ci: tested tls

datalayers-io · Sep 26, 2024 · a82ec19 · a82ec19
1 parent 7b2c2b0
commit a82ec19
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/python/client.py b/python/client.py
@@ -38,21 +38,28 @@ def __init__(self, config: ClientConfig):
 
         #! Since the flightsql-dbapi library does not provide interfaces for passing in the TLS certificate,
         #! we have to first create a Arrow Flight client and then set the fields of the FlightSQLClient instance manually.
+        #!
+        #! On the other hand, gRPC performs hostname verification on the server side after the TLS handshake.
+        #! This verification ensures that the hostname provided by the client matches one of the names presented in the server's certificate.
+        #! Otherwise, the verification fails. To generalize the demo for various test environments, we have chosen to disable this verification.
+
+        kwargs = {}
+        kwargs["disable_server_verification"] = True
 
         # Enabls TLS if a TLS certificate is provided.
         if config.tls_cert is not None:
             # Read the certificate file.
             protocol = "tls"
             with open(config.tls_cert, "rb") as cert_file:
-                tls_root_certs = cert_file.read()
+                kwargs["tls_root_certs"] = cert_file.read()
         else:
             protocol = "tcp"
-            tls_root_certs = None
 
         # Creates a Arrow Flight client.
         location = "grpc+{}://{}:{}".format(protocol, config.host, config.port)
         flight_client = flight.FlightClient(
-            location=location, tls_root_certs=tls_root_certs
+            location,
+            **kwargs,
         )
 
         # The authorization returns a tuple where the key is `Bearer` and the value is the associated token.

diff --git a/python/main.py b/python/main.py
@@ -8,8 +8,9 @@ def main():
     # Enables TLS if a TLS certificate is specified by the `TLS_CERT` environment variable.
     # The `tls_cert` is None if the variable is not set and the TLS is disabled.
     tls_cert = os.getenv("TLS_CERT")
+    #! Python grpc requires to set the hostname to a valid domain name For TLS rather than an numeric address.
     config = ClientConfig(
-        host="127.0.0.1",
+        host="localhost",
         port=8360,
         username="admin",
         password="public",

diff --git a/rust/bin/main.rs b/rust/bin/main.rs
@@ -13,7 +13,7 @@ async fn main() -> Result<()> {
     // Creates a client configured for Datalayers.
     let config = ClientConfig {
         host: "127.0.0.1".to_string(),
-        port: 18360,
+        port: 8360,
         username: "admin".to_string(),
         password: "public".to_string(),
         tls_cert,