From e7928aaeeeccba607d50f7c96da0b77d777c4d16 Mon Sep 17 00:00:00 2001 From: shuiyisong <113876041+shuiyisong@users.noreply.github.com> Date: Fri, 14 Nov 2025 17:58:52 +0800 Subject: [PATCH] chore: add `tls-watch` option in cmd (#7226) * chore: add tls-watch cmd option * chore: add watch tls option to standalone and fe cmd * chore: fix clippy Signed-off-by: shuiyisong * chore: address CR comment Co-authored-by: Yingwen * chore: address CR issue Signed-off-by: shuiyisong --------- Signed-off-by: shuiyisong Co-authored-by: Yingwen --- src/cmd/src/frontend.rs | 3 +++ src/cmd/src/standalone.rs | 8 ++++++++ src/servers/src/tls.rs | 19 +++++++++++++++---- tests-integration/tests/grpc.rs | 1 + 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/src/cmd/src/frontend.rs b/src/cmd/src/frontend.rs index 89992eba37..93dac1e922 100644 --- a/src/cmd/src/frontend.rs +++ b/src/cmd/src/frontend.rs @@ -177,6 +177,8 @@ pub struct StartCommand { #[clap(long)] tls_key_path: Option, #[clap(long)] + tls_watch: bool, + #[clap(long)] user_provider: Option, #[clap(long)] disable_dashboard: Option, @@ -230,6 +232,7 @@ impl StartCommand { self.tls_mode.clone(), self.tls_cert_path.clone(), self.tls_key_path.clone(), + self.tls_watch, ); if let Some(addr) = &self.http_addr { diff --git a/src/cmd/src/standalone.rs b/src/cmd/src/standalone.rs index bf5aff7825..8d33fc5193 100644 --- a/src/cmd/src/standalone.rs +++ b/src/cmd/src/standalone.rs @@ -228,6 +228,8 @@ pub struct StartCommand { #[clap(long)] tls_key_path: Option, #[clap(long)] + tls_watch: bool, + #[clap(long)] user_provider: Option, #[clap(long, default_value = "GREPTIMEDB_STANDALONE")] pub env_prefix: String, @@ -277,6 +279,7 @@ impl StartCommand { self.tls_mode.clone(), self.tls_cert_path.clone(), self.tls_key_path.clone(), + self.tls_watch, ); if let Some(addr) = &self.http_addr { @@ -769,6 +772,9 @@ mod tests { fn test_load_log_options_from_cli() { let cmd = StartCommand { user_provider: Some("static_user_provider:cmd:test=test".to_string()), + mysql_addr: Some("127.0.0.1:4002".to_string()), + postgres_addr: Some("127.0.0.1:4003".to_string()), + tls_watch: true, ..Default::default() }; @@ -785,6 +791,8 @@ mod tests { assert_eq!("./greptimedb_data/test/logs", opts.logging.dir); assert_eq!("debug", opts.logging.level.unwrap()); + assert!(opts.mysql.tls.watch); + assert!(opts.postgres.tls.watch); } #[test] diff --git a/src/servers/src/tls.rs b/src/servers/src/tls.rs index 245bf4c71a..115e3d39c6 100644 --- a/src/servers/src/tls.rs +++ b/src/servers/src/tls.rs @@ -68,7 +68,12 @@ pub struct TlsOption { } impl TlsOption { - pub fn new(mode: Option, cert_path: Option, key_path: Option) -> Self { + pub fn new( + mode: Option, + cert_path: Option, + key_path: Option, + watch: bool, + ) -> Self { let mut tls_option = TlsOption::default(); if let Some(mode) = mode { @@ -83,6 +88,8 @@ impl TlsOption { tls_option.key_path = key_path }; + tls_option.watch = watch; + tls_option } @@ -242,13 +249,16 @@ mod tests { #[test] fn test_new_tls_option() { - assert_eq!(TlsOption::default(), TlsOption::new(None, None, None)); + assert_eq!( + TlsOption::default(), + TlsOption::new(None, None, None, false) + ); assert_eq!( TlsOption { mode: Disable, ..Default::default() }, - TlsOption::new(Some(Disable), None, None) + TlsOption::new(Some(Disable), None, None, false) ); assert_eq!( TlsOption { @@ -261,7 +271,8 @@ mod tests { TlsOption::new( Some(Disable), Some("/path/to/cert_path".to_string()), - Some("/path/to/key_path".to_string()) + Some("/path/to/key_path".to_string()), + false ) ); } diff --git a/tests-integration/tests/grpc.rs b/tests-integration/tests/grpc.rs index 6f82d4fc55..f02d88f45b 100644 --- a/tests-integration/tests/grpc.rs +++ b/tests-integration/tests/grpc.rs @@ -953,6 +953,7 @@ pub async fn test_grpc_tls_config(store_type: StorageType) { Some(TlsMode::Require), Some(server_cert_path), Some(server_key_path), + false, ); let config = GrpcServerConfig { max_recv_message_size: 1024,