Skip to content

add mTLS mixed mode support #9443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 11, 2025
Merged

add mTLS mixed mode support #9443

merged 1 commit into from
Jun 11, 2025

Conversation

dario-piotrowicz
Copy link
Member

@dario-piotrowicz dario-piotrowicz commented Jun 2, 2025
edited by lrapoport-cf
Loading

Fixes https://jira.cfdata.org/browse/DEVX-1900

This PR is adding mTLS support to mixed mode.

As part of this the PR is also adding a workerName option to the startMixedModeSession API since when starting
the remote preview with an mTLS binding we would normally get the following error:

Workers with mTLS bindings need to be deployed before doing edge preview

having the option to pass the worker's name to startMixedModeSession allows us to make the server proxy worker behave like the actual user's worker thus enabling mTLS usage for it (in case the user has already deployed the worker)

  • Tests
    • TODO (before merge)
    • Tests included
    • Tests not necessary because:
  • Wrangler / Vite E2E Tests CI Job required? (Use "e2e" label or ask maintainer to run separately)
    • I don't know
    • Required
    • Not required because:
  • Public documentation
    • TODO (before merge)
    • Cloudflare docs PR(s):
    • Documentation not necessary because: documentation for this experimental feature coming later
  • Wrangler V3 Backport
    • TODO (before merge)
    • Wrangler PR:
    • Not necessary because: not related to a v3 feature

@dario-piotrowicz dario-piotrowicz added e2e Run wrangler + vite-plugin e2e tests on a PR skip-v3-pr Skip validation of presence of a v3 backport PR every-os Run tests (unit/e2e/c3-e2e) on every OS, rather than just macOS labels Jun 2, 2025
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 2, 2025
edited
Loading

🦋 Changeset detected

Latest commit: c01297e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 5 packages
Name Type
wrangler Patch
miniflare Patch
@cloudflare/vitest-pool-workers Patch
@cloudflare/pages-shared Patch
@cloudflare/vite-plugin Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@dario-piotrowicz dario-piotrowicz force-pushed the dario/DEVX-1900/mixed-mode-mtls branch from ae18378 to b22cb6c Compare June 2, 2025 17:48
@github-project-automation github-project-automation bot moved this to Untriaged in workers-sdk Jun 2, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 2, 2025
edited
Loading

A Wrangler prerelease is available for testing. You can install this latest build in your project with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-wrangler-9443
Prereleases for other packages:

cloudflare-workers-bindings-extension:

wget https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-workers-bindings-extension-9443 -O ./cloudflare-workers-bindings-extension.0.0.0-v5e982bb83.vsix && code --install-extension ./cloudflare-workers-bindings-extension.0.0.0-v5e982bb83.vsix

create-cloudflare:

npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-create-cloudflare-9443 --no-auto-update

@cloudflare/kv-asset-handler:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-kv-asset-handler-9443

miniflare:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-miniflare-9443

@cloudflare/pages-shared:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-pages-shared-9443

@cloudflare/unenv-preset:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-unenv-preset-9443

@cloudflare/vite-plugin:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-vite-plugin-9443

@cloudflare/vitest-pool-workers:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-vitest-pool-workers-9443

@cloudflare/workers-editor-shared:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-workers-editor-shared-9443

@cloudflare/workers-shared:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-workers-shared-9443

@cloudflare/workflows-shared:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/15467775616/npm-package-cloudflare-workflows-shared-9443

Note that these links will no longer work once the GitHub Actions artifact expires.

@dario-piotrowicz dario-piotrowicz force-pushed the dario/DEVX-1900/mixed-mode-mtls branch 2 times, most recently from e419393 to 256e0ae Compare June 2, 2025 18:08
@dario-piotrowicz dario-piotrowicz marked this pull request as ready for review June 2, 2025 19:11
@dario-piotrowicz dario-piotrowicz requested review from a team as code owners June 2, 2025 19:11
windsurf-bot[bot]
windsurf-bot bot reviewed Jun 2, 2025
View reviewed changes
Copy link

@windsurf-bot windsurf-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other comments (2)
  • packages/wrangler/e2e/helpers/cert.ts (5-61) There appears to be significant overlap between `generateRootCertificate()` and `generateRootCaCert()` functions. Both generate self-signed root certificates with similar properties but have different implementations. Consider consolidating these into a single function with parameters to handle any specific differences.
  • packages/wrangler/src/utils/print-bindings.ts (548-552) The nested ternary expressions for determining the `isSimulatedLocally` value are difficult to read. Consider simplifying this logic or extracting it to a helper function for better readability.

    For example:

    isSimulatedLocally: getFlag("MIXED_MODE")
  ? remote === true || remote === undefined ? false : undefined
  : false,

@dario-piotrowicz dario-piotrowicz force-pushed the dario/DEVX-1900/mixed-mode-mtls branch 2 times, most recently from f2423ae to 676e490 Compare June 5, 2025 13:04
@dario-piotrowicz dario-piotrowicz requested a review from penalosa June 5, 2025 13:34
penalosa
penalosa approved these changes Jun 5, 2025
View reviewed changes
@github-project-automation github-project-automation bot moved this from Untriaged to Approved in workers-sdk Jun 5, 2025
@dario-piotrowicz dario-piotrowicz force-pushed the dario/DEVX-1900/mixed-mode-mtls branch from 676e490 to d16539f Compare June 9, 2025 09:48
@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Jun 9, 2025
edited
Loading

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@9443

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@9443

miniflare

npm i https://pkg.pr.new/miniflare@9443

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@9443

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@9443

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@9443

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@9443

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@9443

wrangler

npm i https://pkg.pr.new/wrangler@9443

commit: c01297e

@dario-piotrowicz dario-piotrowicz force-pushed the dario/DEVX-1900/mixed-mode-mtls branch from d16539f to c01297e Compare June 10, 2025 09:26
@dario-piotrowicz dario-piotrowicz added this pull request to the merge queue Jun 11, 2025
Merged via the queue into main with commit 95eb47d Jun 11, 2025
28 of 29 checks passed
@dario-piotrowicz dario-piotrowicz deleted the dario/DEVX-1900/mixed-mode-mtls branch June 11, 2025 13:46
@github-project-automation github-project-automation bot moved this from Approved to Done in workers-sdk Jun 11, 2025
@workers-devprod workers-devprod mentioned this pull request Jun 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@penalosa penalosa penalosa approved these changes

@windsurf-bot windsurf-bot[bot] windsurf-bot[bot] left review comments

Assignees
No one assigned
Labels
e2e Run wrangler + vite-plugin e2e tests on a PR every-os Run tests (unit/e2e/c3-e2e) on every OS, rather than just macOS skip-v3-pr Skip validation of presence of a v3 backport PR
Projects
workers-sdk
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dario-piotrowicz @penalosa