TLS for Daml Script exports (#9626)

* Daml ledger export add TLS command-line flags changelog_begin changelog_end * Add ConfgSpec test for TLS options * Fix path comparison on Windows. (`/` vs `\`) * Fix Scala 2.13 Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io>
digital-asset · May 10, 2021 · 26a8011 · 26a8011
1 parent 9242540
commit 26a8011
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 3 deletions.
diff --git a/daml-script/export/BUILD.bazel b/daml-script/export/BUILD.bazel
@@ -38,6 +38,7 @@ da_scala_binary(
         "//language-support/scala/bindings",
         "//language-support/scala/bindings-akka",
         "//ledger-api/rs-grpc-bridge",
+        "//ledger-service/cli-opts",
         "//ledger/ledger-api-client",
         "//ledger/ledger-api-common",
         "@maven//:org_apache_commons_commons_text",
@@ -47,16 +48,21 @@ da_scala_binary(
 da_scala_test(
     name = "tests",
     srcs = glob(["src/test/scala/**/*.scala"]),
+    data = [
+        "//ledger/test-common/test-certificates",
+    ],
     scala_deps = [
         "@maven//:org_scalatest_scalatest",
         "@maven//:org_typelevel_paiges_core",
     ],
     visibility = ["//visibility:public"],
     deps = [
         ":export",
+        "//bazel_tools/runfiles:scala_runfiles",
         "//daml-lf/data",
         "//daml-lf/language",
         "//language-support/scala/bindings",
+        "//ledger/ledger-api-common",
     ],
 )
 
@@ -92,6 +98,7 @@ da_scala_test(
         "//ledger-api/testing-utils",
         "//ledger/ledger-api-auth",
         "//ledger/ledger-api-client",
+        "//ledger/ledger-api-common",
         "//ledger/ledger-api-domain",
         "//ledger/ledger-resources",
         "//ledger/sandbox:sandbox-scala-tests-lib",

diff --git a/daml-script/export/src/it/scala/com/daml/script/export/IT.scala b/daml-script/export/src/it/scala/com/daml/script/export/IT.scala
@@ -33,6 +33,7 @@ import com.daml.lf.archive.{Dar, DarReader, Decode}
 import com.daml.platform.sandbox.services.TestCommands
 import com.daml.platform.sandboxnext.SandboxNextFixture
 import com.daml.SdkVersion
+import com.daml.ledger.api.tls.TlsConfiguration
 import com.daml.lf.engine.script.ledgerinteraction.{GrpcLedgerClient, ScriptTimeMode}
 import scalaz.syntax.tag._
 import scalaz.std.scalaFuture._
@@ -146,6 +147,7 @@ final class IT
       Config(
         ledgerHost = "localhost",
         ledgerPort = serverPort.value,
+        tlsConfig = TlsConfiguration(false, None, None, None),
         parties = parties,
         start = offset,
         end = ledgerEnd,

diff --git a/daml-script/export/src/main/scala/com/daml/script/export/Config.scala b/daml-script/export/src/main/scala/com/daml/script/export/Config.scala
@@ -6,11 +6,13 @@ package com.daml.script.export
 import java.nio.file.Path
 import java.io.File
 
+import com.daml.ledger.api.tls.{TlsConfiguration, TlsConfigurationCli}
 import com.daml.ledger.api.v1.ledger_offset.LedgerOffset
 
 final case class Config(
     ledgerHost: String,
     ledgerPort: Int,
+    tlsConfig: TlsConfiguration,
     parties: Seq[String],
     start: LedgerOffset,
     end: LedgerOffset,
@@ -50,6 +52,9 @@ object Config {
       .required()
       .action((x, c) => c.copy(ledgerPort = x))
       .text("Daml ledger port to connect to.")
+    TlsConfigurationCli.parse(this, colSpacer = "        ")((f, c) =>
+      c.copy(tlsConfig = f(c.tlsConfig))
+    )
     opt[Seq[String]]("party")
       .required()
       .unbounded()
@@ -126,6 +131,7 @@ object Config {
   private val Empty = Config(
     ledgerHost = "",
     ledgerPort = -1,
+    tlsConfig = TlsConfiguration(false, None, None, None),
     parties = List(),
     start = LedgerOffset(LedgerOffset.Value.Boundary(LedgerOffset.LedgerBoundary.LEDGER_BEGIN)),
     end = LedgerOffset(LedgerOffset.Value.Boundary(LedgerOffset.LedgerBoundary.LEDGER_END)),

diff --git a/daml-script/export/src/main/scala/com/daml/script/export/Main.scala b/daml-script/export/src/main/scala/com/daml/script/export/Main.scala
@@ -49,7 +49,11 @@ object Main {
     config.exportType match {
       case Some(exportScript: ExportScript) =>
         for {
-          client <- LedgerClient.singleHost(config.ledgerHost, config.ledgerPort, clientConfig)
+          client <- LedgerClient.singleHost(
+            config.ledgerHost,
+            config.ledgerPort,
+            clientConfig(config),
+          )
           acs <- LedgerUtils.getACS(client, config.parties, config.start)
           trees <- LedgerUtils.getTransactionTrees(client, config.parties, config.start, config.end)
           acsPkgRefs = TreeUtils.contractsReferences(acs.values)
@@ -73,10 +77,10 @@ object Main {
     }
   }
 
-  val clientConfig: LedgerClientConfiguration = LedgerClientConfiguration(
+  private def clientConfig(config: Config): LedgerClientConfiguration = LedgerClientConfiguration(
     applicationId = "script-export",
     ledgerIdRequirement = LedgerIdRequirement.none,
     commandClient = CommandClientConfiguration.default,
-    sslContext = None,
+    sslContext = config.tlsConfig.client,
   )
 }
diff --git a/daml-script/export/src/test/scala/com/daml/script/export/ConfigSpec.scala b/daml-script/export/src/test/scala/com/daml/script/export/ConfigSpec.scala
@@ -3,6 +3,9 @@
 
 package com.daml.script.export
 
+import java.nio.file.{Files, Paths}
+
+import com.daml.bazeltools.BazelRunfiles.rlocation
 import com.daml.ledger.api.v1.ledger_offset.LedgerOffset
 import org.scalatest.freespec.AnyFreeSpec
 import org.scalatest.matchers.should.Matchers
@@ -77,5 +80,20 @@ class ConfigSpec extends AnyFreeSpec with Matchers with OptionValues {
         optConfig.value.parties should contain only ("Alice", "Bob")
       }
     }
+    "TLS" - {
+      "--pem PEM --crt CRT" in {
+        val pemPath = rlocation("ledger/test-common/test-certificates/client.pem")
+        val crtPath = rlocation("ledger/test-common/test-certificates/client.crt")
+        val args = defaultRequiredArgs ++ Array("--pem", pemPath, "--crt", crtPath)
+        val optConfig = Config.parse(args)
+        assert(Files.isSameFile(optConfig.value.tlsConfig.keyFile.value.toPath, Paths.get(pemPath)))
+        assert(
+          Files.isSameFile(
+            optConfig.value.tlsConfig.keyCertChainFile.value.toPath,
+            Paths.get(crtPath),
+          )
+        )
+      }
+    }
   }
 }