Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(services): add certificate support for service protocol grpcs #11529

Closed
wants to merge 0 commits into from
Closed

feat(services): add certificate support for service protocol grpcs #11529

wants to merge 0 commits into from

Conversation

raoxiaoyan
Copy link
Contributor

@raoxiaoyan raoxiaoyan commented Sep 8, 2023
edited
Loading

Summary

Adds certificate support for service protocol grpcs
Refs:
https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_ssl_verify
https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_ssl_certificate

Checklist

  • The Pull Request has tests
  • A changelog file has been added to CHANGELOG/unreleased/kong or adding skip-changelog label on PR if unnecessary. README.md
  • There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Full changelog

  • [Implement ...]

Issue reference

@pull-request-size pull-request-size bot added size/M and removed size/S labels Sep 8, 2023
@raoxiaoyan raoxiaoyan changed the title (services): add certificate support for service protocol grpcs feat(services): add certificate support for service protocol grpcs Sep 8, 2023
@raoxiaoyan raoxiaoyan requested review from oowl and hishamhm September 11, 2023 01:49
@raoxiaoyan raoxiaoyan requested a review from oowl September 12, 2023 01:55
oowl
oowl approved these changes Sep 13, 2023
View reviewed changes
Copy link
Member

@oowl oowl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

oowl
oowl requested changes Sep 13, 2023
View reviewed changes
Copy link
Member

@oowl oowl left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I found other problem. For this change, unit test is not enough, we need write integration test for grpc upstream tls. For example https://github.com/Kong/kong/blob/master/spec/02-integration/05-proxy/18-upstream_tls_spec.lua

@raoxiaoyan raoxiaoyan force-pushed the feat/fti-5309 branch 2 times, most recently from d7934f3 to 83a432e Compare September 18, 2023 08:28
@raoxiaoyan raoxiaoyan requested a review from oowl September 19, 2023 03:10
oowl
oowl reviewed Sep 19, 2023
View reviewed changes
spec/02-integration/05-proxy/19-grpc_proxy_spec.lua Outdated
end)

if strategy ~= "off" then
describe("grpcs with tls", function()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to add lousy cases for this test and use the wrong ca_certificate and cert for the bad case. You'll be able to follow this to do it. https://github.com/Kong/kong/blob/master/spec/02-integration/05-proxy/18-upstream_tls_spec.lua#L350

@github-actions github-actions bot added the author/community PRs from the open-source community (not Kong Inc) label Sep 19, 2023
@oowl oowl removed the author/community PRs from the open-source community (not Kong Inc) label Sep 25, 2023
@AndyZhang0707 AndyZhang0707 added this to the 3.5.0 milestone Oct 19, 2023
@raoxiaoyan raoxiaoyan removed this from the 3.5.0 milestone Oct 20, 2023
@raoxiaoyan raoxiaoyan marked this pull request as draft October 20, 2023 02:00
@raoxiaoyan raoxiaoyan added this to the 3.6.0 milestone Oct 20, 2023
@raoxiaoyan
Copy link
Contributor Author

Move this PR target to 3.6.0.0

@raoxiaoyan raoxiaoyan removed this from the 3.6.0 milestone Dec 28, 2023
@kikito kikito added this to the 3.7.0 milestone Jan 17, 2024
@kikito kikito modified the milestones: 3.7.0, 3.8.0 Apr 23, 2024
@github-actions github-actions bot added the cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee label Jun 25, 2024
@raoxiaoyan raoxiaoyan force-pushed the feat/fti-5309 branch 2 times, most recently from 95e8af9 to 0f240d9 Compare July 12, 2024 08:17
@raoxiaoyan raoxiaoyan removed this from the 3.8.0 milestone Jul 16, 2024
@raoxiaoyan raoxiaoyan closed this Oct 14, 2024
@raoxiaoyan raoxiaoyan deleted the feat/fti-5309 branch October 14, 2024 02:45
@raoxiaoyan raoxiaoyan restored the feat/fti-5309 branch October 14, 2024 03:30
@raoxiaoyan raoxiaoyan deleted the feat/fti-5309 branch October 14, 2024 03:30
@raoxiaoyan raoxiaoyan restored the feat/fti-5309 branch November 11, 2024 06:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oowl oowl oowl requested changes

@hishamhm hishamhm Awaiting requested review from hishamhm

Assignees

@raoxiaoyan raoxiaoyan

Labels
cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee core/clustering core/db schema-change-noteworthy size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@raoxiaoyan @oowl @kikito @dndx @AndyZhang0707