 type HTTPServerConfig struct {
-	ServerReadTimeout        time.Duration `help:"The maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout" env:"HASURA_SERVER_READ_TIMEOUT"`
-	ServerReadHeaderTimeout  time.Duration `help:"The amount of time allowed to read request headers. If zero, the value of ReadTimeout is used" env:"HASURA_SERVER_READ_HEADER_TIMEOUT"`
-	ServerWriteTimeout       time.Duration `help:"The maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout" env:"HASURA_SERVER_WRITE_TIMEOUT"`
-	ServerIdleTimeout        time.Duration `help:"The maximum amount of time to wait for the next request when keep-alives are enabled. If zero, the value of ReadTimeout is used" env:"HASURA_SERVER_IDLE_TIMEOUT"`
-	ServerMaxHeaderKilobytes int           `help:"The maximum number of kilobytes the server will read parsing the request header's keys and values, including the request line" default:"1024" env:"HASURA_SERVER_MAX_HEADER_KILOBYTES"`
+	ServerReadTimeout        time.Duration `help:"Maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout" env:"HASURA_SERVER_READ_TIMEOUT"`
+	ServerReadHeaderTimeout  time.Duration `help:"Amount of time allowed to read request headers. If zero, the value of ReadTimeout is used" env:"HASURA_SERVER_READ_HEADER_TIMEOUT"`
+	ServerWriteTimeout       time.Duration `help:"Maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout" env:"HASURA_SERVER_WRITE_TIMEOUT"`
+	ServerIdleTimeout        time.Duration `help:"Maximum amount of time to wait for the next request when keep-alives are enabled. If zero, the value of ReadTimeout is used" env:"HASURA_SERVER_IDLE_TIMEOUT"`
+	ServerMaxHeaderKilobytes int           `help:"Maximum number of kilobytes the server will read parsing the request header's keys and values, including the request line" default:"1024" env:"HASURA_SERVER_MAX_HEADER_KILOBYTES"`
+	ServerTLSCertFile        string        `help:"Path of the TLS certificate file" env:"HASURA_SERVER_TLS_CERT_FILE"`
+	ServerTLSKeyFile         string        `help:"Path of the TLS key file" env:"HASURA_SERVER_TLS_KEY_FILE"`
 }
 
 // Server implements the [NDC API specification] for the connector
@@ -402,8 +404,16 @@ func (s *Server[Configuration, State]) ListenAndServe(port uint) error {
 
 	serverErr := make(chan error, 1)
 	go func() {
-		s.logger.Info(fmt.Sprintf("Listening server on %s", server.Addr))
-		if err := server.ListenAndServe(); err != http.ErrServerClosed {
+		var err error
+		if s.options.ServerTLSCertFile != "" || s.options.ServerTLSKeyFile != "" {
+			s.logger.Info(fmt.Sprintf("Listening server and serving TLS on %s", server.Addr))
+			err = server.ListenAndServeTLS(s.options.ServerTLSCertFile, s.options.ServerTLSKeyFile)
+		} else {
+			s.logger.Info(fmt.Sprintf("Listening server on %s", server.Addr))
+			err = server.ListenAndServe()
+		}
+
+		if err != nil && err != http.ErrServerClosed {
 			serverErr <- err
 		}
 	}()