reva icon indicating copy to clipboard operation
reva copied to clipboard

Published 20 hours ago verified publisher icon cs3org

feat: enable TLS for gRPC connections

Open amalthundiyil opened this issue 2 years ago • 2 comments

Description

This PR allows user configuration for using TLS certificates instead of setting up a proxy to use Reva with secure endpoints. A user has three options:

  • Insecure Connection
  • Use with self-signed/local certificates
  • Use with Hashicorp Vault (can be augmented to include other services too)

Changes

Configuration

Now any user will have the option of setting insecure, skip_verify and other new security configuration values in the shared table. Example:

[shared]
insecure = true
# other configuration

The user can also set the same new configurations for the individual interceptors, services etc. This kind of configuration will have a greater precedence over the previous type of configuration. Example:

[grpc.services.authregistry]
insecure = true
# other configuration

Miscellaneous

  • Added a Makefile recipe to generate local certificates.

Related Links

  • #1962
  • #2216

amalthundiyil avatar Apr 28 '22 12:04 amalthundiyil

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

update-docs[bot] avatar Apr 28 '22 12:04 update-docs[bot]

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 36 Code Smells

No Coverage information No Coverage information
5.0% 5.0% Duplication

sonarcloud[bot] avatar May 09 '22 13:05 sonarcloud[bot]