reva
reva copied to clipboard
feat: enable TLS for gRPC connections
Description
This PR allows user configuration for using TLS certificates instead of setting up a proxy to use Reva with secure endpoints. A user has three options:
- Insecure Connection
- Use with self-signed/local certificates
- Use with Hashicorp Vault (can be augmented to include other services too)
Changes
Configuration
Now any user will have the option of setting insecure
, skip_verify
and other new security configuration values in the shared
table. Example:
[shared]
insecure = true
# other configuration
The user can also set the same new configurations for the individual interceptors, services etc. This kind of configuration will have a greater precedence over the previous type of configuration. Example:
[grpc.services.authregistry]
insecure = true
# other configuration
Miscellaneous
- Added a
Makefile
recipe to generate local certificates.
Related Links
- #1962
- #2216
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.
SonarCloud Quality Gate failed.
0 Bugs
0 Vulnerabilities
0 Security Hotspots
36 Code Smells
No Coverage information
5.0% Duplication