Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pass TLS credentials to gRPC server pseudo-node without modifying the ApplicationConfiguration #961

Closed
tiziano88 opened this issue May 6, 2020 · 3 comments · Fixed by #1014
Closed

Pass TLS credentials to gRPC server pseudo-node without modifying the ApplicationConfiguration #961

tiziano88 opened this issue May 6, 2020 · 3 comments · Fixed by #1014
Assignees
@tiziano88
Labels
lang/Rust P1

Comments

@tiziano88
Copy link
Collaborator

oak/oak/server/rust/oak_loader/src/main.rs

Lines 88 to 96 in ca7f1ee

// Assign a TLS identity to all gRPC server nodes in the application configuration.
let grpc_tls_private_key = read_file(&opt.grpc_tls_private_key)?;
let grpc_tls_certificate = read_file(&opt.grpc_tls_certificate)?;
for node in &mut app_config.node_configs {
if let Some(GrpcServerConfig(ref mut grpc_server_config)) = node.config_type {
grpc_server_config.grpc_tls_private_key = grpc_tls_private_key.clone();
grpc_server_config.grpc_tls_certificate = grpc_tls_certificate.clone();
}
}

Apart from not being very idiomatic (why does oak_loader modify the ApplicationConfiguration object that was supposed to run?), it is problematic for #917 and other related refactorings.

I guess the final solution may be dependant on #689 , but in the meanwhile we can just pass the TLS credentials directly to the Runtime object, and have that propagate them to the gRPC pseudo-node at creation time.
@tiziano88 tiziano88 added the P1 label May 11, 2020
@tiziano88
Copy link
Collaborator Author

@ipetr0v have you started work on this? If not, I can look into it, since it helps with #917

@ipetr0v
Copy link
Contributor

ipetr0v commented May 21, 2020
edited
Loading

No, I haven't yet.
Thanks for looking into this!

@ipetr0v ipetr0v assigned tiziano88 and unassigned ipetr0v May 21, 2020
@tiziano88
Copy link
Collaborator Author

Happy to take a look myself as part of #917, thanks!

tiziano88 added a commit to tiziano88/oak that referenced this issue May 21, 2020
@tiziano88
Move TLS parameters out of application config
3ab065a 
Fixes project-oak#961
tiziano88 added a commit to tiziano88/oak that referenced this issue May 21, 2020
@tiziano88
Move TLS parameters out of application config
4183e97 
Fixes project-oak#961
tiziano88 added a commit to tiziano88/oak that referenced this issue May 21, 2020
@tiziano88
Move TLS parameters out of application config
e858a71 
Fixes project-oak#961
@tiziano88 tiziano88 mentioned this issue May 21, 2020
Merged
3 tasks
tiziano88 added a commit to tiziano88/oak that referenced this issue May 21, 2020
@tiziano88
Move TLS parameters out of application config
16a82f4 
Fixes project-oak#961
tiziano88 added a commit to tiziano88/oak that referenced this issue May 21, 2020
@tiziano88
Move TLS parameters out of application config
f8c6043 
Fixes project-oak#961
tiziano88 added a commit to tiziano88/oak that referenced this issue May 21, 2020
@tiziano88
Move TLS parameters out of application config
29e8bd8 
Fixes project-oak#961
tiziano88 added a commit that referenced this issue May 21, 2020
@tiziano88
Move TLS parameters out of application config (#1014)
df425bd 
Fixes #961
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tiziano88 tiziano88

Labels
lang/Rust P1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Move TLS parameters out of application config tiziano88/oak
2 participants
@tiziano88 @ipetr0v