Enable TLS for Netty4GrpcServerTransport #17796
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
finnegancarroll
requested review from
Bukhtawar,
CEHENKLE,
Rishikesh1159,
VachaShah,
anasalkouz,
andrross,
ashking94,
bugmakerrrrrr,
cwperks,
dblock,
dbwiddis,
gbbafna,
jainankitk,
kotwanikunal,
linuxpi,
mch2,
msfroh,
nknize,
owaiskazi19,
peternied,
reta,
sachinpkale,
saratvemulapalli,
shwetathareja and
sohami
as code owners
github-actions
bot
added
enhancement
Contributor
Author
|
Auxiliary transport meta issue to capture some of the enhancements discussed here: |
- Adds SecureAuxTransportSettingsProvider to provide aux transports access to a javax SSLContext and cipher/client auth params for configuring TLS. - Implements SecureNetty4GrpcServerTransport to consume a SecureAuxTransportSettingsProvider for a TLS enabled gRPC transport. - Add aux transport type settings and port setttings for new secure transport. - Add logic to detect and register secure aux transports provided by plugins. - Integration tests for SecureNetty4GrpcServerTransport basic client cert authentication. Signed-off-by: Finn Carroll <[email protected]>
finnegancarroll
force-pushed
the
grpc-secure-transport-save-apr3
branch
from
915f062 to
17eea00
Compare
Contributor
reta
approved these changes
Apr 10, 2025
Contributor
|
@cwperks LGTY? thanks @finnegancarroll ! |
cwperks
approved these changes
Apr 10, 2025
Member
cwperks
left a comment
cwperks
left a comment
There was a problem hiding this comment.
Everything has been addressed. Thank you @finnegancarroll! This is a great forward looking feature.
5 tasks
66 tasks
This was referenced Apr 10, 2025
Closed
This was referenced Apr 14, 2025
Open
Closed
rgsriram
pushed a commit
to rgsriram/OpenSearch
that referenced
this pull request
Apr 15, 2025
) - Adds SecureAuxTransportSettingsProvider to provide aux transports access to a javax SSLContext and cipher/client auth params for configuring TLS. - Implements SecureNetty4GrpcServerTransport to consume a SecureAuxTransportSettingsProvider for a TLS enabled gRPC transport. - Add aux transport type settings and port setttings for new secure transport. - Add logic to detect and register secure aux transports provided by plugins. - Integration tests for SecureNetty4GrpcServerTransport basic client cert authentication. Signed-off-by: Finn Carroll <[email protected]> Signed-off-by: Sriram Ganesh <[email protected]>
Harsh-87
pushed a commit
to Harsh-87/OpenSearch
that referenced
this pull request
May 7, 2025
) - Adds SecureAuxTransportSettingsProvider to provide aux transports access to a javax SSLContext and cipher/client auth params for configuring TLS. - Implements SecureNetty4GrpcServerTransport to consume a SecureAuxTransportSettingsProvider for a TLS enabled gRPC transport. - Add aux transport type settings and port setttings for new secure transport. - Add logic to detect and register secure aux transports provided by plugins. - Integration tests for SecureNetty4GrpcServerTransport basic client cert authentication. Signed-off-by: Finn Carroll <[email protected]> Signed-off-by: Harsh Kothari <[email protected]>
Harsh-87
pushed a commit
to Harsh-87/OpenSearch
that referenced
this pull request
May 7, 2025
) - Adds SecureAuxTransportSettingsProvider to provide aux transports access to a javax SSLContext and cipher/client auth params for configuring TLS. - Implements SecureNetty4GrpcServerTransport to consume a SecureAuxTransportSettingsProvider for a TLS enabled gRPC transport. - Add aux transport type settings and port setttings for new secure transport. - Add logic to detect and register secure aux transports provided by plugins. - Integration tests for SecureNetty4GrpcServerTransport basic client cert authentication. Signed-off-by: Finn Carroll <[email protected]> Signed-off-by: Harsh Kothari <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Introduces
SecureNetty4GrpcServerTransport, a TLS enabled alternative toNetty4GrpcServerTransport.Security settings for this transport are configurable under
OpenSearchSecureSettingsFactoryexperimental API.Otherwise default JDK
SSLContextis used with client authREQUIRED.Please find ongoing work supporting auxiliary transports in security plugin here:
#17854
Integration tests:
Related Issues
Partially resolves #16905
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.