Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new feature: Memcached In Transit Encryption (TLS) support #5419

Open
1 task
elichai opened this issue Dec 15, 2024 · 7 comments · May be fixed by #5471
Open
1 task

new feature: Memcached In Transit Encryption (TLS) support #5419

elichai opened this issue Dec 15, 2024 · 7 comments · May be fixed by #5471
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@elichai
Copy link

elichai commented Dec 15, 2024

Feature Description

AWS Elasticache Memcached serverless instances require using TLS,
meaning that instead of doing telnet ....cache.amazonaws.com 1211 you do openssl s_client -quiet -crlf -connect ....cache.amazonaws.com:11211, supporting this TLS mode here would be great :)

Problem and Solution

Adding TLS support, See: https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/in-transit-encryption.html

Additional Context

No response

Are you willing to contribute to the development of this feature?

  • Yes, I am willing to contribute to the development of this feature.
@elichai elichai added the enhancement New feature or request label Dec 15, 2024
@Xuanwo Xuanwo added good first issue Good for newcomers help wanted Extra attention is needed labels Dec 18, 2024
@ozewr
Copy link

ozewr commented Dec 19, 2024

Hello, I would like to contribute to the development of this feature. Could you tell me which part of the code I should read , or provide some other relevant information? @Xuanwo

@Xuanwo
Copy link
Member

Xuanwo commented Dec 19, 2024

Hi, @ozewr, thank you for your interest!

Memcached currently interacts directly with TcpStream:

opendal/core/src/services/memcached/binary.rs

Lines 104 to 109 in f0ace56

impl Connection {
pub fn new(io: TcpStream) -> Self {
Self {
io: BufReader::new(io),
}
}

We need to add support for using a TLS library like tokio_rustls to establish a TLS connection. For example: https://github.com/rustls/tokio-rustls/blob/main/examples/client.rs

@ozewr
Copy link

ozewr commented Dec 20, 2024
edited
Loading

Hi, @ozewr, thank you for your interest!

Memcached currently interacts directly with TcpStream:

opendal/core/src/services/memcached/binary.rs

Lines 104 to 109 in f0ace56

impl Connection {
pub fn new(io: TcpStream) -> Self {
Self {
io: BufReader::new(io),
}
}

We need to add support for using a TLS library like tokio_rustls to establish a TLS connection. For example: https://github.com/rustls/tokio-rustls/blob/main/examples/client.rs

Hello, I'm a new programmer, so I want to share my thoughts and see if they are correct. It seems that here we need a new struct implementing bb8::ManageConnection, similar to MemcacheConnectionManager. However,

impl bb8::ManageConnection for MemcacheConnectionManager {
    type Connection = TlsConnection { io: BufReader<TlsStream<TcpStream>> };
    type Error = Error;
...

Or directly modify the implementation of bb8::ManageConnection for MemcacheConnectionManager to make it only support TLS connections. @Xuanwo

@Xuanwo
Copy link
Member

Xuanwo commented Dec 20, 2024

Maybe we can make binary::Connection an enum that have TcpConnection and TlsConnection.

@geetanshjuneja
Copy link

@Xuanwo I wanna take up this task.

@Xuanwo
Copy link
Member

Xuanwo commented Dec 26, 2024

@Xuanwo I wanna take up this task.

Hi, @ozewr is working on this now. Maybe we can collaborate with them first?

@ozewr
Copy link

ozewr commented Dec 26, 2024

@Xuanwo I wanna take up this task.

Hi, @ozewr is working on this now. Maybe we can collaborate with them first?

Sorry, I’ve been a bit busy with my day job this week, but I think I should be able to submit a PR tomorrow. I think we can collaborate on it. @geetanshjuneja

@ozewr ozewr linked a pull request Dec 27, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat:add tls support fot memcached ozewr/opendal
4 participants
@elichai @Xuanwo @geetanshjuneja @ozewr