Skip to content

feat: support HTTP forward proxy #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Aug 22, 2025
Merged

feat: support HTTP forward proxy #102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
ba745dd
feat: support HTTP forward proxy
Manuthor Aug 21, 2025
1031716
fix: try to fix forward proxy tests
Manuthor Aug 22, 2025
db0c6ef
test: use forward proxy
Manuthor Aug 22, 2025
5bf9735
ci: fix
Manuthor Aug 22, 2025
c7a18c7
ci: fix 2
Manuthor Aug 22, 2025
a60c1b3
ci: fix 3
Manuthor Aug 22, 2025
dccbec0
ci: build cosmian_cli before proxy test
Manuthor Aug 22, 2025
b042c84
test: if squid proxy is up and working
Manuthor Aug 22, 2025
ba1bf0a
test: verify that KMS server is up
Manuthor Aug 22, 2025
93c5eba
test(proxy): use local address instead of localhost
Manuthor Aug 22, 2025
bbc1851
fix: revert to develop reusable_workflows
Manuthor Aug 22, 2025
0ba4823
build: use last version of KMS and Findex-server crates
Manuthor Aug 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/scripts/squid/passwd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
myuser:$apr1$Ap.uaf4X$8QAwer4HqLG0zF9w/3kNy.
21 changes: 21 additions & 0 deletions .github/scripts/squid/squid.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Squid basic config with authentication
http_port 8888

# Authentication settings
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm Proxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on

# ACL requiring authentication
acl authenticated proxy_auth REQUIRED

# Allow only authenticated users
http_access allow authenticated
http_access deny all

# Recommended minimum settings
cache deny all
access_log /var/log/squid/access.log squid
cache_log /dev/stdout
cache_store_log none
70 changes: 70 additions & 0 deletions .github/workflows/cargo_publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
---
name: cargo publish

on:
workflow_call:
secrets:
token:
required: true

jobs:
cargo-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive

- uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly-2025-03-31
components: rustfmt, clippy

- name: Publishing - dry run
run: |
cargo +nightly-2025-03-31 publish --dry-run --workspace -Z package-workspace \
--exclude cosmian_findex_cli \
--exclude cosmian_findex_client \
--exclude cosmian_findex_structs \
--exclude cosmian_findex_server \
--exclude test_findex_server \
--exclude cosmian_kms_access \
--exclude cosmian_kms_cli \
--exclude cosmian_kms_client_utils \
--exclude cosmian_kms_crypto \
--exclude cosmian_kms_base_hsm \
--exclude cosmian_kms_proteccio \
--exclude cosmian_kms_utimaco \
--exclude cosmian_kms_softhsm2 \
--exclude cosmian_kms_interfaces \
--exclude cosmian_kms_kmip \
--exclude cosmian_kms_kmip-derive \
--exclude cosmian_kms_client \
--exclude cosmian_kms_server \
--exclude test_kms_server \
--exclude cosmian_kms_server_database

- name: Publishing
if: startsWith(github.ref, 'refs/tags/')
run: |
cargo +nightly-2025-03-31 publish --workspace -Z package-workspace --token ${{ secrets.token }} \
--exclude cosmian_findex_cli \
--exclude cosmian_findex_client \
--exclude cosmian_findex_structs \
--exclude cosmian_findex_server \
--exclude test_findex_server \
--exclude cosmian_kms_access \
--exclude cosmian_kms_cli \
--exclude cosmian_kms_client_utils \
--exclude cosmian_kms_crypto \
--exclude cosmian_kms_base_hsm \
--exclude cosmian_kms_proteccio \
--exclude cosmian_kms_utimaco \
--exclude cosmian_kms_softhsm2 \
--exclude cosmian_kms_interfaces \
--exclude cosmian_kms_kmip \
--exclude cosmian_kms_kmip-derive \
--exclude cosmian_kms_client \
--exclude cosmian_kms_server \
--exclude test_kms_server \
--exclude cosmian_kms_server_database
59 changes: 59 additions & 0 deletions .github/workflows/forward_proxy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
name: forward proxy

on:
workflow_call:
inputs:
toolchain:
required: true
type: string

env:
OPENSSL_DIR: /usr/local/openssl

jobs:
forward-proxy:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
submodules: recursive

- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ inputs.toolchain }}
components: rustfmt, clippy

- name: Local OpenSSL Install
run: |
sudo mkdir -p ${{ env.OPENSSL_DIR }}/ssl
sudo mkdir -p ${{ env.OPENSSL_DIR }}/lib64/ossl-modules
sudo chown -R $USER ${{ env.OPENSSL_DIR }}
bash .github/reusable_scripts/get_openssl_binaries.sh
env:
OS_NAME: ubuntu_22_04

- name: Prerequisites
run: |
set -ex
sudo apt install squid
sudo cp .github/scripts/squid/passwd /etc/squid/
sudo cp .github/scripts/squid/squid.conf /etc/squid/
sudo systemctl restart squid
sudo journalctl -u squid --no-pager -f &
sleep 5
curl http://localhost:8888
curl -v -x http://localhost:8888 -U myuser:mypwd http://example.org

- name: Forward proxy test
run: |
cargo +${{ inputs.toolchain }} build -p cosmian_cli

# Get the local IP address
LOCAL_IP=$(hostname -I | awk '{print $1}')
echo "Local IP address: $LOCAL_IP"

# Export the KMS_URL environment variable
export KMS_URL=http://$LOCAL_IP:9998

cargo +${{ inputs.toolchain }} test --workspace --lib -- --nocapture --ignored test_server_version_using_forward_proxy
66 changes: 11 additions & 55 deletions .github/workflows/main_base.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,62 +32,16 @@ jobs:
toolchain: ${{ inputs.toolchain }}

cargo-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive

- name: Publishing - dry run
run: |
cargo +nightly publish --dry-run --workspace -Z package-workspace \
--exclude cosmian_findex_cli \
--exclude cosmian_findex_client \
--exclude cosmian_findex_structs \
--exclude cosmian_findex_server \
--exclude test_findex_server \
--exclude cosmian_kms_access \
--exclude cosmian_kms_cli \
--exclude cosmian_kms_client_utils \
--exclude cosmian_kms_crypto \
--exclude cosmian_kms_base_hsm \
--exclude cosmian_kms_proteccio \
--exclude cosmian_kms_utimaco \
--exclude cosmian_kms_softhsm2 \
--exclude cosmian_kms_interfaces \
--exclude cosmian_kms_kmip \
--exclude cosmian_kms_kmip-derive \
--exclude cosmian_kms_client \
--exclude cosmian_kms_server \
--exclude test_kms_server \
--exclude cosmian_kms_server_database
uses: ./.github/workflows/cargo_publish.yml
secrets:
token: ${{ secrets.CRATES_IO }}

- name: Publishing
if: startsWith(github.ref, 'refs/tags/')
run: |
cargo +nightly publish --workspace -Z package-workspace --token ${{ secrets.CRATES_IO }} \
--exclude cosmian_findex_cli \
--exclude cosmian_findex_client \
--exclude cosmian_findex_structs \
--exclude cosmian_findex_server \
--exclude test_findex_server \
--exclude cosmian_kms_access \
--exclude cosmian_kms_cli \
--exclude cosmian_kms_client_utils \
--exclude cosmian_kms_crypto \
--exclude cosmian_kms_base_hsm \
--exclude cosmian_kms_proteccio \
--exclude cosmian_kms_utimaco \
--exclude cosmian_kms_softhsm2 \
--exclude cosmian_kms_interfaces \
--exclude cosmian_kms_kmip \
--exclude cosmian_kms_kmip-derive \
--exclude cosmian_kms_client \
--exclude cosmian_kms_server \
--exclude test_kms_server \
--exclude cosmian_kms_server_database
forward-proxy:
uses: ./.github/workflows/forward_proxy.yml
with:
toolchain: ${{ inputs.toolchain }}

build: # Build on Ubuntu 22/24, Rocky 8/9, MacOS 13/15 and Windows Server 22
build:
uses: Cosmian/reusable_workflows/.github/workflows/build_all.yml@develop
secrets: inherit
with:
Expand All @@ -109,8 +63,10 @@ jobs:
release:
name: release
needs:
- cargo-deny
- cargo-lint
- cargo-deny
- cargo-machete
- forward-proxy
- build
uses: Cosmian/reusable_workflows/.github/workflows/push-artifacts.yml@develop
with:
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@ node_modules/
# this directory may contain sqlite data when the KMS is launched locally
**/cosmian-kms/sqlite-data*
**/sqlite-data.db*
*.log
Loading
Loading