From dc523f578788667c9239a250c4ab17a7980fc3e2 Mon Sep 17 00:00:00 2001 From: "vpatil16@ext.uber.com" Date: Thu, 30 Oct 2025 23:19:03 -0700 Subject: [PATCH] mTLS adding commnets to code blocks + README updates Signed-off-by: vpatil16@ext.uber.com --- new_samples/client_samples/helloworld_tls/README.md | 11 ++++++++--- .../client_samples/helloworld_tls/hello_world_tls.go | 3 +++ new_samples/worker/worker.go | 4 ++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/new_samples/client_samples/helloworld_tls/README.md b/new_samples/client_samples/helloworld_tls/README.md index defe99ba..d8d88178 100644 --- a/new_samples/client_samples/helloworld_tls/README.md +++ b/new_samples/client_samples/helloworld_tls/README.md @@ -19,9 +19,14 @@ https://github.com/cadence-workflow/cadence/blob/e1267de12f8bc670fc84fab456d3495 ``` 4. **Start cadence server with TLS** - ```bash - ./cadence-server --env development --zone tls start - ``` +To enable mTLS in Cadence server, you need to configure TLS settings and start the server with the appropriate environment configuration. +Starting the Server with TLS +Use the --zone flag to specify the TLS configuration when starting the Cadence server: + +./cadence-server --env development --zone tls start + +This will load [config/development.yaml](https://github.com/cadence-workflow/cadence/blob/e1267de12f8bc670fc84fab456d3495c8fc2f8a8/config/development.yaml) + [config/development_tls.yaml](https://github.com/cadence-workflow/cadence/blob/e1267de12f8bc670fc84fab456d3495c8fc2f8a8/config/development_tls.yaml). +See [CONTRIBUTING.md](https://github.com/cadence-workflow/cadence/blob/e1267de12f8bc670fc84fab456d3495c8fc2f8a8/CONTRIBUTING.md#4-run) for more details. ## Running the Sample diff --git a/new_samples/client_samples/helloworld_tls/hello_world_tls.go b/new_samples/client_samples/helloworld_tls/hello_world_tls.go index 39c8d6e7..39c67600 100644 --- a/new_samples/client_samples/helloworld_tls/hello_world_tls.go +++ b/new_samples/client_samples/helloworld_tls/hello_world_tls.go @@ -80,7 +80,10 @@ func withTLSDialOption() (grpc.DialOption, error) { RootCAs: caCertPool, Certificates: []tls.Certificate{clientCert}, } + // Create TLS credentials from the TLS configuration creds := credentials.NewTLS(&tlsConfig) + // Create a gRPC dial option with TLS credentials for secure connection grpc.DialerCredentials(creds) + // Return the gRPC dial option configured with TLS credentials return grpc.DialerCredentials(creds), nil } diff --git a/new_samples/worker/worker.go b/new_samples/worker/worker.go index b3901c69..e6c6869a 100644 --- a/new_samples/worker/worker.go +++ b/new_samples/worker/worker.go @@ -73,6 +73,8 @@ func StartWorker() { func BuildCadenceClient(dialOptions ...grpc.DialOption) workflowserviceclient.Interface { grpcTransport := grpc.NewTransport() + // Create a single peer chooser that identifies the host/port and configures + // a gRPC dialer with TLS credentials myChooser := peer.NewSingle( yarpchostport.Identify(HostPort), grpcTransport.NewDialer(dialOptions...), @@ -91,6 +93,8 @@ func BuildCadenceClient(dialOptions ...grpc.DialOption) workflowserviceclient.In clientConfig := dispatcher.ClientConfig(CadenceService) + // Create a compatibility adapter that wraps proto-based YARPC clients + // to provide a unified interface for domain, workflow, worker, and visibility APIs return compatibility.NewThrift2ProtoAdapter( apiv1.NewDomainAPIYARPCClient(clientConfig), apiv1.NewWorkflowAPIYARPCClient(clientConfig),