diff --git a/.github/workflows/tls.yml b/.github/workflows/tls.yml index 9c86816b..8c6fa276 100644 --- a/.github/workflows/tls.yml +++ b/.github/workflows/tls.yml @@ -1,5 +1,9 @@ -# This workflow will make use of Faktory put behind NGINX to test -# the crate's tls feature (see docker dir in the project's root) +# This workflow will make use of Faktory put behind NGINX to test the crate's `tls` feature +# (see the `docker` directory in the project's root). +# +# We are also utilizing this dedicated workflow and Faktory deployment to test that password authentication works +# as expected (see the password part in the `FAKTORY_URL_SECURE` connection string and the `FAKTORY_PASSWORD` environment +# variable in the `faktory` service description in the compose file in the `docker` directory mentioned above. permissions: contents: read on: @@ -28,5 +32,5 @@ jobs: run: cargo generate-lockfile - name: Run tests env: - FAKTORY_URL_SECURE: tcp://localhost:17419 + FAKTORY_URL_SECURE: tcp://:uredinales@localhost:17419 run: cargo test --locked --features native_tls,rustls --test tls diff --git a/Makefile b/Makefile index 4af3ed1d..79e49cfe 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,7 @@ FAKTORY_HOST=localhost FAKTORY_PORT=7419 FAKTORY_PORT_SECURE=17419 FAKTORY_PORT_UI=7420 +FAKTORY_PASSWORD=uredinales .PHONY: precommit precommit: fmt check test/doc test/e2e test/e2e/tls @@ -57,7 +58,7 @@ test/e2e: .PHONY: test/e2e/tls test/e2e/tls: - FAKTORY_URL_SECURE=tcp://${FAKTORY_HOST}:${FAKTORY_PORT_SECURE} \ + FAKTORY_URL_SECURE=tcp://:${FAKTORY_PASSWORD}@${FAKTORY_HOST}:${FAKTORY_PORT_SECURE} \ cargo test --locked --features native_tls,rustls --test tls -- --nocapture .PHONY: test/load diff --git a/docker/compose.yml b/docker/compose.yml index 14937855..11caaf2a 100644 --- a/docker/compose.yml +++ b/docker/compose.yml @@ -7,6 +7,8 @@ services: build: context: . dockerfile: faktory.Dockerfile + environment: + FAKTORY_PASSWORD: uredinales command: "/faktory -b :7419 -w :7420" nginx: depends_on: diff --git a/tests/tls/native_tls.rs b/tests/tls/native_tls.rs index 582a6871..4f4c5c20 100644 --- a/tests/tls/native_tls.rs +++ b/tests/tls/native_tls.rs @@ -2,6 +2,7 @@ use faktory::native_tls::TlsStream; use faktory::{Client, Job, WorkerBuilder, WorkerId}; use serde_json::Value; use std::{env, sync}; +use url::Url; #[tokio::test(flavor = "multi_thread")] async fn roundtrip_tls() { @@ -31,16 +32,21 @@ async fn roundtrip_tls() { .unwrap() }; + let password = Url::parse(&env::var("FAKTORY_URL_SECURE").expect("faktory url to be set...")) + .expect("...and be valid") + .password() + .map(|p| p.to_string()); + let mut worker = WorkerBuilder::default() .hostname("tester".to_string()) .wid(WorkerId::new(local)) .register(local, fixtures::JobHandler::new(tx)) - .connect_with(tls().await, None) + .connect_with(tls().await, password.clone()) .await .unwrap(); // "one-shot" client - Client::connect_with(tls().await, None) + Client::connect_with(tls().await, password) .await .unwrap() .enqueue(Job::new(local, vec!["z"]).on_queue(local)) diff --git a/tests/tls/rustls.rs b/tests/tls/rustls.rs index 9bdc4301..093358a0 100644 --- a/tests/tls/rustls.rs +++ b/tests/tls/rustls.rs @@ -6,6 +6,7 @@ use std::{ sync::{self, Arc}, }; use tokio_rustls::rustls::{ClientConfig, SignatureScheme}; +use url::Url; #[tokio::test(flavor = "multi_thread")] async fn roundtrip_tls() { @@ -23,6 +24,7 @@ async fn roundtrip_tls() { } let local = "roundtrip_tls"; let (tx, rx) = sync::mpsc::channel(); + let tls = || async { let verifier = fixtures::TestServerCertVerifier::new( SignatureScheme::RSA_PSS_SHA512, @@ -45,16 +47,21 @@ async fn roundtrip_tls() { .unwrap() }; + let password = Url::parse(&env::var("FAKTORY_URL_SECURE").expect("faktory url to be set...")) + .expect("...and be valid") + .password() + .map(|p| p.to_string()); + let mut worker = WorkerBuilder::default() .hostname("tester".to_string()) .wid(WorkerId::new(local)) .register(local, fixtures::JobHandler::new(tx)) - .connect_with(tls().await, None) + .connect_with(tls().await, password.clone()) .await .unwrap(); // "one-shot" client - Client::connect_with(tls().await, None) + Client::connect_with(tls().await, password) .await .unwrap() .enqueue(Job::new(local, vec!["z"]).on_queue(local))