temporal-python-sdk icon indicating copy to clipboard operation
temporal-python-sdk copied to clipboard
verified publisher icon firdaus

Add mTLS authentication support

Open thwi opened this issue 4 years ago • 1 comments

Adds support for specifying TLS options for mTLS authentication during workflow client creation.

Tested against mTLS-enabled server @ 1.10.5 and mTLS-disabled server @ 1.7.0.

For SSLContext reference, see grpclib mTLS client example

Related to #7

Changes:

  • Adds TLSOptions dataclass
  • Adds tls_options kwarg to WorkflowClient.new_client method
  • If TLSOptions provided, creates SSLContext
  • If SSLContext created, provides SSLContext to grcplib.client.Channel

Minimal config example:

from temporal.service_helpers import TLSOptions
from temporal.workflow import WorkflowClient

client = WorkflowClient.new_client(
    host="temporal.local",
    port=7233,
    tls_options=TLSOptions(
        ca_cert="/path/to/ca-cert",
        client_cert="/path/to/client-cert",
        client_key="/path/to/client-key",
    )
)

thwi avatar Jul 16 '21 04:07 thwi

We're using temporal-python-sdk and monkey patching in something similar. This would fit our use case if it is accepted 👍

etherops avatar Jul 20 '21 21:07 etherops