nodejs-bigquery
nodejs-bigquery copied to clipboard
googleapis
How to enable server certificate verification on the Nodejs BigQuery client for Mutual TLS ?
We are using Nodejs BigQuery client in our product. How do we enable server certificate verification in the BigQuery client? We want to enable client-side verification of server certificates with our CA bundle. We've explored the options of BigQuery but couldn't find any.
In the case of other cloud providers we have found a way to pass the CA bundle in the options where the client verifies.
Example for AWS
const nodeOptions = {
httpsAgent: new https.Agent({
rejectUnauthorized: true,
ca: caBundle,
maxVersion
}),
};
const requestHandler = new NodeHttpHandler(nodeOptions);
const athena = new AthenaClient({ credentials, region : 'us-east-1', requestHandler });
In the above example, If rejectUnauthorized is true the server will reject any connection which is not authorized with the list of supplied CAs.
hey @Ruthwik, I haven't tested the set up here yet, but requests on the the BigQuery Node SDK can be modified by adding interceptors. Under the hood we use the teeny-request library and provides a pool attribute that can be used to customize the Agent.
const bigqueryClient = new BigQuery({});
const interceptor = {
request: (opts) => {
opts.pool = {
rejectUnauthorized: true,
ca: caBundle,
maxVersion,
}
return opts
},
}
bigqueryClient.interceptors.unshift(interceptor); // add as first interceptor
@alvarowolfx Thanks for the reply.
How do we provide similar options for clients ex: KeyManagementServiceClient ?
Does the following work?
import { createSecureContext } from 'tls';
const secureContext = createSecureContext({ca: caBundle})
const kmsClient = new KeyManagementServiceClient({
projectId,
sslCreds: ChannelCredentials.createFromSecureContext(secureContext),
});
@Ruthwik have you managed to get this working ? Can this issue be closed ?
@alvarowolfx Yes, it worked thanks. I've raised a separate issue for KeyManagementServiceClient