Skip to content

Commit be47095

Browse files
ohdokingohdoking
committed
update cassandra auth
1 parent 4fdc2b1 commit be47095

File tree

3 files changed

+49
-4
lines changed

3 files changed

+49
-4
lines changed

Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ RUN npm install --production
1616
# Copy the rest of the project files
1717
COPY . .
1818

19+
COPY certs/sf-class2-root.crt /app/sf-class2-root.crt
20+
1921
# Expose the application port
2022
EXPOSE 3000
2123

certs/sf-class2-root.crt

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
3+
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
4+
U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
5+
NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
6+
ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
7+
ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
8+
DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
9+
8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
10+
+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
11+
X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
12+
K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
13+
1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
14+
A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
15+
zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
16+
YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
17+
bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
18+
DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
19+
L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
20+
eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
21+
xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
22+
VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
23+
WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
24+
-----END CERTIFICATE-----

src/lib/cassandra.ts

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
import { Client } from 'cassandra-driver';
44
import * as AWS from 'aws-sdk';
55
import { SigV4AuthProvider } from 'aws-sigv4-auth-cassandra-plugin'; // Import the SigV4AuthProvider
6+
import fs from 'fs';
7+
import path from 'path';
68

79
// Load credentials manually if needed
810
console.log(AWS.config.credentials)
@@ -11,12 +13,13 @@ if (!AWS.config.credentials) {
1113
console.log(process.env.AWS_ACCESS_KEY_ID)
1214
console.log("access_secret_key")
1315
console.log(process.env.AWS_SECRET_ACCESS_KEY)
14-
const credentials = new AWS.Credentials({
16+
AWS.config.update({
1517
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
1618
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
19+
region: process.env.AWS_REGION || 'us-east-1', // Optionally, you can also configure the region
1720
});
1821

19-
AWS.config.credentials = credentials;
22+
// AWS.config.credentials = credentials;
2023
}
2124

2225
// Set up AWS SDK credentials for AWS Keyspaces (only used if connecting to AWS)
@@ -35,15 +38,31 @@ console.log(isAwsKeyspaces)
3538
console.log(process.env.DB_CONTACT_POINTS, process.env.DB_LOCAL_DATACENTER, process.env.DB_KEYSPACE)
3639
// Set up Cassandra connection configuration for local and AWS Keyspaces
3740
if (isAwsKeyspaces) {
41+
const certPath = path.resolve(process.cwd(), 'sf-class2-root.crt'); // This points to the file inside the container
42+
3843
console.log("Aws athenticate way")
3944
console.log(AWS.config.credentials)
45+
46+
const auth = new SigV4AuthProvider({
47+
region: process.env.AWS_REGION,
48+
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
49+
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY
50+
});
51+
52+
const sslOptions = {
53+
ca: [fs.readFileSync(certPath, 'utf-8')], // Load the certificate file
54+
host: process.env.DB_CONTACT_POINTS,
55+
rejectUnauthorized: true,
56+
};
57+
4058
// AWS Keyspaces connection setup
4159
client = new Client({
4260
contactPoints: [process.env.DB_CONTACT_POINTS || 'cassandra.us-east-1.amazonaws.com'], // AWS Keyspaces endpoint
4361
localDataCenter: process.env.DB_LOCAL_DATACENTER || 'us-east-1',
4462
keyspace: process.env.DB_KEYSPACE || 'your_keyspace',
45-
authProvider: new SigV4AuthProvider(AWS.config.credentials), // AWS IAM for authentication
46-
sslOptions: { rejectUnauthorized: true }, // Enable SSL for AWS Keyspaces
63+
authProvider: auth,
64+
sslOptions: sslOptions,
65+
protocolOptions: { port: 9142 },
4766
});
4867
} else {
4968
// Local Cassandra connection setup

0 commit comments

Comments
 (0)