Add settings to Primary/Audit and plumb through to certificate finder

DavidBoike · DavidBoike · commit 1a171d6a7726 · 2025-01-31T16:03:13.000-06:00
diff --git a/src/ServiceControl.Audit.Persistence.RavenDB/RavenExternalPersistenceLifecycle.cs b/src/ServiceControl.Audit.Persistence.RavenDB/RavenExternalPersistenceLifecycle.cs
@@ -39,7 +39,7 @@ public async Task Initialize(CancellationToken cancellationToken = default)
                 {
                     Database = configuration.Name,
                     Urls = [configuration.ServerConfiguration.ConnectionString],
-                    Certificate = RavenClientCertificate.FindClientCertificate(),
+                    Certificate = RavenClientCertificate.FindClientCertificate(configuration.ServerConfiguration.ClientCertificateBase64),
                     Conventions = new DocumentConventions
                     {
                         SaveEnumsAsIntegers = true
diff --git a/src/ServiceControl.Audit.Persistence.RavenDB/RavenPersistenceConfiguration.cs b/src/ServiceControl.Audit.Persistence.RavenDB/RavenPersistenceConfiguration.cs
@@ -12,6 +12,7 @@ public class RavenPersistenceConfiguration : IPersistenceConfiguration
         public const string DatabaseNameKey = "RavenDB/DatabaseName";
         public const string DatabasePathKey = "DbPath";
         public const string ConnectionStringKey = "RavenDB/ConnectionString";
+        public const string ClientCertificateBase64Key = "RavenDB/ClientCertificateBase64";
         public const string DatabaseMaintenancePortKey = "DatabaseMaintenancePort";
         public const string ExpirationProcessTimerInSecondsKey = "ExpirationProcessTimerInSeconds";
         public const string LogPathKey = "LogPath";
@@ -24,6 +25,7 @@ public class RavenPersistenceConfiguration : IPersistenceConfiguration
             DatabaseNameKey,
             DatabasePathKey,
             ConnectionStringKey,
+            ClientCertificateBase64Key,
             DatabaseMaintenancePortKey,
             ExpirationProcessTimerInSecondsKey,
             LogPathKey,
@@ -59,6 +61,11 @@ internal static DatabaseConfiguration GetDatabaseConfiguration(PersistenceSettin
                 }
 
                 serverConfiguration = new ServerConfiguration(connectionString);
+
+                if (settings.PersisterSpecificSettings.TryGetValue(ClientCertificateBase64Key, out var clientCertificateBase64))
+                {
+                    serverConfiguration.ClientCertificateBase64 = clientCertificateBase64;
+                }
             }
             else
             {
diff --git a/src/ServiceControl.Audit.Persistence.RavenDB/ServerConfiguration.cs b/src/ServiceControl.Audit.Persistence.RavenDB/ServerConfiguration.cs
@@ -18,6 +18,7 @@ public ServerConfiguration(string dbPath, string serverUrl, string logPath, stri
         }
 
         public string ConnectionString { get; }
+        public string ClientCertificateBase64 { get; internal set; }
         public bool UseEmbeddedServer { get; }
         public string DbPath { get; internal set; } //Setter for ATT only
         public string ServerUrl { get; }
diff --git a/src/ServiceControl.Persistence.RavenDB/RavenBootstrapper.cs b/src/ServiceControl.Persistence.RavenDB/RavenBootstrapper.cs
@@ -7,6 +7,7 @@ static class RavenBootstrapper
         public const string DatabaseMaintenancePortKey = "DatabaseMaintenancePort";
         public const string ExpirationProcessTimerInSecondsKey = "ExpirationProcessTimerInSeconds";
         public const string ConnectionStringKey = "RavenDB/ConnectionString";
+        public const string ClientCertificateBase64Key = "RavenDB/ClientCertificateBase64";
         public const string MinimumStorageLeftRequiredForIngestionKey = "MinimumStorageLeftRequiredForIngestion";
         public const string DatabaseNameKey = "RavenDB/DatabaseName";
         public const string LogsPathKey = "LogPath";
diff --git a/src/ServiceControl.Persistence.RavenDB/RavenExternalPersistenceLifecycle.cs b/src/ServiceControl.Persistence.RavenDB/RavenExternalPersistenceLifecycle.cs
@@ -39,7 +39,7 @@ public async Task Initialize(CancellationToken cancellationToken)
                 {
                     Database = settings.DatabaseName,
                     Urls = [settings.ConnectionString],
-                    Certificate = RavenClientCertificate.FindClientCertificate(),
+                    Certificate = RavenClientCertificate.FindClientCertificate(settings.ClientCertificateBase64),
                     Conventions = new DocumentConventions
                     {
                         SaveEnumsAsIntegers = true
diff --git a/src/ServiceControl.Persistence.RavenDB/RavenPersistenceConfiguration.cs b/src/ServiceControl.Persistence.RavenDB/RavenPersistenceConfiguration.cs
@@ -34,6 +34,7 @@ static T GetRequiredSetting<T>(SettingsRootNamespace settingsRootNamespace, stri
             var settings = new RavenPersisterSettings
             {
                 ConnectionString = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ConnectionStringKey),
+                ClientCertificateBase64 = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ClientCertificateBase64Key),
                 DatabaseName = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabaseNameKey, RavenPersisterSettings.DatabaseNameDefault),
                 DatabasePath = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabasePathKey, DefaultDatabaseLocation()),
                 DatabaseMaintenancePort = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabaseMaintenancePortKey, RavenPersisterSettings.DatabaseMaintenancePortDefault),
diff --git a/src/ServiceControl.Persistence.RavenDB/RavenPersisterSettings.cs b/src/ServiceControl.Persistence.RavenDB/RavenPersisterSettings.cs
@@ -23,6 +23,7 @@ class RavenPersisterSettings : PersistenceSettings
     /// User provided external RavenDB instance connection string
     /// </summary>
     public string ConnectionString { get; set; }
+    public string ClientCertificateBase64 { get; set; }
     public bool UseEmbeddedServer => string.IsNullOrWhiteSpace(ConnectionString);
     public string LogPath { get; set; }
     public string LogsMode { get; set; } = LogsModeDefault;
diff --git a/src/ServiceControl.RavenDB/RavenClientCertificate.cs b/src/ServiceControl.RavenDB/RavenClientCertificate.cs
@@ -3,12 +3,26 @@
 namespace ServiceControl.RavenDB;
 
 using System.Reflection;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 
 public static class RavenClientCertificate
 {
-    public static X509Certificate2? FindClientCertificate()
+    public static X509Certificate2? FindClientCertificate(string? base64String)
     {
+        if (base64String is not null)
+        {
+            try
+            {
+                var bytes = Convert.FromBase64String(base64String);
+                return new X509Certificate2(bytes);
+            }
+            catch (Exception x) when (x is FormatException or CryptographicException)
+            {
+                throw new Exception("Could not read the RavenDB client certificate from the configured Base64 value.", x);
+            }
+        }
+
         var applicationDirectory = Path.GetDirectoryName(Assembly.GetEntryAssembly()?.Location) ?? string.Empty;
         var certificatePath = Path.Combine(applicationDirectory, "raven-client-certificate.pfx");
 

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public async Task Initialize(CancellationToken cancellationToken = default)`
`39`	`39`	`{`
`40`	`40`	`Database = configuration.Name,`
`41`	`41`	`Urls = [configuration.ServerConfiguration.ConnectionString],`
`42`		`- Certificate = RavenClientCertificate.FindClientCertificate(),`
	`42`	`+ Certificate = RavenClientCertificate.FindClientCertificate(configuration.ServerConfiguration.ClientCertificateBase64),`
`43`	`43`	`Conventions = new DocumentConventions`
`44`	`44`	`{`
`45`	`45`	`SaveEnumsAsIntegers = true`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ public ServerConfiguration(string dbPath, string serverUrl, string logPath, stri`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`public string ConnectionString { get; }`
	`21`	`+ public string ClientCertificateBase64 { get; internal set; }`
`21`	`22`	`public bool UseEmbeddedServer { get; }`
`22`	`23`	`public string DbPath { get; internal set; } //Setter for ATT only`
`23`	`24`	`public string ServerUrl { get; }`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ static T GetRequiredSetting<T>(SettingsRootNamespace settingsRootNamespace, stri`
`34`	`34`	`var settings = new RavenPersisterSettings`
`35`	`35`	`{`
`36`	`36`	`ConnectionString = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ConnectionStringKey),`
	`37`	`+ ClientCertificateBase64 = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ClientCertificateBase64Key),`
`37`	`38`	`DatabaseName = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabaseNameKey, RavenPersisterSettings.DatabaseNameDefault),`
`38`	`39`	`DatabasePath = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabasePathKey, DefaultDatabaseLocation()),`
`39`	`40`	`DatabaseMaintenancePort = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabaseMaintenancePortKey, RavenPersisterSettings.DatabaseMaintenancePortDefault),`