Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: enable TLS for gRPC connections #2791

Closed
wants to merge 45 commits into from
Closed

feat: enable TLS for gRPC connections #2791

wants to merge 45 commits into from

Conversation

amalthundiyil
Copy link
Contributor

@amalthundiyil amalthundiyil commented Apr 28, 2022
edited
Loading

Description

This PR allows user configuration for using TLS certificates instead of setting up a proxy to use Reva with secure endpoints. A user has three options:

  • Insecure Connection
  • Use with self-signed/local certificates
  • Use with Hashicorp Vault (can be augmented to include other services too)

Changes

Configuration

Now any user will have the option of setting insecure, skip_verify and other new security configuration values in the shared table. Example:

[shared]
insecure = true
# other configuration

The user can also set the same new configurations for the individual interceptors, services etc. This kind of configuration will have a greater precedence over the previous type of configuration. Example:

[grpc.services.authregistry]
insecure = true
# other configuration

Miscellaneous

  • Added a Makefile recipe to generate local certificates.

Related Links

@update-docs
Copy link

update-docs bot commented Apr 28, 2022

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@amalthundiyil amalthundiyil force-pushed the tls branch 9 times, most recently from 723fd5c to 0e6737d Compare May 2, 2022 10:11
@amalthundiyil amalthundiyil marked this pull request as ready for review May 3, 2022 01:45
@amalthundiyil amalthundiyil changed the title Enable TLS for gRPC connections feat: enable TLS for gRPC connections May 3, 2022
@amalthundiyil amalthundiyil force-pushed the tls branch 2 times, most recently from f115e75 to cbb61b8 Compare May 9, 2022 12:17
amalthundiyil added 25 commits May 9, 2022 17:51
@amalthundiyil
pkg/pool: refactor to support configurations
1ee2a47
@amalthundiyil
grpc: setup tls without RootCA
de29f4a
@amalthundiyil
grpc: fix build
34cf3f6
@amalthundiyil
changelog: add details
8b0454c
@amalthundiyil
hound: address review comments
b32b5e7
@amalthundiyil
ci: fix lint
a9b7404
@amalthundiyil
pkg/pool: support tls without RootCA
05a471b
@amalthundiyil
gateway service clients: add configurations
6797b21
@amalthundiyil
ci: fix build
ccdef91
@amalthundiyil
user provider service: add configurations for tls
45b94f1
@amalthundiyil
group provider service: add tls configurations
4413999
@amalthundiyil
storage provider services: add configurations for tls
1b80faa
@amalthundiyil
auth registry services: add configurations for tls
2b58be6
@amalthundiyil
auth provider services: add configurations for tls
5ddad25
@amalthundiyil
app auth providerservices: add configurations for tls
ca1be76
@amalthundiyil
user share provider: add configurations for tls
16c1340
@amalthundiyil
pkg/pool: add tls configurations for remaining clients
43cc932
@amalthundiyil
pkg/pool: support tls with RootCA
00fe55a
@amalthundiyil
gateway svc clients: ca_certfile and client_recv_msg_size
ed7c13a
@amalthundiyil
pkg/pool clients: add ca_certfile and client_recv_msg_size
c296f45
@amalthundiyil
ci: fix build
fbb5385
@amalthundiyil
pkg/pool: use shardconf
8479b78
@amalthundiyil
configurations: add insecure = true for tests
d20a8f4
@amalthundiyil
hound: review comments
d629dea
@amalthundiyil
cert: cleanup
e0a7a02
@sonarqubecloud
Copy link

sonarqubecloud bot commented May 9, 2022

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 36 Code Smells

No Coverage information No Coverage information
5.0% 5.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@labkode labkode Awaiting requested review from labkode

@ishank011 ishank011 Awaiting requested review from ishank011

@glpatcern glpatcern Awaiting requested review from glpatcern glpatcern is a code owner

@wkloucek wkloucek Awaiting requested review from wkloucek

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@amalthundiyil