Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add logging for attempted and successful TLS connections to server #1486

Merged
merged 4 commits into from Apr 23, 2021
Merged

Add logging for attempted and successful TLS connections to server #1486

merged 4 commits into from Apr 23, 2021

Conversation

sergeybykov
Copy link
Member

What changed?
Added logging of attempted and successfully established TLS connections to server

Why?
To have records in the log of all attempted TLS connections to server and remote IP addresses of parties trying to connect.

How did you test it?
Unit tests.

Potential risks
No risks.

Is hotfix candidate?
No.

@sergeybykov sergeybykov requested review from mastermanu and a team April 23, 2021 02:23
mastermanu
mastermanu reviewed Apr 23, 2021
View reviewed changes
common/auth/tlsConfigHelper.go Outdated
) *tls.Config {
c := NewEmptyTLSConfig()
c.ClientAuth = clientAuth
c.Certificates = certificates
c.ClientCAs = clientCAs
c.VerifyConnection = func(state tls.ConnectionState) error {
logger.Info("successfully established incoming TLS connection", tag.HostID(state.ServerName))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we think this should be Debug level log to avoid spamming if there are a lot of incoming connections? Or is Info fine?

mastermanu
mastermanu reviewed Apr 23, 2021
View reviewed changes
common/rpc/encryption/localStoreTlsProvider.go Outdated
if perHostCertProviderMap != nil {
perHostCertProvider, hostClientAuthRequired, err := perHostCertProviderMap.GetCertProvider(c.ServerName)
if err != nil {
logger.Warn("cannot find a per-host provider for attempted incoming TLS connection",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to log the error here?

mastermanu
mastermanu requested changes Apr 23, 2021
View reviewed changes
Copy link
Member

@mastermanu mastermanu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we are logging a bit too much in some places?

@sergeybykov sergeybykov enabled auto-merge (squash) April 23, 2021 20:20
@sergeybykov sergeybykov merged commit f042915 into temporalio:master Apr 23, 2021
@sergeybykov sergeybykov deleted the pr/log-tls-connections branch April 23, 2021 20:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mastermanu mastermanu mastermanu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sergeybykov @mastermanu