feat(services/memcached): Add TLS support for AWS ElastiCache

[AryanVBW]

Add TLS Support for AWS ElastiCache Memcached

This PR adds TLS support for Memcached connections, particularly targeting AWS ElastiCache serverless instances which require TLS connections. Instead of using plain TCP conn
This pull request introduces several changes to the core/src/services/memcached module to add support for TLS connections, which is required for AWS ElastiCache Memcached serverless instances. The most important changes include adding TLS-related dependencies, updating the MemcachedBuilder and MemcacheConnectionManager to support TLS configuration, and modifying the Connection struct to handle both plain and TLS connections.

TLS Support:

• core/src/services/memcached/backend.rs: Added tokio_native_tls dependencies and updated MemcachedBuilder to include methods for enabling TLS and setting the CA certificate file path. [1] [2]
• core/src/services/memcached/backend.rs: Modified MemcacheConnectionManager to handle TLS connections by adding enable_tls and ca_cert fields and updating the connect method to establish a TLS connection if enabled. [1] [2]
• core/src/services/memcached/config.rs: Updated MemcachedConfig to include enable_tls and ca_cert fields for TLS configuration.

Connection Handling:

• core/src/services/memcached/backend.rs: Refactored Adapter to use a connection pool instead of managing individual connections, and updated the Builder implementation to create the connection pool with the new MemcacheConnectionManager. [1] [2]
• core/src/services/memcached/binary.rs: Modified the Connection struct to use a dynamic stream (Box<dyn AsyncRead + AsyncWrite + Send + Unpin>) to support both plain and TLS connections, and updated related methods to work with the new stream type. [1] [2] [3] ections (telnet), users can now establish secure TLS connections (openssl s_client) with their Memcached instances.

Changes

1. Configuration Options

Added new configuration options to MemcachedConfig:

pub struct MemcachedConfig {
    // ... existing fields ...
    
    /// Enable TLS for the connection.
    /// Required for AWS ElastiCache Memcached serverless instances.
    pub enable_tls: Option<bool>,
    
    /// Path to CA certificate file for TLS verification.
    pub ca_cert: Option<String>,
}

2. Builder Methods

Added new builder methods to MemcachedBuilder:

impl MemcachedBuilder {
    /// Enable TLS for the connection.
    pub fn enable_tls(mut self, enable: bool) -> Self {
        self.config.enable_tls = Some(enable);
        self
    }

    /// Set the CA certificate file path for TLS verification.
    pub fn ca_cert(mut self, ca_cert: &str) -> Self {
        if !ca_cert.is_empty() {
            self.config.ca_cert = Some(ca_cert.to_string());
        }
        self
    }
}

3. TLS Connection Handling

• Added TLS support using tokio-native-tls
• Implemented dynamic stream type handling for both TLS and non-TLS connections
• Added support for custom CA certificates for AWS ElastiCache verification
• Updated the binary protocol implementation to work with TLS streams

Usage Example

let builder = MemcachedBuilder::default()
    .endpoint("your-elasticache-endpoint:11211")
    .enable_tls(true)
    .ca_cert("/path/to/ca.pem")  // Optional: provide CA cert if needed
    .build()?;

Implementation Details

1. Stream Abstraction: Updated Connection to use a boxed trait object that can handle both TLS and non-TLS streams:

pub struct Connection {
    stream: Box<dyn AsyncRead + AsyncWrite + Send + Unpin>,
}

2. TLS Configuration: Added TLS configuration to MemcacheConnectionManager:

pub struct MemcacheConnectionManager {
    address: String,
    username: Option<String>,
    password: Option<String>,
    enable_tls: bool,
    ca_cert: Option<String>,
}

3. Connection Logic: Implemented smart connection handling that automatically uses TLS when enabled:

async fn connect(&self) -> Result<Self::Connection, Self::Error> {
    if self.enable_tls {
        // TLS connection logic with certificate handling
    } else {
        // Regular TCP connection logic
    }
}

Testing

• Added unit tests for TLS configuration
• Added integration tests with AWS ElastiCache
• Tested backward compatibility with non-TLS connections
• Verified error handling for invalid certificates

Dependencies

Added tokio-native-tls for TLS support:

[dependencies]
tokio-native-tls = "0.3"

Related Issues

#5419

@killme2008 @drmingdrmer @jayvdb @viirya @qrilka @Xuanwo

[Xuanwo]

Hi, there's already a PR in progress for this: #5471. You're welcome to review the existing one instead.

[AryanVBW]

@Xuanwo Thanks for your response☺️ I would definitely love to review the existing PR. Please let me know if you’re interested in guide me in contributing to the project. I’m eager to contribute and would love to take on any specific tasks or other work that you may have. I definitely do my best work and will provide you with the best solutions as you expect.