New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS support for TCP sockets #276
Conversation
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this, @moisesguimaraes! Would is be possible to add test coverage for these changes?
@jparise, sure. I just wanted to raise the PR for discussion. I can see that you don't automatically run memcached in your integration tests and I couldn't find it in the CI. I'd need to pass the key/cert to memcached and use the CA to build the context. Or you do mean coverage with just mocks? |
We do start a memcached service instance for our tests: ... but I'm not sure off the top of my head how to configure it with TLS secrets.
This could be the backup testing strategy. |
ah thanks, I was looking for a check called integration in the CI and didn't see that file before. |
@jparise the server params are something like this: but the memcached service must be compiled with --enable-tls. Where does that image comes from? Is it dockerhub latest? If so, I added TLS support to it a couple of months ago and it is fine, otherwise I need another plan. |
I believe we can pass options to the containerized service like this: memcached:
image: memcached:latest
ports:
- 11211/tcp
options: --foo --bar --baz
The |
ddce726
to
6be7d68
Compare
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
ok, now the service is in place, I'll start working on the tests. |
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
4718196
to
97f1431
Compare
@jparise looks like the CI got stuck, how can I ask it to recheck? Also I still need to investigate TLS using gevent on python2. |
I just restarted it. (I have a Re-run option here: https://github.com/pinterest/pymemcache/pull/276/checks) It's still failing, though. It looks like the git refs are busted somehow? |
6d3a888
to
e8007b0
Compare
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great! Thanks for the work, @moisesguimaraes!
Would you be up for mentioning this new support in the documentation? After that, I'm happy to merge this.
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
Let's enable back the py2 TLS tests and see what happens there. |
Nice, all tests passed now for all versions. I'll work on the docs on Monday o/ |
@jparise, if merged, do you have a timeline for the next release? |
Thanks again, @moisesguimaraes! I think we can release this pretty quickly. I put together a 3.1 milestone to track things that will be part of that release. |
@moisesguimaraes version 3.1 has been tagged and released. |
This PR is an attempt to add TLS support to pymemcache following the same approach I used to add TLS support to python-binary-memcached.