Added an example on how to use an SSL Connection with RedisAI (#12)

* [add] Added an example on how to use an SSL Connection with RedisAI

* [add] building the examples as part of the main build process

Author: filipecosta90

.circleci/config.yml

@@ -3,6 +3,46 @@
 # Check https://circleci.com/docs/2.0/language-go/ for more details
 version: 2
 jobs:
+  build-tls:
+    machine:
+      enabled: true
+      image: ubuntu-1604:202004-01
+    steps:
+      - checkout
+      - run:
+          name: Setting GOPATH
+          command: |
+            go version
+            go env -w GOPATH=$HOME/go
+      - run:
+          name: Generate a root CA and a server certificate using redis helpers
+          command: |
+            git clone git://github.com/antirez/redis.git --branch 6.0.1
+            cd redis
+            ./utils/gen-test-certs.sh
+            cd ..
+      - run:
+          name: Copy RedisAI
+          command: |
+            docker run --rm --entrypoint cat redisai/redisai:edge  /usr/lib/redis/modules/redisai.so > redisai.so
+            chmod 755 redisai.so
+      - run:
+          name: Run RedisAI with tls support
+          command: |
+            docker run -d -v $(pwd)/redisai.so:/data/redisai.so \
+                       -v $(pwd)/redis/tests/tls/:/data \
+                       -p 6379:6379 redis redis-server --tls-port 6379 --port 0  \
+                       --tls-cert-file /data/redis.crt  \
+                       --tls-key-file /data/redis.key  \
+                       --tls-ca-cert-file /data/ca.crt \
+                       --tls-auth-clients no  --loadmodule /data/redisai.so
+      - run:
+          name: Run Examples
+          command: |
+            make examples TLS_CERT=redis/tests/tls/redis.crt \
+                          TLS_KEY=redis/tests/tls/redis.key \
+                          TLS_CACERT=redis/tests/tls/ca.crt
+
   build-edge: # test with redisai:edge
     docker:
       - image: circleci/golang:1.13
@@ -20,6 +60,7 @@ workflows:
   commit:
     jobs:
       - build-edge
+      - build-tls
   nightly:
     triggers:
       - schedule:
@@ -29,4 +70,5 @@ workflows:
               only:
                 - master
     jobs:
-      - build-edge
+      - build-edge
+      - build-tls

.gitignore

@@ -19,3 +19,10 @@
 
 coverage.txt
 
+# Examples
+examples/redisai_tls_client/redisai_tls_client
+redisai_pipelined_client
+examples/redisai_simple_client/redisai_simple_client
+redisai_simple_client
+examples/redisai_pipelined_client/redisai_pipelined_client
+redisai_tls_client

Makefile

@@ -8,10 +8,26 @@ GOGET=$(GOCMD) get
 GOMOD=$(GOCMD) mod
 
 .PHONY: all test coverage
-all: test coverage
+all: test coverage examples
 
 get:
-	$(GOGET) -t -v ./...
+	$(GOGET) -t -v ./redisai/...
+
+TLS_CERT ?= redis.crt
+TLS_KEY ?= redis.key
+TLS_CACERT ?= ca.crt
+REDISAI_TEST_HOST ?= 127.0.0.1:6379
+
+examples: get
+	@echo " "
+	@echo "Building the examples..."
+	$(GOBUILD) ./examples/redisai_pipelined_client/.
+	$(GOBUILD) ./examples/redisai_simple_client/.
+	$(GOBUILD) ./examples/redisai_tls_client/.
+	./redisai_tls_client --tls-cert-file $(TLS_CERT) \
+						 --tls-key-file $(TLS_KEY) \
+						 --tls-ca-cert-file $(TLS_CACERT) \
+						 --host $(REDISAI_TEST_HOST)
 
 test: get
 	$(GOTEST) -race -covermode=atomic ./...

examples/redisai_tls_client/redisai_tls_client.go

@@ -0,0 +1,98 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"flag"
+	"fmt"
+	"github.com/RedisAI/redisai-go/redisai"
+	"github.com/gomodule/redigo/redis"
+	"io/ioutil"
+	"log"
+	"os"
+)
+
+var (
+	tlsCertFile   = flag.String("tls-cert-file", "redis.crt", "A a X.509 certificate to use for authenticating the  server to connected clients, masters or cluster peers. The file should be PEM formatted.")
+	tlsKeyFile    = flag.String("tls-key-file", "redis.key", "A a X.509 privat ekey to use for authenticating the  server to connected clients, masters or cluster peers. The file should be PEM formatted.")
+	tlsCaCertFile = flag.String("tls-ca-cert-file", "ca.crt", "A PEM encoded CA's certificate file.")
+	host          = flag.String("host", "127.0.0.1:6379", "Redis host.")
+	password      = flag.String("password", "", "Redis password.")
+)
+
+func exists(filename string) (exists bool) {
+	exists = false
+	info, err := os.Stat(filename)
+	if os.IsNotExist(err) || info.IsDir() {
+		return
+	}
+	exists = true
+	return
+}
+
+/*
+ * Example of how to establish an SSL connection from your app to the RedisAI Server
+ */
+func main() {
+	flag.Parse()
+	// Quickly check if the files exist
+	if !exists(*tlsCertFile) || !exists(*tlsKeyFile) || !exists(*tlsCaCertFile) {
+		fmt.Println("Some of the required files does not exist. Leaving example...")
+		return
+	}
+
+	// Load client cert
+	cert, err := tls.LoadX509KeyPair(*tlsCertFile, *tlsKeyFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Load CA cert
+	caCert, err := ioutil.ReadFile(*tlsCaCertFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	clientTLSConfig := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		RootCAs:      caCertPool,
+	}
+
+	// InsecureSkipVerify controls whether a client verifies the
+	// server's certificate chain and host name.
+	// If InsecureSkipVerify is true, TLS accepts any certificate
+	// presented by the server and any host name in that certificate.
+	// In this mode, TLS is susceptible to man-in-the-middle attacks.
+	// This should be used only for testing.
+	clientTLSConfig.InsecureSkipVerify = true
+
+	pool := &redis.Pool{Dial: func() (redis.Conn, error) {
+		return redis.Dial("tcp", *host,
+			redis.DialPassword(*password),
+			redis.DialTLSConfig(clientTLSConfig),
+			redis.DialUseTLS(true),
+			redis.DialTLSSkipVerify(true),
+		)
+	}}
+
+	// create a connection from Pool
+	client := redisai.Connect("", pool)
+
+	// Set a tensor
+	// AI.TENSORSET foo FLOAT 2 2 VALUES 1.1 2.2 3.3 4.4
+	_ = client.TensorSet("foo", redisai.TypeFloat, []int{2, 2}, []float32{1.1, 2.2, 3.3, 4.4})
+
+	// Get a tensor content as a slice of values
+	// dt DataType, shape []int, data interface{}, err error
+	// AI.TENSORGET foo VALUES
+	_, _, fooTensorValues, err := client.TensorGetValues("foo")
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(fooTensorValues)
+	//Output: [1.1 2.2 3.3 4.4]
+}

redisai/client_test.go

@@ -8,12 +8,22 @@ import (
 	"time"
 )
 
-func createPool() *redis.Pool {
+func getConnectionDetails() (host string, password string) {
 	value, exists := os.LookupEnv("REDISAI_TEST_HOST")
-	host := "redis://localhost:6379"
+	host = "redis://127.0.0.1:6379"
+	password = ""
+	valuePassword, existsPassword := os.LookupEnv("REDISAI_TEST_PASSWORD")
 	if exists && value != "" {
 		host = value
 	}
+	if existsPassword && valuePassword != "" {
+		password = valuePassword
+	}
+	return
+}
+
+func createPool() *redis.Pool {
+	host,_ := getConnectionDetails()
 	cpool := &redis.Pool{
 		MaxIdle:     3,
 		IdleTimeout: 240 * time.Second,
@@ -22,25 +32,41 @@ func createPool() *redis.Pool {
 	return cpool
 }
 
-func createTestClient() *Client {
-	value, exists := os.LookupEnv("REDISAI_TEST_HOST")
-	host := "redis://localhost:6379"
+func getTLSdetails() (tlsready bool, tls_cert string, tls_key string, tls_cacert string) {
+	tlsready = false
+	value, exists := os.LookupEnv("TLS_CERT")
 	if exists && value != "" {
-		host = value
+		tls_cert = value
+	} else {
+		return
+	}
+	value, exists = os.LookupEnv("TLS_KEY")
+	if exists && value != "" {
+		tls_key = value
+	} else {
+		return
 	}
+	value, exists = os.LookupEnv("TLS_CACERT")
+	if exists && value != "" {
+		tls_cacert = value
+	} else {
+		return
+	}
+	tlsready = true
+	return
+}
+
+func createTestClient() *Client {
+	host,_ := getConnectionDetails()
 	return Connect(host, nil)
 }
 
 func TestConnect(t *testing.T) {
-	value, exists := os.LookupEnv("REDISAI_TEST_HOST")
-	urlTest1 := "redis://localhost:6379"
-	if exists && value != "" {
-		urlTest1 = value
-	}
+	host,_ := getConnectionDetails()
 	cpool1 := &redis.Pool{
 		MaxIdle:     3,
 		IdleTimeout: 240 * time.Second,
-		Dial:        func() (redis.Conn, error) { return redis.DialURL(urlTest1) },
+		Dial:        func() (redis.Conn, error) { return redis.DialURL(host) },
 	}
 
 	type args struct {
@@ -57,7 +83,7 @@ func TestConnect(t *testing.T) {
 		pool        *redis.Pool
 		comparePool bool
 	}{
-		{"test:Connect:WithPool:1", args{urlTest1, nil, false, 0, 0, nil}, cpool1, false},
+		{"test:Connect:WithPool:1", args{host, nil, false, 0, 0, nil}, cpool1, false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -205,7 +231,7 @@ func TestClient_Receive(t *testing.T) {
 
 func TestClient_DisablePipeline(t *testing.T) {
 	// Create a client.
-	client := Connect("redis://localhost:6379", nil)
+	client := createTestClient()
 
 	// Enable pipeline of commands on the client, autoFlushing at 3 commands
 	client.Pipeline(3)