New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cdc: Allow webhook sink to provide client certificates to the remote webhook server #74645
cdc: Allow webhook sink to provide client certificates to the remote webhook server #74645
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed all commit messages.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @HonoreDB and @sherman-grewal)
-- commits, line 5 at r1:
I think you need to amend your change to include some some additional information.
In particular, we should definitely have a release note here.
pkg/ccl/changefeedccl/sink_webhook.go, line 362 at r1 (raw file):
if err := u.decodeBase64(changefeedbase.SinkParamClientKey, &dialConfig.clientKey); err != nil { return nil, err }
Can we expand e.g. webhookFeedFactory
(in testfeed_test.go) to also support these params?
For example, we could, perhaps add an option to webhookTestWithOptions
function to also specify if we want "secure" connection, and have webhookFeedFactory start a secure http server for message ingestion?
60bf765
to
5baa342
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 6 of 6 files at r2.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @HonoreDB and @sherman-grewal)
remote webhook server Release note (enterprise change): Client certificates may now be provided for the webhook changefeed sink.
e3cc87c
to
b3877b8
Compare
bors r+ |
Build succeeded: |
Summary
Allow the webhook sink to provide client certificates to the remote webhook server.
Resolves #74230
Testing
certstrap
to help with creating the CA and other required certificates$ brew install certstrap
Note: The client_cert and client_key must all be passed directly as base64-encoded values
Release notes (enterprise change): Client certificates may now be provided for the webhook changefeed sink.