Add aerospike-tls: Aerospike-Go sample with Keploy TLS record/replay#231
Open
Aditya-eddy wants to merge 7 commits into
Open
Add aerospike-tls: Aerospike-Go sample with Keploy TLS record/replay#231Aditya-eddy wants to merge 7 commits into
Aditya-eddy wants to merge 7 commits into
Conversation
A Go HTTP service that talks to Aerospike on a TLS-only port (3001)
behind stunnel, recorded and replayed end-to-end with Keploy. The
sample demonstrates:
* Keploy records and replays Aerospike traffic over TLS the same
way it does over clear text — what lands in mocks.yaml is plain
Aerospike wire protocol, not ciphertext, because the proxy
terminates TLS upstream of the parser.
* Replay stays deterministic at any concurrency the app exposes:
three test-sets cover single-endpoint CRUD, /parallel (shared
client, n=4..24), and /multiclient + /freshclient (multiple and
per-request *as.Client).
main.go ships connection-pool + retry tuning that survives the
burst characteristics of mocked replay (ConnectionQueueSize=256,
OpeningConnectionThreshold=16, parallelDo 10ms backoff retry,
two-phase warmup). README.md and MOCKS_FLOW.md walk through the
rationale and the captured mock structure.
vendor-aerospike-client-go/ is a local replace of the upstream
client that skips peers-tls-std / service-tls-std discovery (CE
doesn't answer those); go.mod pins to it.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Remove vendor-aerospike-client-go/ and the replace directive in
go.mod. The sample now pulls aerospike-client-go/v7@v7.7.3 from the
registry like every other samples-go entry.
The vendored copy carried a two-function patch on ClientPolicy:
serviceString/peersString were overridden to return *-clear-std
instead of *-tls-std, working around the fact that Aerospike CE
doesn't implement the EE-only TLS-variant discovery commands.
The bundled keploy/test-set-{0,1,2}/ recordings still replay
correctly because Keploy serves the discovery responses from
mocks.yaml — the upstream client never gets a real
ERROR:25:enterprise only at replay time. The README now flags the
CE-vs-EE distinction so anyone re-recording against live CE knows
to apply the patch (or point at Aerospike Enterprise) before
running `keploy record`.
333 files removed, 80728 lines deleted; the sample drops from
~5.1 MB to ~1.7 MB.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The annotated mock walk-through was useful while iterating on the parser but isn't load-bearing for the sample — anyone curious about the mock layout can read mocks.yaml directly. Drop it and the README section that pointed at it. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The sample was originally TLS-fronted by socat/stunnel on port 3001,
which forced a vendored aerospike-client-go fork (CE doesn't answer
EE-only service-tls-std/peers-tls-std). With the vendor patch already
gone, the upstream client failed cluster discovery against CE on the
TLS port. The simpler fix is to drop TLS from the sample entirely:
* main.go: remove crypto/tls + tls-* flags + buildTLSConfig. The
default Aerospike port is now 3000 (clear-text); host/port are
still flag-driven.
* docker-compose.yml: drop the socat sidecar, expose aerospike:3000
directly, drop the cert volume from the sample service.
* Delete gen-certs.sh, stunnel/, certs/, and the .gitignore that
listed them. Nothing in the project needs PKI anymore.
In place of a static keploy/ folder, add three pipeline-ready scripts:
* scripts/common.sh — shared boot/build/record/replay/normalise
* scripts/script-1.sh — test-set-0: single-endpoint CRUD coverage
* scripts/script-2.sh — test-set-1: /parallel n = 4, 8, 12, 24
* scripts/script-3.sh — test-set-2: /multiclient + /freshclient
Each script records its set fresh, normalises the test-set directory
naming (keploy auto-numbers when the target dir is missing), applies
body.duration noise to time-bearing responses, and runs `keploy test`.
KEPLOY / PORT / LOG_DIR / SKIP_DOCKER / SKIP_BUILD env vars cover
the CI matrix knobs.
Verified locally — all three scripts run record + replay end-to-end:
test-set-0: 8/8 pass (CRUD + auto-captured tend healths)
test-set-1: 6/6 pass (/parallel up to n=24)
test-set-2: 8/8 pass (/multiclient n=24 + /freshclient n=8)
README rewritten around the new flow.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
A GitHub Actions workflow that records and replays each of the three
test-sets in sequence (script-1 → script-2 → script-3), gated on
changes under aerospike-tls/ or the workflow file itself.
Pipeline stages:
1. Check out samples-go and set up Go.
2. Clone keploy + integrations from feat/aerospike-parser (siblings
on disk so keploy's `replace github.com/keploy/integrations =>
../integrations` resolves), then `go build` keploy and drop the
binary at /usr/local/bin/keploy. This step shrinks to a one-line
install once the Aerospike parser merges to a stable release.
3. Seed an installation-id so keploy doesn't prompt on first run.
4. docker compose up -d aerospike — wait for the healthcheck.
5. go build the sample binary once and reuse it across all three
scripts (SKIP_DOCKER + SKIP_BUILD env vars short-circuit the
bootstrap inside common.sh).
6. Run script-1, script-2, script-3 in order. Each does its own
record + replay end-to-end and exits non-zero on any replay
miss, so a red step pinpoints which set regressed.
7. On failure, upload /tmp/keploy-record-*.log and the partial
keploy/ tree as build artifacts.
8. Tear compose down with -v.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The record/replay pipeline for aerospike-tls moves to keploy/integrations on the feat/aerospike-parser branch: it gates the Aerospike parser PR itself, so the workflow belongs next to the parser source. The integrations workflow clones samples-go to fetch this sample + the scripts, so nothing on the samples-go side needs to change to keep CI green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The samples-go lint workflow drives golangci-lint v1.63.4 across a per-sample matrix. aerospike-tls was the only new sample missing from the list; this slot exercises main.go + the scripts module under the same gate every other sample uses. Verified locally with the matching golangci-lint version: clean, no findings. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
aerospike-tls/sample: a Go HTTP service that talks to Aerospike on the TLS-only port (3001) behind stunnel, recorded and replayed end-to-end with Keploy.test-set-0(single-endpoint CRUD),test-set-1(/parallel, shared client, n=4..24),test-set-2(/multiclient+/freshclient).main.goships connection-pool + retry tuning so a burst of N concurrent goroutines replays deterministically through Keploy's TLS-MITM (mocked replay is ~20× faster than real Aerospike, which exposes pool-acquire races a regular load test would never hit).README.mdwalks through endpoints, run instructions, and the four-layer concurrency fix;MOCKS_FLOW.mdannotatestest-set-0/mocks.yamlmock-by-mock.Test plan
./gen-certs.sh && docker compose up -d aerospike stunnelgo build -o aerospike-tls .succeeds against the vendoredaerospike-client-go/v7patchsudo keploy recordcaptures HTTP tests and Aerospike mocks; new test-sets land cleanlysudo keploy test --test-sets test-set-0→ 7/7 passsudo keploy test --test-sets test-set-1→ 5/5 pass (includes/parallel?n=24)sudo keploy test --test-sets test-set-2→ 7/7 pass (includes/freshclient?n=8)🤖 Generated with Claude Code