-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
feat(client): Allow specifying grpc CallCredentials #1261
Conversation
Do we need to expose this directly? |
We could technically avoid exposing this one, and tell people that if they need to register some However, at some point in the near future, I would like to improve error reporting for some common TLS errors, but some assertions will only be possible if we have access to details of the TLS config. For that reason, I'd really prefer to discourage people from using the
The I believe gRPC interceptors can technically be used to do pretty much the same as what So I really think that |
I see, call credentials allows refreshing the metadata, that's much better experience. Is there an expiration on those certs that you generated? Ideally CI won't fail when they expire. |
10 years for CA, Client and Server certs, and RSA keys are 4096 bits. They shouldn't fail any time soon. CA's name clearly indicate that this is a test CA and shouldn't be trusted, and I destroyed the CA's private key, just in case. For posterity, here are the commands I ran:
|
What changed
ConnectionOptions.callCredentials
, which can be used to register one or more grpcCallCredentials
, eg. to add metadata based credential mechanismConnectionOptions.credentials
was specified (and not thetls
property), then thosecredentials
would not be passed to the gRPC client creation.Why