feat: add support for external temporal#379
Conversation
|
|
||
| if cfg.TemporalEnableTLS { | ||
| clientOptions.ConnectionOptions = client.ConnectionOptions{ | ||
| TLS: &tls.Config{}, // #nosec G402 -- Temporal SDK handles TLS negotiation internally |
There was a problem hiding this comment.
Can we force a min version here, instead of supressing it.
Anyways all lower versions are deprecated and has vulnerabilities: https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls?tabs=47-plus%2Chttpclient-sslstream#what-is-transport-layer-security-tls
There was a problem hiding this comment.
TLS is handled by the temporal SDK itself, point is that if Temporal decides to move forward to a newer TLS version the client's environment may break.
We will just simply let Temporal SDK handle it internally.
There was a problem hiding this comment.
But we can mention the minVersion, and if temporal bumps the minversion up it will not affect the environment (that happens in case of MaxVersion).
So if we set, we can remove the suppression as well.
There was a problem hiding this comment.
Ok, I will update it on both olake-ui and olake-helm PRs
| TEMPORAL_NAMESPACE: default | ||
| TEMPORAL_ENABLE_TLS: false | ||
| TEMPORAL_API_KEY: "" | ||
| TEMPORAL_EXTERNAL: false | ||
| TEMPORAL_TASK_QUEUE: "" |
There was a problem hiding this comment.
These should we added to docker-compose-v1 in the shared envs so that it is read by both bff and worker
There was a problem hiding this comment.
Good point! Let's add them when this PR is ready for merge.
Keep this comment open and only resolve it once the docker-compose-v1 side implementation done.
schitizsharma
force-pushed
the
feat/external-temporal
branch
from
e70aae4 to
9c47dbe
Compare
2 participants
Description
Adds support for external Temporal in the olake-ui server, mirroring the implementation in
olake-helm. Previously the server only supported bundled Temporal with a hardcoded task queue. This change enables three deployment modes driven entirely by environment variables:TEMPORAL_EXTERNAL=false— no change in behavior, connects to the bundled Temporal service atTEMPORAL_ADDRESSusingOLAKE_DOCKER_TASK_QUEUETEMPORAL_EXTERNAL=true,TEMPORAL_API_KEYunset — connects to a user-managed Temporal cluster with configurable namespace and task queueTEMPORAL_EXTERNAL=true,TEMPORAL_API_KEYset — connects to Temporal Cloud with TLS and API key credentialsFixes # (issue)
Type of change
How Has This Been Tested?
TEMPORAL_EXTERNALunset), verify server connects to bundled Temporal and workflows execute normally onOLAKE_DOCKER_TASK_QUEUETEMPORAL_EXTERNAL=true,TEMPORAL_ADDRESS=<host:port>,TEMPORAL_NAMESPACE=<ns>,TEMPORAL_TASK_QUEUE=<queue>— verify server connects to externalcluster and dispatches workflows to the correct queue
TEMPORAL_EXTERNAL=true,TEMPORAL_API_KEY=<key>,TEMPORAL_ENABLE_TLS=true,TEMPORAL_NAMESPACE=<ns>,TEMPORAL_TASK_QUEUE=<queue>— verify TLS + API keycredentials are injected and connection succeeds
Screenshots or Recordings
Related PR's (If Any):