Temporal ssl fixes (#1783)

CrowdDotDev · Oct 27, 2023 · 4c805c6 · 4c805c6
1 parent 68d2db7
commit 4c805c6
Show file tree

Hide file tree

Showing 7 changed files with 72 additions and 10 deletions.
diff --git a/backend/config/custom-environment-variables.json b/backend/config/custom-environment-variables.json
@@ -199,7 +199,6 @@
   "temporal": {
     "serverUrl": "CROWD_TEMPORAL_SERVER_URL",
     "namespace": "CROWD_TEMPORAL_NAMESPACE",
-    "rootCa": "CROWD_TEMPORAL_ROOT_CA",
     "certificate": "CROWD_TEMPORAL_CERTIFICATE",
     "privateKey": "CROWD_TEMPORAL_PRIVATE_KEY"
   }

diff --git a/scripts/services/docker/Dockerfile.automations_worker b/scripts/services/docker/Dockerfile.automations_worker
@@ -1,4 +1,4 @@
-FROM node:16-slim 
+FROM node:16-bookworm
 
 WORKDIR /usr/crowd/app
 

diff --git a/services/apps/data_sink_worker/config/custom-environment-variables.json b/services/apps/data_sink_worker/config/custom-environment-variables.json
@@ -34,7 +34,6 @@
   "temporal": {
     "serverUrl": "CROWD_TEMPORAL_SERVER_URL",
     "namespace": "CROWD_TEMPORAL_NAMESPACE",
-    "rootCa": "CROWD_TEMPORAL_ROOT_CA",
     "certificate": "CROWD_TEMPORAL_CERTIFICATE",
     "privateKey": "CROWD_TEMPORAL_PRIVATE_KEY"
   }

diff --git a/services/archetypes/worker/src/index.ts b/services/archetypes/worker/src/index.ts
@@ -89,16 +89,23 @@ export class ServiceWorker extends Service {
     }
 
     try {
-      const rootCa = process.env['CROWD_TEMPORAL_ROOT_CA']
       const certificate = process.env['CROWD_TEMPORAL_CERTIFICATE']
       const privateKey = process.env['CROWD_TEMPORAL_PRIVATE_KEY']
 
+      this.log.info(
+        {
+          address: process.env['CROWD_TEMPORAL_SERVER_URL'],
+          certificate: certificate ? 'yes' : 'no',
+          privateKey: privateKey ? 'yes' : 'no',
+        },
+        'Connecting to Temporal server as a worker!',
+      )
+
       const connection = await NativeConnection.connect({
         address: process.env['CROWD_TEMPORAL_SERVER_URL'],
         tls:
-          rootCa && certificate && privateKey
+          certificate && privateKey
             ? {
-                serverRootCACertificate: Buffer.from(rootCa, 'base64'),
                 clientCertPair: {
                   crt: Buffer.from(certificate, 'base64'),
                   key: Buffer.from(privateKey, 'base64'),

diff --git a/services/libs/temporal/package-lock.json b/services/libs/temporal/package-lock.json
diff --git a/services/libs/temporal/package.json b/services/libs/temporal/package.json
@@ -19,6 +19,7 @@
     "typescript": "^5.0.4"
   },
   "dependencies": {
-    "@temporalio/client": "~1.8.6"
+    "@temporalio/client": "~1.8.6",
+    "@crowd/logging": "file:../logging"
   }
 }
diff --git a/services/libs/temporal/src/index.ts b/services/libs/temporal/src/index.ts
@@ -1,26 +1,37 @@
+import { getServiceChildLogger } from '@crowd/logging'
 import { Connection, Client } from '@temporalio/client'
 
 export interface ITemporalConfig {
   serverUrl: string
   namespace: string
   identity: string
-  rootCa?: string
   certificate?: string
   privateKey?: string
 }
 
+const log = getServiceChildLogger('temporal')
+
 let client: Client | undefined
 export const getTemporalClient = async (cfg: ITemporalConfig): Promise<Client> => {
   if (client) {
     return client
   }
 
+  log.info(
+    {
+      serverUrl: cfg.serverUrl,
+      namespace: cfg.namespace,
+      identity: cfg.identity,
+      certificate: cfg.certificate ? 'yes' : 'no',
+      privateKey: cfg.privateKey ? 'yes' : 'no',
+    },
+    'Creating temporal client!',
+  )
   const connection = await Connection.connect({
     address: cfg.serverUrl,
     tls:
-      cfg.rootCa && cfg.certificate && cfg.privateKey
+      cfg.certificate && cfg.privateKey
         ? {
-            serverRootCACertificate: Buffer.from(cfg.rootCa, 'base64'),
             clientCertPair: {
               crt: Buffer.from(cfg.certificate, 'base64'),
               key: Buffer.from(cfg.privateKey, 'base64'),