Add useTransportSecurity in ManagedChannelBuilder #3561
Conversation
|
Thanks for your pull request. The automated tests will run as soon as one of the admins verifies this change is ok for us to run on our infrastructure. |
ramaraochavali
changed the title
ramaraochavali
changed the title
| * @throws SSLException | ||
| */ | ||
| @Override | ||
| public NettyChannelBuilder trustStore(File trustCertCollectionFile) throws SSLException { |
There was a problem hiding this comment.
May have to add keyManager also here. But am waiting for your approval on the pattern. then will add support keyManager if needed
There was a problem hiding this comment.
I'm not excited that this builds the sslContext all at once, as it means it can't be combined with any other TLS configuration (like keyManager). Although I'm also not excited about adding keyManager to ManagedChannelBuilder; it's a fairly advanced use case and needs extra configuration on server-side as well (like request/require client certs and trust store). Going down this road feels like we end up re-inventing our own TLS context for configuration.
I think I'd be happier with a useTransportSecurity(File trustCerts). But I have reservations about it as well as I feel it is dangerously close to opening a can of worms for other TLS configuration. And at the same time I'm not too bothered by the status quo of needing to use a specific builder when managing your own CA.
There was a problem hiding this comment.
Ok. Should I ignore this then?
| * | ||
| * @return this | ||
| * @throws UnsupportedOperationException if transport security is not supported. | ||
| */ |
There was a problem hiding this comment.
Any new methods added to ManagedChannelBuilder must have a default implementation here, otherwise it breaks API stability. Just implement the throwing UnsupportOperationException here.
| * @throws SSLException | ||
| */ | ||
| @Override | ||
| public NettyChannelBuilder trustStore(File trustCertCollectionFile) throws SSLException { |
There was a problem hiding this comment.
I'm not excited that this builds the sslContext all at once, as it means it can't be combined with any other TLS configuration (like keyManager). Although I'm also not excited about adding keyManager to ManagedChannelBuilder; it's a fairly advanced use case and needs extra configuration on server-side as well (like request/require client certs and trust store). Going down this road feels like we end up re-inventing our own TLS context for configuration.
I think I'd be happier with a useTransportSecurity(File trustCerts). But I have reservations about it as well as I feel it is dangerously close to opening a can of worms for other TLS configuration. And at the same time I'm not too bothered by the status quo of needing to use a specific builder when managing your own CA.
|
should I just ignore the changes of trustStore and just restrict it to useTransportSecurity() |
|
Thank you for your pull request. Before we can look at your contribution, we need to ensure all contributors are covered by a Contributor License Agreement. After the following items are addressed, please respond with a new comment here, and the automated system will re-verify.
Regards, |
@ramaraochavali, that seems good to me. A change with just useTransportSecurity() would be easy to get in. |
Signed-off-by: Rama <ramaraochavali@gmail.com>
ramaraochavali
changed the title
|
@ejona86 I removed the rest of the stuff and only retained the |
ejona86
left a comment
ejona86
left a comment
There was a problem hiding this comment.
Looks pretty good. Only minor stuff left.
| import io.grpc.internal.ConnectionClientTransport; | ||
| import io.grpc.internal.GrpcUtil; | ||
| import io.grpc.internal.SharedResourceHolder; | ||
|
|
There was a problem hiding this comment.
We only put extra line between static and non-static imports. Remove here and elsewhere.
| } | ||
|
|
||
| @Override | ||
| public Builder useTransportSecurity() { |
There was a problem hiding this comment.
This and several other of the implementations seem unnecessary, now that ManagedChannelBuilder. provides a default.
| GrpcSslContexts.ensureAlpnAndH2Enabled(sslContext.applicationProtocolNegotiator()); | ||
| } | ||
| this.sslContext = sslContext; | ||
| this.negotiationType = NegotiationType.TLS; |
There was a problem hiding this comment.
While I see the value in this, doing things implicitly can lead to trouble. We mostly try to have the builder be "dumb setters." Since I'm conflicted on this, let's just leave it out for now.
| * | ||
| * @return this | ||
| * @throws UnsupportedOperationException if transport security is not supported. | ||
| */ |
There was a problem hiding this comment.
We mark new APIs with @ExperimentalApi("https://link/to/github/issue"). Create a new issue for this API to become stable and add it as part of the annotation here.
|
okay to test |
|
@ramaraochavali, Soo, since you started this we've swapped CLAs from Google's to CNCF. Would you be willing to go through the process again with the Linux Foundation? (I'm working on getting the Google CLA GitHub status removed for new PRs.) |
|
@ejona86 addressed review comments and signed with CNCF Linux foundation. Please check |
ejona86
added
the
kokoro:run
kokoro-team
removed
the
kokoro:run
| * Makes the client use TLS. | ||
| * | ||
| * @return this | ||
| * @throws UnsupportedOperationException if transport security is not supported. |
There was a problem hiding this comment.
also adding * @since 1.9.0 in the doc would be nice
There was a problem hiding this comment.
Done. I went ahead and did that.
ejona86
added
the
kokoro:run
kokoro-team
removed
the
kokoro:run
7 participants
Please refer to issue for more details