Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xds: add support for mTLS Credentials in xDS bootstrap #6757

Merged
merged 21 commits into from
Jan 4, 2024
Merged

xds: add support for mTLS Credentials in xDS bootstrap #6757

merged 21 commits into from
Jan 4, 2024

Conversation

atollena
Copy link
Collaborator

@atollena atollena commented Oct 31, 2023
edited
Loading

Implement gRFC "A65: mTLS Credentials in xDS Bootstrap File".

https://github.com/grpc/proposal/blob/master/A65-xds-mtls-creds-in-bootstrap.md

RELEASE NOTES:

  • xds: add support for mTLS Credentials in xDS bootstrap (gRFC A65)

@codecov
Copy link

codecov bot commented Oct 31, 2023
edited
Loading

Codecov Report

Merging #6757 (01f8c82) into master (bb0d32f) will increase coverage by 0.05%.
Report is 1 commits behind head on master.
The diff coverage is 87.50%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6757      +/-   ##
==========================================
+ Coverage   83.65%   83.71%   +0.05%     
==========================================
  Files         286      287       +1     
  Lines       30756    30829      +73     
==========================================
+ Hits        25730    25808      +78     
- Misses       3963     3969       +6     
+ Partials     1063     1052      -11
Files Coverage Δ
credentials/tls/certprovider/pemfile/builder.go 100.00% <100.00%> (ø)
xds/bootstrap/bootstrap.go 100.00% <ø> (ø)
xds/internal/xdsclient/bootstrap/bootstrap.go 74.48% <100.00%> (+0.64%) ⬆️
xds/internal/xdsclient/clientimpl.go 89.65% <100.00%> (+5.44%) ⬆️
xds/internal/xdsclient/tlscreds/bundle.go 82.45% <82.45%> (ø)

... and 25 files with indirect coverage changes

@atollena atollena force-pushed the a65 branch 4 times, most recently from 9b46618 to 290e695 Compare October 31, 2023 11:39
@atollena atollena marked this pull request as ready for review October 31, 2023 13:37
@atollena atollena mentioned this pull request Oct 31, 2023
Closed
@atollena
Copy link
Collaborator Author

Regarding test coverage: I could add tests for Clone() and other untested and unused methods, but it feels a bit like gaming the objective...

@ginayeh ginayeh added the Type: Feature New features or improvements in behavior label Oct 31, 2023
@ginayeh ginayeh added this to the 1.60 Release milestone Oct 31, 2023
@ginayeh ginayeh requested review from dfawley and arvindbr8 October 31, 2023 17:31
arvindbr8
arvindbr8 reviewed Nov 1, 2023
View reviewed changes
@arvindbr8
Copy link
Member

arvindbr8 commented Nov 1, 2023
edited
Loading

Hey @atollena -- Thanks for the PR!!

I took a first pass at the patchset and left a few comments. PTAL

Regarding test coverage: I could add tests for Clone() and other untested and unused methods, but it feels a bit like gaming the objective...

I agree with your sentiment here. The coverage checks are not required anyways. So I wouldnt worry about this particular diff hit.

@arvindbr8 arvindbr8 assigned atollena and unassigned arvindbr8 Nov 1, 2023
@arvindbr8 arvindbr8 changed the title xds/internal/xdsclient: A65 - mTLS Credentials xds: add support for mTLS Credentials in xDS bootstrap Nov 1, 2023
arvindbr8
arvindbr8 previously approved these changes Nov 2, 2023
View reviewed changes
Copy link
Member

@arvindbr8 arvindbr8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @atollena

@dfawley Could you take another look at this patch-set?

@arvindbr8 arvindbr8 assigned dfawley and unassigned atollena Nov 2, 2023
@atollena
Copy link
Collaborator Author

atollena commented Nov 10, 2023
edited
Loading

@dfawley gentle ping, do you have any feedback on this?

@dfawley
Copy link
Member

dfawley commented Nov 10, 2023

Sorry! I need to do a context switch and get back up to speed on this code and the gRFC. Hopefully today or early next week...

@arvindbr8 arvindbr8 removed this from the 1.60 Release milestone Nov 14, 2023
@atollena
generic xds client cleanups
8f3472e
@atollena
feedback from easwar:
e694f4c 
- close credentials provider for each authority
- Fatal tests where possible.
@easwars easwars dismissed stale reviews from arvindbr8 and themself December 21, 2023 23:02

There are more changes that deserve another review.

@easwars easwars assigned easwars and unassigned atollena and dfawley Dec 21, 2023
easwars
easwars reviewed Dec 21, 2023
View reviewed changes
@atollena
latest review from easwar
01f8c82 
- cleanup in clientimpl close rather than individual authority close
- convert tests in bootstrap_test to table driven tests
@atollena
Copy link
Collaborator Author

I'll be off until early January, will pick this up after I come back.

@easwars
Copy link
Contributor

easwars commented Dec 26, 2023

I'll be off until early January, will pick this up after I come back.

I'm going to be off for a few months. See you then :)

Changes look good to me. I've approved it. Since we require two approvals for external contributors, and most of the team is out currently, someone will pick this up in January.

@atollena
Copy link
Collaborator Author

I'll be off until early January, will pick this up after I come back.

I'm going to be off for a few months. See you then :)

Changes look good to me. I've approved it. Since we require two approvals for external contributors, and most of the team is out currently, someone will pick this up in January.

Thanks you. Happy holidays and enjoy your time off then!

@ginayeh ginayeh removed the request for review from dfawley January 3, 2024 16:57
arvindbr8
arvindbr8 approved these changes Jan 4, 2024
View reviewed changes
Copy link
Member

@arvindbr8 arvindbr8 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, and like always thanks for the PR @atollena!

@arvindbr8 arvindbr8 merged commit 6bc1906 into grpc:master Jan 4, 2024
1 check passed
@atollena atollena deleted the a65 branch January 5, 2024 09:01
@halvards halvards mentioned this pull request Feb 2, 2024
Merged
halvards added a commit to GoogleCloudPlatform/solutions-workshops that referenced this pull request Feb 2, 2024
@halvards
feat(grpc-xds): Control plane mTLS for Go (#9)
52ec054 
gRPC-Go as of [v1.61.0](https://github.com/grpc/grpc-go/releases/tag/v1.61.0) supports [gRFC A65: mTLS Credentials in xDS Bootstrap File](https://github.com/grpc/proposal/blob/8c31bfedded5f0a51c4933e9e9a8246122f9c41a/A65-xds-mtls-creds-in-bootstrap.md), see grpc/grpc-go#6757.

These changes add control plane mTLS for the Go control plane and sample application implementations, controlled by flags in the `xds_features.yaml` configuration file.
@halvards halvards mentioned this pull request Feb 2, 2024
Merged
halvards added a commit to GoogleCloudPlatform/solutions-workshops that referenced this pull request Feb 2, 2024
@halvards
feat(grpc-xds): Control plane mTLS for Go (#9) (#10)
74a3447 
gRPC-Go as of [v1.61.0](https://github.com/grpc/grpc-go/releases/tag/v1.61.0) supports [gRFC A65: mTLS Credentials in xDS Bootstrap File](https://github.com/grpc/proposal/blob/8c31bfedded5f0a51c4933e9e9a8246122f9c41a/A65-xds-mtls-creds-in-bootstrap.md), see grpc/grpc-go#6757.

These changes add control plane mTLS for the Go control plane and sample application implementations, controlled by flags in the `xds_features.yaml` configuration file.
@halvards halvards mentioned this pull request Feb 2, 2024
Merged
halvards added a commit to GoogleCloudPlatform/solutions-workshops that referenced this pull request Feb 2, 2024
@halvards
feat(grpc-xds): Control plane mTLS for Go (#9)
ad4e1f4 
gRPC-Go as of [v1.61.0](https://github.com/grpc/grpc-go/releases/tag/v1.61.0) supports [gRFC A65: mTLS Credentials in xDS Bootstrap File](https://github.com/grpc/proposal/blob/8c31bfedded5f0a51c4933e9e9a8246122f9c41a/A65-xds-mtls-creds-in-bootstrap.md), see grpc/grpc-go#6757.

These changes add control plane mTLS for the Go control plane and sample application implementations, controlled by flags in the `xds_features.yaml` configuration file.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@easwars easwars easwars approved these changes

@arvindbr8 arvindbr8 arvindbr8 approved these changes

Assignees

@arvindbr8 arvindbr8

Labels
Type: Feature New features or improvements in behavior
Projects
None yet
Milestone
1.61 Release
Development

Successfully merging this pull request may close these issues.
6 participants
@atollena @arvindbr8 @dfawley @easwars @ginayeh @zasweq