Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(Cosmos): TrustLocalEmulator=true #431

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Conversation

bartelink
Copy link
Collaborator

@bartelink bartelink commented Sep 14, 2023

Provides a lean and safe one-stop-shop way to use a local Cosmos emulator by setting EQUINOX_COSMOS_CONNECTION to TrustLocalEmulator=true instead of one or more of:

  1. having risky and/or messy conditional logic in your system that can ignore SSL cert checking
  2. having to copy around magic values for the Emulator's URI or AccessKey
  3. having to (on a Mac) register the Emulator's self-signed certificate in the Key Chain in order to trust it

Sadly this doesn't yet work on Mac so is useless as it stands, as docker-compose-cosmos.sh hangs when creating the database:

  1. could be due to ports used in Direct mode in Docker not being exposed correctly
  2. could be due to some other aspect of the system needing the Emulator Cert to be registered in the KeyChain

(the MS examples for skipping TLS all show Gateway mode)

@bartelink bartelink changed the title Cosmos conn feat(Cosmos): TrustLocalEmulator=true Sep 14, 2023
Base automatically changed from cosmos-con to master September 27, 2023 23:17
@bartelink bartelink force-pushed the master branch 5 times, most recently from 7053335 to 07a8d79 Compare December 15, 2023 11:05
@bartelink
Copy link
Collaborator Author

Superseded by Azure/azure-cosmos-dotnet-v3#4222
#443

Will circle back and see if it actually becomes possible to stop trusting the cert entirely
The fact this PR did not work suggests there's still something missing from the equation when using Direct mode against a dockerized emulator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant