You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@arrow.apache.org by vi...@apache.org on 2022/12/26 18:18:12 UTC
[arrow-rs] branch master updated: Add https support (#3388)
This is an automated email from the ASF dual-hosted git repository.
viirya pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/arrow-rs.git
The following commit(s) were added to refs/heads/master by this push:
new 733b7e7fd Add https support (#3388)
733b7e7fd is described below
commit 733b7e7fd1e8c43a404c3ce40ecf741d493c21b4
Author: Liang-Chi Hsieh <vi...@gmail.com>
AuthorDate: Mon Dec 26 10:18:07 2022 -0800
Add https support (#3388)
---
.github/workflows/arrow_flight.yml | 3 +
arrow-flight/Cargo.toml | 1 +
arrow-flight/examples/data/ca.pem | 28 +++++++
arrow-flight/examples/data/client1.key | 28 +++++++
arrow-flight/examples/data/client1.pem | 19 +++++
arrow-flight/examples/data/client_ca.pem | 19 +++++
arrow-flight/examples/data/server.key | 28 +++++++
arrow-flight/examples/data/server.pem | 27 +++++++
arrow-flight/examples/flight_sql_server.rs | 114 ++++++++++++++++++++++++++++-
arrow-flight/src/sql/client.rs | 40 ++++++++++
dev/release/rat_exclude_files.txt | 1 +
11 files changed, 306 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/arrow_flight.yml b/.github/workflows/arrow_flight.yml
index a0e9f38b0..d7e8033fe 100644
--- a/.github/workflows/arrow_flight.yml
+++ b/.github/workflows/arrow_flight.yml
@@ -59,6 +59,9 @@ jobs:
- name: Test --examples
run: |
cargo test -p arrow-flight --features=flight-sql-experimental --examples
+ - name: Test --examples with TLS
+ run: |
+ cargo test -p arrow-flight --features=flight-sql-experimental,tls --examples
- name: Verify workspace clean
run: git diff --exit-code
diff --git a/arrow-flight/Cargo.toml b/arrow-flight/Cargo.toml
index 80710d1fa..e4a977b65 100644
--- a/arrow-flight/Cargo.toml
+++ b/arrow-flight/Cargo.toml
@@ -45,6 +45,7 @@ all-features = true
[features]
default = []
flight-sql-experimental = []
+tls = ["tonic/tls"]
[dev-dependencies]
arrow = { version = "29.0.0", path = "../arrow", features = ["prettyprint"] }
diff --git a/arrow-flight/examples/data/ca.pem b/arrow-flight/examples/data/ca.pem
new file mode 100644
index 000000000..d81956096
--- /dev/null
+++ b/arrow-flight/examples/data/ca.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE3DCCA0SgAwIBAgIRAObeYbJFiVQSGR8yk44dsOYwDQYJKoZIhvcNAQELBQAw
+gYUxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEtMCsGA1UECwwkbHVj
+aW9ATHVjaW9zLVdvcmstTUJQIChMdWNpbyBGcmFuY28pMTQwMgYDVQQDDCtta2Nl
+cnQgbHVjaW9ATHVjaW9zLVdvcmstTUJQIChMdWNpbyBGcmFuY28pMB4XDTE5MDky
+OTIzMzUzM1oXDTI5MDkyOTIzMzUzM1owgYUxHjAcBgNVBAoTFW1rY2VydCBkZXZl
+bG9wbWVudCBDQTEtMCsGA1UECwwkbHVjaW9ATHVjaW9zLVdvcmstTUJQIChMdWNp
+byBGcmFuY28pMTQwMgYDVQQDDCtta2NlcnQgbHVjaW9ATHVjaW9zLVdvcmstTUJQ
+IChMdWNpbyBGcmFuY28pMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
+y/vE61ItbN/1qMYt13LMf+le1svwfkCCOPsygk7nWeRXmomgUpymqn1LnWiuB0+e
+4IdVH2f5E9DknWEpPhKIDMRTCbz4jTwQfHrxCb8EGj3I8oO73pJO5S/xCedM9OrZ
+qWcYWwN0GQ8cO/ogazaoZf1uTrRNHyzRyQsKyb412kDBTNEeldJZ2ljKgXXvh4HO
+2ZIk9K/ZAaAf6VN8K/89rlJ9/KPgRVNsyAapE+Pb8XXKtpzeFiEcUfuXVYWtkoW+
+xyn/Zu8A1L2CXMQ1sARh7P/42BTMKr5pfraYgcBGxKXLrxoySpxCO9KqeVveKy1q
+fPm5FCwFsXDr0koFLrCiR58mcIO/04Q9DKKTV4Z2a+LoqDJRY37KfBSc8sDMPhw5
+k7g3WPoa6QwXRjZTCA5fHWVgLOtcwLsnju5tBE4LDxwF6s+1wPF8NI5yUfufcEjJ
+Z6JBwgoWYosVj27Lx7KBNLU/57PX9ryee691zmtswt0tP0WVBAgalhYWg99RXoa3
+AgMBAAGjRTBDMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
+A1UdDgQWBBQdvlE4Bdcsjc9oaxjDCRu5FiuZkzANBgkqhkiG9w0BAQsFAAOCAYEA
+BP/6o1kPINksMJZSSXgNCPZskDLyGw7auUZBnQ0ocDT3W6gXQvT/27LM1Hxoj9Eh
+qU1TYdEt7ppecLQSGvzQ02MExG7H75art75oLiB+A5agDira937YbK4MCjqW481d
+bDhw6ixJnY1jIvwjEZxyH6g94YyL927aSPch51fys0kSnjkFzC2RmuzDADScc4XH
+5P1+/3dnIm3M5yfpeUzoaOrTXNmhn8p0RDIGrZ5kA5eISIGGD3Mm8FDssUNKndtO
+g4ojHUsxb14icnAYGeye1NOhGiqN6TEFcgr6MPd0XdFNZ5c0HUaBCfN6bc+JxDV5
+MKZVJdNeJsYYwilgJNHAyZgCi30JC20xeYVtTF7CEEsMrFDGJ70Kz7o/FnRiFsA1
+ZSwVVWhhkHG2VkT4vlo0O3fYeZpenYicvy+wZNTbGK83gzHWqxxNC1z3Etg5+HRJ
+F9qeMWPyfA3IHYXygiMcviyLcyNGG/SJ0EhUpYBN/Gg7wI5yFkcsxUDPPzd23O0M
+-----END CERTIFICATE-----
diff --git a/arrow-flight/examples/data/client1.key b/arrow-flight/examples/data/client1.key
new file mode 100644
index 000000000..f4d8da275
--- /dev/null
+++ b/arrow-flight/examples/data/client1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiiWrmzpENsI+c
+Cz4aBpG+Pl8WOsrByfZx/ZnJdCZHO3MTYE6sCLhYssf0ygAEEGxvmkd4cxmfCfgf
+xuT8u+D7Y5zQSoymkbWdU6/9jbNY6Ovtc+a96I1LGXOKROQw6KR3PuqLpUqEOJiB
+l03qK+HMU0g56G1n31Od7HkJsDRvtePqy3I3LgpdcRps23sk46tCzZzhyfqIQ7Qf
+J5qZx93tA+pfy+Xtb9XIUTIWKIp1/uyfh8Fp8HA0c9zJCSZzJOX2j3GH1TYqkVgP
+egI2lhmdXhP5Q8vdhwy0UJaL28RJXA6UAg0tPZeWJe6pux9JiA81sI6My+Krrw8D
+yibkGTTbAgMBAAECggEANCQhRym9HsclSsnQgkjZOE6J8nep08EWbjsMurOoE/He
+WLjshAPIH6w6uSyUFLmwD51OkDVcYsiv8IG9s9YRtpOeGrPPqx/TQ0U1kAGFJ2CR
+Tvt/aizQJudjSVgQXCBFontsgp/j58bAJdKEDDtHlGSjJvCJKGlcSa0ypwj/yVXt
+frjROJNYzw9gMM7fN/IKF/cysdXSeLl/Q9RnHVIfC3jOFJutsILCK8+PC51dM8Fl
+IOjmPmiZ080yV8RBcMRECwl53vLOE3OOpR3ZijfNCY1KU8zWi1oELJ1o6f4+cBye
+7WPgFEoBew5XHXZ+ke8rh8cc0wth7ZTcC+xC/456AQKBgQDQr2EzBwXxYLF8qsN1
+R4zlzXILLdZN8a4bKfrS507/Gi1gDBHzfvbE7HfljeqrAkbKMdKNkbz3iS85SguH
+jsM047xUGJg0PAcwBLHUedlSn1xDDcDHW6X8ginpA2Zz1+WAlhNz6XurA1wnjZmS
+VcPxopH7QsuFCclqtt14MbBQ6QKBgQDHY3jcAVfQF+yhQ0YyM6GPLN342aTplgyJ
+yz4uWVMeXacU4QzqGbf2L2hc9M2L28Xb37RWC3Q/by0vUefiC6qxRt+GJdRsOuQj
+2F1uUibeWtAWp249fcfvxjLib276J+Eit18LI0s0mNR3ekK4GcjSe4NwSq5IrU8e
+pBreet3dIwKBgQCxVuil4WkGd+I8jC0v5A7zVsR8hYZhlGkdgm45fgHevdMjlP5I
+S3PPYxh8hj6O9o9L0k0Yq2nHfdgYujjUCNkQgBuR55iogv6kqsioRKgPE4fnH6/c
+eqCy1bZh4tbUyPqqbF65mQfUCzXsEuQXvDSYiku+F0Q2mVuGCUJpmug3yQKBgEd3
+LeCdUp4xlQ0QEd74hpXM3RrO178pmwDgqj7uoU4m/zYKnBhkc3137I406F+SvE5c
+1kRpApeh/64QS27IA7xazM9GS+cnDJKUgJiENY5JOoCELo03wiv8/EwQ6NQc6yMI
+WrahRdlqVe0lEzjtdP+MacYb3nAKPmubIk5P96nFAoGAFAyrKpFTyXbNYBTw9Rab
+TG6q7qkn+YTHN3+k4mo9NGGwZ3pXvmrKMYCIRhLMbqzsmTbFqCPPIxKsrmf8QYLh
+xHYQjrCkbZ0wZdcdeV6yFSDsF218nF/12ZPE7CBOQMfZTCKFNWGL97uIVcmR6K5G
+ojTkOvaUnwQtSFhNuzyr23I=
+-----END PRIVATE KEY-----
diff --git a/arrow-flight/examples/data/client1.pem b/arrow-flight/examples/data/client1.pem
new file mode 100644
index 000000000..bb3b82c40
--- /dev/null
+++ b/arrow-flight/examples/data/client1.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAfGgAwIBAgIQYbE9d1Rft5h4ku7FSAvWdzANBgkqhkiG9w0BAQsFADAn
+MSUwIwYDVQQDExxUb25pYyBFeGFtcGxlIENsaWVudCBSb290IENBMB4XDTE5MTAx
+NDEyMzkzNloXDTI0MTAxMjEyMzkzNlowEjEQMA4GA1UEAxMHY2xpZW50MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKJaubOkQ2wj5wLPhoGkb4+XxY6
+ysHJ9nH9mcl0Jkc7cxNgTqwIuFiyx/TKAAQQbG+aR3hzGZ8J+B/G5Py74PtjnNBK
+jKaRtZ1Tr/2Ns1jo6+1z5r3ojUsZc4pE5DDopHc+6oulSoQ4mIGXTeor4cxTSDno
+bWffU53seQmwNG+14+rLcjcuCl1xGmzbeyTjq0LNnOHJ+ohDtB8nmpnH3e0D6l/L
+5e1v1chRMhYoinX+7J+HwWnwcDRz3MkJJnMk5faPcYfVNiqRWA96AjaWGZ1eE/lD
+y92HDLRQlovbxElcDpQCDS09l5Yl7qm7H0mIDzWwjozL4quvDwPKJuQZNNsCAwEA
+AaNGMEQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSME
+GDAWgBQV1YOR+Jpl1fbujvWLSBEoRvsDhTANBgkqhkiG9w0BAQsFAAOCAQEAfTPu
+KeHXmyVTSCUrYQ1X5Mu7VzfZlRbhoytHOw7bYGgwaFwQj+ZhlPt8nFC22/bEk4IV
+AoCOli0WyPIB7Lx52dZ+v9JmYOK6ca2Aa/Dkw8Q+M3XA024FQWq3nZ6qANKC32/9
+Nk+xOcb1Qd/11stpTkRf2Oj7F7K4GnlFbY6iMyNW+RFXGKEbL5QAJDTDPIT8vw1x
+oYeNPwmC042uEboCZPNXmuctiK9Wt1TAxjZT/cwdIBGGJ+xrW72abfJGs7bUcJfc
+O4r9V0xVv+X0iKWTW0fwd9qjNfiEP1tFCcZb2XsNQPe/DlQZ+h98P073tZEsWI/G
+KJrFspGX8vOuSdIeqw==
+-----END CERTIFICATE-----
diff --git a/arrow-flight/examples/data/client_ca.pem b/arrow-flight/examples/data/client_ca.pem
new file mode 100644
index 000000000..aa483b931
--- /dev/null
+++ b/arrow-flight/examples/data/client_ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgOgAwIBAgIRAMNWpWRu6Q1txEYUyrkyXKEwDQYJKoZIhvcNAQELBQAw
+JzElMCMGA1UEAxMcVG9uaWMgRXhhbXBsZSBDbGllbnQgUm9vdCBDQTAeFw0xOTEw
+MTQxMjM5MzZaFw0yOTEwMTExMjM5MzZaMCcxJTAjBgNVBAMTHFRvbmljIEV4YW1w
+bGUgQ2xpZW50IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCv8Nj4XJbMI0wWUvLbmCf7IEvJFnomodGnDurh8Y5AGMPJ8cGdZC1yo2Lgah+D
+IhXdsd72Wp7MhdntJAyPrMCDBfDrFiuj6YHDgt3OhPQSYl7EWG7QjFK3B2sp1K5D
+h16G5zfwUKDj9Jp3xuPGuqNFQHL02nwbhtDilqHvaTfOJKVjsFCoU8Z77mfwXSwn
+sPXpPB7oOO4mWfAtcwU11rTMiHFSGFlFhgbHULU/y90DcpfRQEpEiBoiK13gkyoP
+zHT9WAg3Pelwb6K7c7kJ7mp4axhbf7MkwFhDQIjbBWqus2Eu3b0mf86ALfDbAaNC
+wBi8xbNH2vWaDjiwLDY5uMZDAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwICBDAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQV1YOR+Jpl1fbujvWLSBEoRvsDhTANBgkq
+hkiG9w0BAQsFAAOCAQEAaXmM29TYkFUzZUsV7TSonAK560BjxDmbg0GJSUgLEFUJ
+wpKqa9UKOSapG45LEeR2wwAmVWDJomJplkuvTD/KOabAbZKyPEfp+VMCaBUnILQF
+Cxv5m7kQ3wmPS/rEL8FD809UGowW9cYqnZzUy5i/r263rx0k3OPjkkZN66Mh6+3H
+ibNdaxf7ITO0JVb/Ohq9vLC9qf7ujiB1atMdJwkOWsZrLJXLygpx/D0/UhBT4fFH
+OlyVOmuR27qaMbPgOs2l8DznkJY/QUfnET8iOQhFgb0Dt/Os4PYFhSDRIrgl5dJ7
+L/zZVQfZYpdxlBHJlDC1/NzVQl/1MgDnSgPGStZKPQ==
+-----END CERTIFICATE-----
diff --git a/arrow-flight/examples/data/server.key b/arrow-flight/examples/data/server.key
new file mode 100644
index 000000000..80984ef90
--- /dev/null
+++ b/arrow-flight/examples/data/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDyptbMyYWztgta
+t1MXLMzIkaQdeeVbs1Y/qCpAdwZe/Y5ZpbzjGIjCxbB6vNRSnEbYKpytKHPzYfM7
+8d8K8bPvpnqXIiTXFT0JQlw1OHLC1fr4e598GJumAmpMYFrtqv0fbmUFTuQGbHxe
+OH2vji0bvr3NKZubMfkEZP3X4sNXXoXIuW2LaS8OMGKoJaeCBvdbszEiSGj/v9Bj
+pM0yLTH89NNMX1T+FtTKnuXag5g7pr6lzJj83+MzAGy4nOjseSuUimuiyG90/C5t
+A5wC0Qh5RbDnkFYhC44Kxof/i6+jnfateIPNiIIwQV+2f6G/aK1hgjekT10m/eoR
+YDTf+e5ZAgMBAAECggEACODt7yRYjhDVLYaTtb9f5t7dYG67Y7WWLFIc6arxQryI
+XuNfm/ej2WyeXn9WTYeGWBaHERbv1zH4UnMxNBdP/C7dQXZwXqZaS2JwOUpNeK+X
+tUvgtAu6dkKUXSMRcKzXAjVp4N3YHhwOGOx8PNY49FDwZPdmyDD16aFAYIvdle6/
+PSMrj38rB1sbQQdmRob2FjJBSDZ44nsr+/nilrcOFNfNnWv7tQIWYVXNcLfdK/WJ
+ZCDFhA8lr/Yon6MEq6ApTj2ZYRRGXPd6UeASJkmTZEUIUbeDcje/MO8cHkREpuRH
+wm3pCjR7OdO4vc+/d/QmEvu5ns6wbTauelYnL616YQKBgQD414gJtpCHauNEUlFB
+v/R3DzPI5NGp9PAqovOD8nCbI49Mw61gP/ExTIPKiR5uUX/5EL04uspaNkuohXk+
+ys0G5At0NfV7W39lzhvALEaSfleybvYxppbBrc20/q8Gvi/i30NY+1LM3RdtMiEw
+hKHjU0SnFhJq0InFg3AO/iCeTQKBgQD5obkbzpOidSsa55aNsUlO2qjiUY9leq9b
+irAohIZ8YnuuixYvkOeSeSz1eIrA4tECeAFSgTZxYe1Iz+USru2Xg/0xNte11dJD
+rBoH/yMn2gDvBK7xQ6uFMPTeYtKG0vfvpXZYSWZzGntyrHTwFk6UV+xdrt9MBdd1
+XdSn7bwOPQKBgC9VQAko8uDvUf+C8PXiv2uONrl13PPJJY3WpR9qFEVOREnDxszS
+HNzVwxPZdTJiykbkCjoqPadfQJDzopZxGQLAifU29lTamKcSx3CMe3gOFDxaovXa
+zD5XAxP0hfJwZsdu1G6uj5dsTrJ0oJ+L+wc0pZBqwGIU/L/XOo9/g1DZAoGAUebL
+kuH98ik7EUK2VJq8EJERI9/ailLsQb6I+WIxtZGiPqwHhWencpkrNQZtj8dbB9JT
+rLwUHrMgZOlAoRafgTyez4zMzS3wJJ/Mkp8U67hM4h7JPwMSvUpIrMYDiJSjIA9L
+er/qSw1/Pypx22uWMHmAZWRAgvLPtAQrB0Wqk4kCgYEAr2H1PvfbwZwkSvlMt5o8
+WLnBbxcM3AKglLRbkShxxgiZYdEP71/uOtRMiL26du5XX8evItITN0DsvmXL/kcd
+h29LK7LM5uLw7efz0Qxs03G6kEyIHVkacowHi5I5Ul1qI61SoV3yMB1TjIU+bXZt
+0ZjC07totO0fqPOLQxonjQg=
+-----END PRIVATE KEY-----
diff --git a/arrow-flight/examples/data/server.pem b/arrow-flight/examples/data/server.pem
new file mode 100644
index 000000000..4cc97bcf4
--- /dev/null
+++ b/arrow-flight/examples/data/server.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEmDCCAwCgAwIBAgIQVEJFCgU/CZk9JEwTucWPpzANBgkqhkiG9w0BAQsFADCB
+hTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMS0wKwYDVQQLDCRsdWNp
+b0BMdWNpb3MtV29yay1NQlAgKEx1Y2lvIEZyYW5jbykxNDAyBgNVBAMMK21rY2Vy
+dCBsdWNpb0BMdWNpb3MtV29yay1NQlAgKEx1Y2lvIEZyYW5jbykwHhcNMTkwNjAx
+MDAwMDAwWhcNMjkwOTI5MjMzNTM0WjBYMScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxv
+cG1lbnQgY2VydGlmaWNhdGUxLTArBgNVBAsMJGx1Y2lvQEx1Y2lvcy1Xb3JrLU1C
+UCAoTHVjaW8gRnJhbmNvKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+APKm1szJhbO2C1q3UxcszMiRpB155VuzVj+oKkB3Bl79jlmlvOMYiMLFsHq81FKc
+RtgqnK0oc/Nh8zvx3wrxs++mepciJNcVPQlCXDU4csLV+vh7n3wYm6YCakxgWu2q
+/R9uZQVO5AZsfF44fa+OLRu+vc0pm5sx+QRk/dfiw1dehci5bYtpLw4wYqglp4IG
+91uzMSJIaP+/0GOkzTItMfz000xfVP4W1Mqe5dqDmDumvqXMmPzf4zMAbLic6Ox5
+K5SKa6LIb3T8Lm0DnALRCHlFsOeQViELjgrGh/+Lr6Od9q14g82IgjBBX7Z/ob9o
+rWGCN6RPXSb96hFgNN/57lkCAwEAAaOBrzCBrDAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQdvlE4
+Bdcsjc9oaxjDCRu5FiuZkzBWBgNVHREETzBNggtleGFtcGxlLmNvbYINKi5leGFt
+cGxlLmNvbYIMZXhhbXBsZS50ZXN0gglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAA
+AAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggGBAKb2TJ8l+e1eraNwZWizLw5fccAf
+y59J1JAWdLxZyAI/bkiTlVO3DQoPZpw7XwLhefCvILkwKAL4TtIGGVC9yTb5Q5eg
+rqGO3FC0yg1fn65Kf1VpVxxUVyoiM5PQ4pFJb4AicAv88rCOLD9FFuE0PKOKU/dm
+Tw0WgPStoh9wsJ1RXUuTJYZs1nd1kMBlfv9NbLilnL+cR2sLktS54X5XagsBYVlf
+oapRb0JtABOoQhX3U8QMq8UF8yzceRHNTN9yfLOUrW26s9nKtlWVniNhw1uPxZw9
+RHM7w9/4+a9LXtEDYg4IP/1mm0ywBoUqy1O6hA73uId+Yi/kFBks/GyYaGjKgYcO
+23B75tkPGYEdGuGZYLzZNHbXg4V0UxFQG3KA1pUiSnD3bN2Rxs+CMpzORnOeK3xi
+EooKgAPYsehItoQOMPpccI2xHdSAMWtwUgOKrefUQujkx2Op+KFlspF0+WJ6AZEe
+2D4hyWaEZsvvILXapwqHDCuN3/jSUlTIqUoE1w==
+-----END CERTIFICATE-----
diff --git a/arrow-flight/examples/flight_sql_server.rs b/arrow-flight/examples/flight_sql_server.rs
index ae015001f..54e19a8cc 100644
--- a/arrow-flight/examples/flight_sql_server.rs
+++ b/arrow-flight/examples/flight_sql_server.rs
@@ -29,6 +29,8 @@ use prost::Message;
use std::pin::Pin;
use std::sync::Arc;
use tonic::transport::Server;
+#[cfg(feature = "tls")]
+use tonic::transport::{Certificate, Identity, ServerTlsConfig};
use tonic::{Request, Response, Status, Streaming};
use arrow_flight::flight_descriptor::DescriptorType;
@@ -447,6 +449,7 @@ impl FlightSqlService for FlightSqlServiceImpl {
/// This example shows how to run a FlightSql server
#[tokio::main]
+#[cfg(not(feature = "tls"))]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let addr = "0.0.0.0:50051".parse()?;
@@ -459,6 +462,33 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
Ok(())
}
+/// This example shows how to run a HTTPs FlightSql server
+#[tokio::main]
+#[cfg(feature = "tls")]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+ let addr = "0.0.0.0:50051".parse()?;
+
+ let svc = FlightServiceServer::new(FlightSqlServiceImpl {});
+
+ println!("Listening on {:?}", addr);
+
+ let cert = std::fs::read_to_string("arrow-flight/examples/data/server.pem")?;
+ let key = std::fs::read_to_string("arrow-flight/examples/data/server.key")?;
+ let client_ca = std::fs::read_to_string("arrow-flight/examples/data/client_ca.pem")?;
+
+ let tls_config = ServerTlsConfig::new()
+ .identity(Identity::from_pem(&cert, &key))
+ .client_ca_root(Certificate::from_pem(&client_ca));
+
+ Server::builder()
+ .tls_config(tls_config)?
+ .add_service(svc)
+ .serve(addr)
+ .await?;
+
+ Ok(())
+}
+
#[derive(Clone, PartialEq, ::prost::Message)]
pub struct FetchResults {
#[prost(string, tag = "1")]
@@ -479,20 +509,29 @@ impl ProstMessageExt for FetchResults {
}
#[cfg(test)]
+#[allow(unused_imports)]
mod tests {
use super::*;
use futures::TryStreamExt;
use std::fs;
+ use std::time::Duration;
use tempfile::NamedTempFile;
use tokio::net::{UnixListener, UnixStream};
+ use tokio::time::sleep;
use tokio_stream::wrappers::UnixListenerStream;
- use tonic::transport::Endpoint;
+ use tonic::body::BoxBody;
+ use tonic::codegen::{http, Body, Service};
+
+ #[cfg(feature = "tls")]
+ use tonic::transport::ClientTlsConfig;
use arrow::util::pretty::pretty_format_batches;
use arrow_flight::sql::client::FlightSqlServiceClient;
use arrow_flight::utils::flight_data_to_batches;
- use tower::service_fn;
+ use tonic::transport::{Certificate, Channel, Endpoint};
+ use tower::{service_fn, ServiceExt};
+ #[cfg(not(feature = "tls"))]
async fn client_with_uds(path: String) -> FlightSqlServiceClient {
let connector = service_fn(move |_| UnixStream::connect(path.clone()));
let channel = Endpoint::try_from("https://example.com")
@@ -503,7 +542,78 @@ mod tests {
FlightSqlServiceClient::new(channel)
}
+ #[cfg(feature = "tls")]
+ async fn create_https_server() -> Result<(), tonic::transport::Error> {
+ let cert = std::fs::read_to_string("examples/data/server.pem").unwrap();
+ let key = std::fs::read_to_string("examples/data/server.key").unwrap();
+ let client_ca = std::fs::read_to_string("examples/data/client_ca.pem").unwrap();
+
+ let tls_config = ServerTlsConfig::new()
+ .identity(Identity::from_pem(&cert, &key))
+ .client_ca_root(Certificate::from_pem(&client_ca));
+
+ let addr = "0.0.0.0:50051".parse().unwrap();
+
+ let svc = FlightServiceServer::new(FlightSqlServiceImpl {});
+
+ Server::builder()
+ .tls_config(tls_config)
+ .unwrap()
+ .add_service(svc)
+ .serve(addr)
+ .await
+ }
+
+ #[tokio::test]
+ #[cfg(feature = "tls")]
+ async fn test_select_https() {
+ tokio::spawn(async {
+ create_https_server().await.unwrap();
+ });
+
+ sleep(Duration::from_millis(2000)).await;
+
+ let request_future = async {
+ let cert = std::fs::read_to_string("examples/data/client1.pem").unwrap();
+ let key = std::fs::read_to_string("examples/data/client1.key").unwrap();
+ let server_ca = std::fs::read_to_string("examples/data/ca.pem").unwrap();
+
+ let mut client = FlightSqlServiceClient::new_with_endpoint(
+ Identity::from_pem(cert, key),
+ Certificate::from_pem(&server_ca),
+ "localhost",
+ "127.0.0.1",
+ 50051,
+ )
+ .await
+ .unwrap();
+ let token = client.handshake("admin", "password").await.unwrap();
+ println!("Auth succeeded with token: {:?}", token);
+ let mut stmt = client.prepare("select 1;".to_string()).await.unwrap();
+ let flight_info = stmt.execute().await.unwrap();
+ let ticket = flight_info.endpoint[0].ticket.as_ref().unwrap().clone();
+ let flight_data = client.do_get(ticket).await.unwrap();
+ let flight_data: Vec<FlightData> = flight_data.try_collect().await.unwrap();
+ let batches = flight_data_to_batches(&flight_data).unwrap();
+ let res = pretty_format_batches(batches.as_slice()).unwrap();
+ let expected = r#"
++-------------------+
+| salutation |
++-------------------+
+| Hello, FlightSQL! |
++-------------------+"#
+ .trim()
+ .to_string();
+ assert_eq!(res.to_string(), expected);
+ };
+
+ tokio::select! {
+ _ = request_future => println!("Client finished!"),
+ }
+ }
+
#[tokio::test]
+ #[cfg(not(feature = "tls"))]
async fn test_select_1() {
let file = NamedTempFile::new().unwrap();
let path = file.into_temp_path().to_str().unwrap().to_string();
diff --git a/arrow-flight/src/sql/client.rs b/arrow-flight/src/sql/client.rs
index cf71edead..679213af0 100644
--- a/arrow-flight/src/sql/client.rs
+++ b/arrow-flight/src/sql/client.rs
@@ -44,6 +44,8 @@ use arrow_schema::{ArrowError, Schema, SchemaRef};
use futures::{stream, TryStreamExt};
use prost::Message;
use tokio::sync::{Mutex, MutexGuard};
+#[cfg(feature = "tls")]
+use tonic::transport::{Certificate, ClientTlsConfig, Identity};
use tonic::transport::{Channel, Endpoint};
use tonic::Streaming;
@@ -60,6 +62,7 @@ pub struct FlightSqlServiceClient {
/// Github issues are welcomed.
impl FlightSqlServiceClient {
/// Creates a new FlightSql Client that connects via TCP to a server
+ #[cfg(not(feature = "tls"))]
pub async fn new_with_endpoint(host: &str, port: u16) -> Result<Self, ArrowError> {
let addr = format!("http://{}:{}", host, port);
let endpoint = Endpoint::new(addr)
@@ -71,6 +74,43 @@ impl FlightSqlServiceClient {
.http2_keep_alive_interval(Duration::from_secs(300))
.keep_alive_timeout(Duration::from_secs(20))
.keep_alive_while_idle(true);
+
+ let channel = endpoint.connect().await.map_err(|e| {
+ ArrowError::IoError(format!("Cannot connect to endpoint: {}", e))
+ })?;
+ Ok(Self::new(channel))
+ }
+
+ /// Creates a new HTTPs FlightSql Client that connects via TCP to a server
+ #[cfg(feature = "tls")]
+ pub async fn new_with_endpoint(
+ client_ident: Identity,
+ server_ca: Certificate,
+ domain: &str,
+ host: &str,
+ port: u16,
+ ) -> Result<Self, ArrowError> {
+ let addr = format!("https://{}:{}", host, port);
+
+ let endpoint = Endpoint::new(addr)
+ .map_err(|_| ArrowError::IoError("Cannot create endpoint".to_string()))?
+ .connect_timeout(Duration::from_secs(20))
+ .timeout(Duration::from_secs(20))
+ .tcp_nodelay(true) // Disable Nagle's Algorithm since we don't want packets to wait
+ .tcp_keepalive(Option::Some(Duration::from_secs(3600)))
+ .http2_keep_alive_interval(Duration::from_secs(300))
+ .keep_alive_timeout(Duration::from_secs(20))
+ .keep_alive_while_idle(true);
+
+ let tls_config = ClientTlsConfig::new()
+ .domain_name(domain)
+ .ca_certificate(server_ca)
+ .identity(client_ident);
+
+ let endpoint = endpoint
+ .tls_config(tls_config)
+ .map_err(|_| ArrowError::IoError("Cannot create endpoint".to_string()))?;
+
let channel = endpoint.connect().await.map_err(|e| {
ArrowError::IoError(format!("Cannot connect to endpoint: {}", e))
})?;
diff --git a/dev/release/rat_exclude_files.txt b/dev/release/rat_exclude_files.txt
index fad1a5a7d..6f9d1b5f3 100644
--- a/dev/release/rat_exclude_files.txt
+++ b/dev/release/rat_exclude_files.txt
@@ -24,3 +24,4 @@ arrow-flight/src/arrow.flight.protocol.rs
arrow-flight/src/sql/arrow.flight.protocol.sql.rs
.github/*
parquet/src/bin/parquet-fromcsv-help.txt
+arrow-flight/examples/data/*