feat: support providing x.509 certificate for user authentication.

.config/nextest.toml

@@ -0,0 +1,2 @@
+[profile.default]
+slow-timeout = { period = "30s", terminate-after = 1 }

.github/workflows/docker-repo.yml

@@ -8,6 +8,10 @@ on:
         default: release
 
     outputs:
+      docker_registry:
+        description: ESDB docker registry
+        value: ${{ jobs.provide_docker.outputs.docker_registry }}
+
       docker_repo:
         description: ESDB docker repository
         value: ${{ jobs.provide_docker.outputs.docker_repo }}
@@ -20,6 +24,7 @@ jobs:
   provide_docker:
     runs-on: ubuntu-latest
     outputs:
+      docker_registry: ${{ steps.set_docker.outputs.docker_registry }}
       docker_repo: ${{ steps.set_docker.outputs.docker_repo }}
       docker_container: ${{ steps.set_docker.outputs.docker_container }}
     steps:
@@ -28,22 +33,26 @@ jobs:
         run: |
           case ${{ inputs.runtime_env }} in
             "release")
+              echo "docker_registry=docker.eventstore.com" >> $GITHUB_OUTPUT
               echo "docker_repo=eventstore-ce" >> $GITHUB_OUTPUT
               echo "docker_container=eventstoredb-ce" >> $GITHUB_OUTPUT
             ;;
 
             "staging")
+              echo "docker_registry=docker.eventstore.com" >> $GITHUB_OUTPUT
               echo "docker_repo=eventstore-staging-ce" >> $GITHUB_OUTPUT
               echo "docker_container=eventstoredb-oss" >> $GITHUB_OUTPUT
             ;;
 
             "enterprise")
+              echo "docker_registry=docker.eventstore.com" >> $GITHUB_OUTPUT
               echo "docker_repo=eventstore-ee" >> $GITHUB_OUTPUT
               echo "docker_container=eventstoredb-commercial" >> $GITHUB_OUTPUT
             ;;
 
             *)
+              echo "docker_registry=docker.eventstore.com" >> $GITHUB_OUTPUT
               echo "docker_repo=eventstore-ce" >> $GITHUB_OUTPUT
               echo "docker_container=eventstoredb-ce" >> $GITHUB_OUTPUT
             ;;
-          esac
+          esac

.github/workflows/rust.yml

@@ -55,11 +55,12 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        version: [previous-lts, lts, latest, ci]
+        version: [previous-lts, lts, latest]
 
     uses: ./.github/workflows/tests.yml
     with:
       esdb_version: ${{ matrix.version }}
+    secrets: inherit
 
   linting:
     name: Linting

.github/workflows/tests.yml

@@ -13,6 +13,8 @@ on:
 
 env:
   CARGO_TERM_COLOR: always
+  NEXTEST_FAILURE_OUTPUT: immediate
+  NEXTEST_HIDE_PROGRESS_BAR: true
 
 jobs:
   provide_docker:
@@ -36,21 +38,20 @@ jobs:
       - name: Install
         run: rustup update stable
 
+      - name: Install cargo-nextest
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cargo-nextest
+          locked: true
+
       - name: Run test
-        run: cargo test --package eventstore --test integration single_node_${{ matrix.test }}
+        run: cargo nextest run single_node_${{ matrix.test }}
         continue-on-error: ${{ matrix.test == 'auto_resub_on_connection_drop' }}
         env:
+          ESDB_DOCKER_REGISTRY: ${{ needs.provide_docker.outputs.docker_registry }}
           ESDB_DOCKER_REPO: ${{ needs.provide_docker.outputs.docker_repo }}
           ESDB_DOCKER_CONTAINER: ${{ needs.provide_docker.outputs.docker_container }}
           ESDB_DOCKER_CONTAINER_VERSION: ${{ inputs.esdb_version }}
-          RUST_LOG: integration=debug,eventstore=debug
-          RUST_BACKTRACE: 1
-
-      - uses: actions/upload-artifact@v3
-        if: failure() && matrix.test != 'auto_resub_on_connection_drop'
-        with:
-          name: esdb-logs
-          path: eventstore/esdb_logs
 
   secure:
     needs: provide_docker
@@ -71,22 +72,21 @@ jobs:
       - name: Generate certificates
         run: docker compose --file configure-tls-for-tests.yml up
 
+      - name: Install cargo-nextest
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cargo-nextest
+          locked: true
+
       - name: Run test
-        run: cargo test --package eventstore --test integration single_node_${{ matrix.test }}
+        run: cargo nextest run single_node_${{ matrix.test }}
         env:
+          ESDB_DOCKER_REGISTRY: ${{ needs.provide_docker.outputs.docker_registry }}
           ESDB_DOCKER_REPO: ${{ needs.provide_docker.outputs.docker_repo }}
           ESDB_DOCKER_CONTAINER: ${{ needs.provide_docker.outputs.docker_container }}
           ESDB_DOCKER_CONTAINER_VERSION: ${{ inputs.esdb_version }}
-          RUST_LOG: integration=debug,eventstore=debug
-          RUST_BACKTRACE: 1
           SECURE: true
 
-      - uses: actions/upload-artifact@v3
-        if: failure()
-        with:
-          name: esdb-logs
-          path: eventstore/esdb_logs
-
   cluster:
     needs: provide_docker
     name: Cluster
@@ -103,19 +103,73 @@ jobs:
       - name: Install
         run: rustup update stable
 
+      - name: Install cargo-nextest
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cargo-nextest
+          locked: true
+
       - name: Set up cluster with Docker Compose
         run: docker compose up -d
         env:
+          ESDB_DOCKER_REGISTRY: ${{ needs.provide_docker.outputs.docker_registry }}
           ESDB_DOCKER_REPO: ${{ needs.provide_docker.outputs.docker_repo }}
           ESDB_DOCKER_CONTAINER: ${{ needs.provide_docker.outputs.docker_container }}
           ESDB_DOCKER_CONTAINER_VERSION: ${{ inputs.esdb_version }}
 
       - name: Run test
-        run: cargo test --package eventstore --test integration cluster_${{ matrix.test }}
+        run: cargo nextest run cluster_${{ matrix.test }}
         env:
           ESDB_DOCKER_CONTAINER_VERSION: ${{ inputs.esdb_version }}
-          RUST_LOG: integration=debug,eventstore=debug
-          RUST_BACKTRACE: 1
 
       - name: Shutdown cluster
         run: docker compose down
+
+  plugins:
+    needs: provide_docker
+    name: plugins
+
+    strategy:
+      fail-fast: false
+      matrix:
+        plugins:
+          - name: usercertificates
+            setup: docker compose --file configure-user-certs-for-tests.yml up
+
+    runs-on: ubuntu-latest
+    # date: Jan 22nd, 2025
+    # so far, only the LTS version comes with plugins
+    if: inputs.esdb_version == 'lts'
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install
+        run: rustup update stable
+
+      - name: Generate certificates
+        run: docker compose --file configure-tls-for-tests.yml up
+
+      - name: Run plugin ${{ matrix.plugins.name }} setup
+        run: ${{ matrix.plugins.setup }}
+
+      - name: Install cargo-nextest
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cargo-nextest
+          locked: true
+
+      - name: Set the plugins environment variables
+        run: |
+          echo "eventstore__${{ matrix.plugins.name }}__enabled=true" >> $GITHUB_ENV
+
+      - name: Run test
+        run: cargo nextest run plugin_${{ matrix.plugins.name }}
+        env:
+          # date: Jan 22nd, 2025
+          # so far, only the LTS version comes with plugins but also only one provided by dockerhub.
+          # it's going changed very soon after rebranding.
+          ESDB_DOCKER_REGISTRY: docker.io # ${{ needs.provide_docker.outputs.docker_registry }}
+          ESDB_DOCKER_REPO: eventstore # ${{ needs.provide_docker.outputs.docker_repo }}
+          ESDB_DOCKER_CONTAINER: eventstore # ${{ needs.provide_docker.outputs.docker_container }}
+          ESDB_DOCKER_CONTAINER_VERSION: lts # ${{ inputs.esdb_version }}
+          EVENTSTORE_LICENSING__LICENSE_KEY: ${{ secrets.KURRENTDB_TEST_LICENSE_KEY }}

configure-tls-for-tests.yml

@@ -1,5 +1,3 @@
-version: '3.5'
-
 services:
   volumes-provisioner:
     image: "hasnat/volumes-provisioner"

configure-user-certs-for-tests.yml

@@ -0,0 +1,23 @@
+services:
+  volumes-provisioner:
+    image: "hasnat/volumes-provisioner"
+    environment:
+      PROVISION_DIRECTORIES: "1000:1000:0755:/tmp/certs"
+    volumes:
+      - "./eventstore/certs:/tmp/certs"
+    network_mode: "none"
+
+  setup:
+    image: ghcr.io/eventstore/es-gencert-cli:latest
+    entrypoint: bash
+    user: "1000:1000"
+    command: >
+      -c "mkdir -p ./certs && cd /certs
+      && es-gencert-cli create-user -username admin
+      && es-gencert-cli create-user -username invalid
+      && find . -type f -print0 | xargs -0 chmod 666"
+    container_name: setup
+    volumes:
+      - ./eventstore/certs:/certs
+    depends_on:
+      - volumes-provisioner

docker-compose.yml

@@ -24,7 +24,7 @@ services:
       - volumes-provisioner
 
   esdb-node1: &template
-    image: docker.eventstore.com/${ESDB_DOCKER_REPO:-eventstore-ce}/${ESDB_DOCKER_CONTAINER:-eventstoredb-ce}:${ESDB_DOCKER_CONTAINER_VERSION:-latest}
+    image: ${ESDB_DOCKER_REGISTRY:-docker.io}/${ESDB_DOCKER_REPO:-eventstore}/${ESDB_DOCKER_CONTAINER:-eventstore}:${ESDB_DOCKER_CONTAINER_VERSION:-latest}
     env_file:
       - vars.env
     environment:
@@ -79,4 +79,4 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: 172.30.240.0/24
+        - subnet: 172.30.240.0/24

eventstore/Cargo.toml

@@ -23,14 +23,14 @@ base64 = "0.22"
 bitflags = "2"
 byteorder = "1"
 bytes = "1"
-chrono = { version = "0.4", default-features = false, features = ["std", "serde"] }
+chrono = { version = "0.4", default-features = false, features = ["std", "serde", "now"] }
 eventstore-macros = { path = "../eventstore-macros", version = "0.0.1" }
 futures = "0.3"
 http = "1"
 hyper = { version = "1", features = ["client"] }
 hyper-util = { version = "0.1", features = ["client-legacy", "http2"] }
 hyper-rustls = { version = "0.27", features = ["rustls-native-certs", "http2"] }
-log = "0.4"
+tracing = "0.1"
 nom = "7"
 prost = "0.13"
 prost-types = "0.13"
@@ -61,15 +61,19 @@ name = "integration"
 
 [dev-dependencies]
 names = "0.14"
-pretty_env_logger = "0.5"
 serde = { version = "1", features = ["derive"] }
-testcontainers = "0.14"
+testcontainers = "0.23"
 tokio = { version = "1", default-features = false, features = [
   "rt-multi-thread",
   "macros",
 ] }
 toml = "0.7"
 eyre = "0.6"
+ctor = "0.2"
+
+[dev-dependencies.tracing-subscriber]
+version = "0.3"
+features = ["env-filter", "time", "tracing-log"]
 
 [package.metadata.docs.rs]
 all-features = true

eventstore/src/batch.rs

@@ -3,6 +3,7 @@ use tokio::sync::{
     mpsc::{UnboundedReceiver, UnboundedSender},
     oneshot,
 };
+use tracing::{debug, error, warn};
 
 #[derive(Debug)]
 pub(crate) struct In {

eventstore/src/commands.rs

@@ -7,6 +7,7 @@ use futures::TryStreamExt;
 use nom::AsBytes;
 use tokio::sync::mpsc;
 use tonic::{Request, Streaming};
+use tracing::{debug, error, warn};
 
 use persistent::persistent_subscriptions_client::PersistentSubscriptionsClient;
 use streams::streams_client::StreamsClient;

eventstore/src/event_store/generated.rs

@@ -480,5 +480,8 @@ fn test_uuid_conversion() {
     let id = uuid::Uuid::new_v4();
     let wire: common::Uuid = id.into();
 
-    assert_eq!(id, wire.try_into().unwrap());
+    assert_eq!(
+        id,
+        <common::Uuid as TryInto<uuid::Uuid>>::try_into(wire).unwrap()
+    );
 }