This repository has been archived by the owner on Sep 18, 2023. It is now read-only.

Add mTLS authentication support #19

Open

thwi wants to merge 1 commit into firdaus:master from thwi:mtls-support

thwi commented Jul 16, 2021

Adds support for specifying TLS options for mTLS authentication during workflow client creation.

Tested against mTLS-enabled server @ 1.10.5 and mTLS-disabled server @ 1.7.0.

For SSLContext reference, see grpclib mTLS client example

Related to #7

Changes:

Adds TLSOptions dataclass
Adds tls_options kwarg to WorkflowClient.new_client method
If TLSOptions provided, creates SSLContext
If SSLContext created, provides SSLContext to grcplib.client.Channel

Minimal config example:

from temporal.service_helpers import TLSOptions
from temporal.workflow import WorkflowClient

client = WorkflowClient.new_client(
    host="temporal.local",
    port=7233,
    tls_options=TLSOptions(
        ca_cert="/path/to/ca-cert",
        client_cert="/path/to/client-cert",
        client_key="/path/to/client-key",
    )
)


          Add mTLS authentication support

6068f7a

etherops commented Jul 20, 2021

We're using temporal-python-sdk and monkey patching in something similar. This would fit our use case if it is accepted 👍

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet