Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws/session: Add support for client TLS certs on HTTP client #3654

Merged
merged 2 commits into from Dec 8, 2020
Merged

aws/session: Add support for client TLS certs on HTTP client #3654

merged 2 commits into from Dec 8, 2020

Conversation

jasdel
Copy link
Contributor

@jasdel jasdel commented Nov 24, 2020

Adds support for the SDK to automatically modify the HTTP client to include TLS configuration of custom Client TLS certificate. This configuration can be provide via the environment variable or directly in code via the session.Options struct.

These options are compatible with the AWS_CA_BUNDLE configuration.

Environment variable configuration

Both AWS_SDK_GO_CLIENT_TLS_CERT, and AWS_SDK_GO_CLIENT_TLS_KEY must be provided together, and must point to valid PEM encoded file containing the certificate, and key respectively.

AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key

In code configuration via session.Options

Alternative configuration is to specify the ClientTLSCert and ClientTLSKey fields on the session.Options struction. These are io.Readers that provide the PEM encoded content for the certificate and key files.

  sess, err := session.NewSessionWithOptions(session.Options{
      ClientTLSCert: myCertFile,
      ClientTLSKey: myKeyFile,
  })

skmcgrail
skmcgrail suggested changes Nov 24, 2020
View reviewed changes
aws/session/session.go Outdated Show resolved Hide resolved
aws/session/session.go Outdated Show resolved Hide resolved
@jasdel jasdel force-pushed the feat/WithClientCert branch 2 times, most recently from 4223015 to 43b0e89 Compare November 30, 2020 21:29
@jasdel
aws/session: Add support for client TLS certs on HTTP client
4da915f 
Adds support for the SDK to automatically modify the HTTP client
to include TLS configuration of custom Client TLS certificate. This
configuration can be provide via the environment variable or directly in
code via the `session.Options` struct.

These options are compatible with the AWS_CA_BUNDLE configuration.

Environment variable configuration

Both `AWS_SDK_GO_CLIENT_TLS_CERT`, and `AWS_SDK_GO_CLIENT_TLS_KEY` must
be provided together, and must point to valid PEM encoded file
containing the certificate, and key respectively.

   AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
   AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key

In code configuration via session.Options

Alternative configuration is to specify the `ClientTLSCert` and
`ClientTLSKey` fields on the `session.Options` struction. These are
`io.Reader`s that provide the PEM encoded content for the certificate
and key files.

  sess, err := session.NewSessionWithOptions(session.Options{
      ClientTLSCert: myCertFile,
      ClientTLSKey: myKeyFile,
  })
@jasdel
fixup windows test error check
67a7b21
@jasdel jasdel merged commit 039c0ff into aws:master Dec 8, 2020
@jasdel jasdel deleted the feat/WithClientCert branch December 8, 2020 21:36
aws-sdk-go-automation pushed a commit that referenced this pull request Dec 9, 2020
Release v1.36.5 (2020-12-09)
40d8ad6 
===

### Service Client Updates
* `service/ec2`: Updates service API
  * This release adds support for G4ad instances powered by AMD Radeon Pro V520 GPUs and AMD 2nd Generation EPYC processors
* `service/globalaccelerator`: Updates service API, documentation, and paginators
* `service/redshift`: Updates service API and documentation
  * Add support for availability zone relocation feature.

### SDK Enhancements
* `aws/session`: Add support for client TLS certs on HTTP client ([#3654](#3654))
    * Adds support for the SDK to automatically modify the HTTP client to include TLS configuration of custom Client TLS certificate.
@aws-sdk-go-automation aws-sdk-go-automation mentioned this pull request Dec 9, 2020
Merged
aws-sdk-go-automation added a commit that referenced this pull request Dec 9, 2020
@aws-sdk-go-automation
Release v1.36.5 (2020-12-09) (#3686)
5bf92ba 
Release v1.36.5 (2020-12-09)
===

### Service Client Updates
* `service/ec2`: Updates service API
  * This release adds support for G4ad instances powered by AMD Radeon Pro V520 GPUs and AMD 2nd Generation EPYC processors
* `service/globalaccelerator`: Updates service API, documentation, and paginators
* `service/redshift`: Updates service API and documentation
  * Add support for availability zone relocation feature.

### SDK Enhancements
* `aws/session`: Add support for client TLS certs on HTTP client ([#3654](#3654))
    * Adds support for the SDK to automatically modify the HTTP client to include TLS configuration of custom Client TLS certificate.
@ewbankkit ewbankkit mentioned this pull request Jan 9, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skmcgrail skmcgrail skmcgrail approved these changes

@skotambkar skotambkar Awaiting requested review from skotambkar

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jasdel @skmcgrail