diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index da114713c7..2963b3ca57 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -13,6 +13,7 @@ x-flow-worker-env: &flow-worker-env TEMPORAL_HOST_PORT: temporal:7233 PEERDB_TEMPORAL_NAMESPACE: default # For the below 2 cert and key variables, + # paste as base64 encoded strings. # use yml multiline syntax with '|' TEMPORAL_CLIENT_CERT: TEMPORAL_CLIENT_KEY: diff --git a/flow/cmd/api.go b/flow/cmd/api.go index 67273be8a7..21ad34f27b 100644 --- a/flow/cmd/api.go +++ b/flow/cmd/api.go @@ -3,9 +3,11 @@ package main import ( "context" "crypto/tls" + "encoding/base64" "fmt" "net" "net/http" + "strings" "time" utils "github.com/PeerDB-io/peer-flow/connectors/utils/catalog" @@ -90,7 +92,18 @@ func APIMain(args *APIServerParams) error { Namespace: args.TemporalNamespace, } if args.TemporalCert != "" && args.TemporalKey != "" { - cert, err := tls.X509KeyPair([]byte(args.TemporalCert), []byte(args.TemporalKey)) + log.Info("Using temporal certificate/key for authentication") + certBytes, err := base64.StdEncoding.DecodeString(strings.TrimSpace(args.TemporalCert)) + if err != nil { + return fmt.Errorf("unable to decode temporal certificate: %w", err) + } + + keyBytes, err := base64.StdEncoding.DecodeString(strings.TrimSpace(args.TemporalKey)) + if err != nil { + return fmt.Errorf("unable to decode temporal key: %w", err) + } + + cert, err := tls.X509KeyPair(certBytes, keyBytes) if err != nil { return fmt.Errorf("unable to obtain temporal key pair: %w", err) } diff --git a/flow/cmd/snapshot_worker.go b/flow/cmd/snapshot_worker.go index 5b5ea65b3c..ebd7609c05 100644 --- a/flow/cmd/snapshot_worker.go +++ b/flow/cmd/snapshot_worker.go @@ -2,7 +2,9 @@ package main import ( "crypto/tls" + "encoding/base64" "fmt" + "strings" "github.com/PeerDB-io/peer-flow/activities" "github.com/PeerDB-io/peer-flow/shared" @@ -26,7 +28,17 @@ func SnapshotWorkerMain(opts *SnapshotWorkerOptions) error { } if opts.TemporalCert != "" && opts.TemporalKey != "" { - cert, err := tls.X509KeyPair([]byte(opts.TemporalCert), []byte(opts.TemporalKey)) + certBytes, err := base64.StdEncoding.DecodeString(strings.TrimSpace(opts.TemporalCert)) + if err != nil { + return fmt.Errorf("unable to decode temporal certificate: %w", err) + } + + keyBytes, err := base64.StdEncoding.DecodeString(strings.TrimSpace(opts.TemporalKey)) + if err != nil { + return fmt.Errorf("unable to decode temporal key: %w", err) + } + + cert, err := tls.X509KeyPair(certBytes, keyBytes) if err != nil { return fmt.Errorf("unable to obtain temporal key pair: %w", err) } @@ -36,6 +48,7 @@ func SnapshotWorkerMain(opts *SnapshotWorkerOptions) error { } clientOptions.ConnectionOptions = connOptions } + c, err := client.Dial(clientOptions) if err != nil { return fmt.Errorf("unable to create Temporal client: %w", err) diff --git a/flow/cmd/worker.go b/flow/cmd/worker.go index 240af31387..da6c03f122 100644 --- a/flow/cmd/worker.go +++ b/flow/cmd/worker.go @@ -2,6 +2,7 @@ package main import ( "crypto/tls" + "encoding/base64" "fmt" "os" "os/signal" @@ -93,7 +94,18 @@ func WorkerMain(opts *WorkerOptions) error { } if opts.TemporalCert != "" && opts.TemporalKey != "" { - cert, err := tls.X509KeyPair([]byte(opts.TemporalCert), []byte(opts.TemporalKey)) + log.Info("Using temporal certificate/key for authentication") + certBytes, err := base64.StdEncoding.DecodeString(opts.TemporalCert) + if err != nil { + return fmt.Errorf("unable to decode temporal certificate: %w", err) + } + + keyBytes, err := base64.StdEncoding.DecodeString(opts.TemporalKey) + if err != nil { + return fmt.Errorf("unable to decode temporal key: %w", err) + } + + cert, err := tls.X509KeyPair(certBytes, keyBytes) if err != nil { return fmt.Errorf("unable to obtain temporal key pair: %w", err) }