-
Notifications
You must be signed in to change notification settings - Fork 80
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Minimal support for TLS connection from python and C++ clients. (#3948)
* Minimal support for SSL connection from python and C++ clients. * Followup to slack comment from Charles. * Added arg check. * Rename use_ssl to use_tls. * Made the python slightly more pythonic. * Use TLS for the session channel; allow for target name override. * Fixed a typo. * Fix python issues. * Follow optional convention in the modified file, as discussed over DM with Jianfeng. * Added generalized options to C++ client. * Added support for generic options to the python client.
- Loading branch information
1 parent
8e01ac8
commit 6bbe135
Showing
16 changed files
with
466 additions
and
132 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
192 changes: 192 additions & 0 deletions
192
cpp-client/deephaven/client/include/public/deephaven/client/client_options.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,192 @@ | ||
/* | ||
* Copyright (c) 2016-2022 Deephaven Data Labs and Patent Pending | ||
*/ | ||
#pragma once | ||
|
||
#include <string> | ||
#include <utility> // std::pair | ||
#include <vector> | ||
|
||
namespace deephaven::client { | ||
|
||
class Client; | ||
|
||
/** | ||
* The ClientOptions object is intended to be passed to Client::connect(). For convenience, the mutating methods can be | ||
* chained. | ||
* @example auto client = Client::connect("localhost:10000", ClientOptions().setBasicAuthentication("foo", "bar").setSessionType("groovy") | ||
*/ | ||
class ClientOptions { | ||
public: | ||
typedef std::vector<std::pair<std::string, int>> int_options_t; | ||
typedef std::vector<std::pair<std::string, std::string>> string_options_t; | ||
typedef std::vector<std::pair<std::string, std::string>> extra_headers_t; | ||
|
||
/* | ||
* Default constructor. Creates a default ClientOptions object with default authentication and Python scripting. | ||
*/ | ||
ClientOptions(); | ||
/** | ||
* Move constructor | ||
*/ | ||
ClientOptions(ClientOptions &&other) noexcept; | ||
/** | ||
* Move assigment operator. | ||
*/ | ||
ClientOptions &operator=(ClientOptions &&other) noexcept; | ||
/** | ||
* Destructor | ||
*/ | ||
~ClientOptions(); | ||
|
||
/** | ||
* Modifies the ClientOptions object to set the default authentication scheme. | ||
* @return *this, so that methods can be chained. | ||
*/ | ||
ClientOptions &setDefaultAuthentication(); | ||
/** | ||
* Modifies the ClientOptions object to set the basic authentication scheme. | ||
* @return *this, so that methods can be chained. | ||
*/ | ||
ClientOptions &setBasicAuthentication(const std::string &username, const std::string &password); | ||
/** | ||
* Modifies the ClientOptions object to set a custom authentication scheme. | ||
* @return *this, so that methods can be chained. | ||
*/ | ||
ClientOptions &setCustomAuthentication(const std::string &authenticationKey, const std::string &authenticationValue); | ||
/** | ||
* Modifies the ClientOptions object to set the scripting language for the session. | ||
* @param sessionType The scripting language for the session, such as "groovy" or "python". | ||
* @return *this, so that methods can be chained. | ||
*/ | ||
ClientOptions &setSessionType(std::string sessionType); | ||
/** | ||
* Configure whether to set server connections as TLS | ||
* | ||
* @param useTls true if server connections should be TLS/SSL, false for insecure. | ||
* @return *this, to be used for chaining | ||
*/ | ||
ClientOptions &setUseTls(bool useTls); | ||
/** | ||
* Sets a PEM-encoded certificate root for server connections. The empty string | ||
* means use system defaults. | ||
* | ||
* @param pem a PEM encoded certificate chain. | ||
* @return *this, to be used for chaining | ||
*/ | ||
ClientOptions &setTlsRootCerts(std::string tlsRootCerts); | ||
/** | ||
* Adds an int-valued option for the configuration of the underlying gRPC channels. | ||
* See https://grpc.github.io/grpc/cpp/group__grpc__arg__keys.html for a list of available options. | ||
* | ||
* @example copt.setIntOption("grpc.min_reconnect_backoff_ms", 2000) | ||
* @param opt The option key. | ||
* @param val The option valiue. | ||
* @return *this, to be used for chaining | ||
*/ | ||
/** | ||
* Sets a PEM-encoded certificate for the client and use mutual TLS. | ||
* The empty string means don't use mutual TLS. | ||
* | ||
* @param pem a PEM encoded certificate chain, or empty for no mutual TLS. | ||
* @return *this, to be used for chaining | ||
*/ | ||
ClientOptions &setClientCertChain(std::string clientCertChain); | ||
/** | ||
* Sets a PEM-encoded private key for the client certificate chain when using | ||
* mutual TLS. | ||
* | ||
* @param pem a PEM encoded private key. | ||
* @return *this, to be used for chaining | ||
*/ | ||
ClientOptions &setClientPrivateKey(std::string clientCertChain); | ||
ClientOptions &addIntOption(std::string opt, int val); | ||
/** | ||
* Adds a string-valued option for the configuration of the underlying gRPC channels. | ||
* See https://grpc.github.io/grpc/cpp/group__grpc__arg__keys.html for a list of available options. | ||
* | ||
* @example copt.setStringOption("grpc.target_name_override", "idonthaveadnsforthishost") | ||
* @param opt The option key. | ||
* @param val The option valiue. | ||
* @return *this, to be used for chaining | ||
*/ | ||
ClientOptions &addStringOption(std::string opt, std::string val); | ||
/** | ||
* Adds an extra header with a constant name and value to be sent with every outgoing server request. | ||
* | ||
* @param header_name The header name | ||
* @param header_value The header value | ||
* @return *this, to be used for chaining | ||
*/ | ||
ClientOptions &addExtraHeader(std::string header_name, std::string header_value); | ||
/** | ||
* Returns the value for the authorization header that will be sent to the server | ||
* on the first request; this value is a function of the | ||
* authentication method selected. | ||
* | ||
* @return A string value for the authorization header | ||
*/ | ||
const std::string &authorizationValue() const { | ||
return authorizationValue_; | ||
} | ||
|
||
/** | ||
* Returns true if server connections should be configured for TLS/SSL. | ||
* | ||
* @return true if this connection should be TLS/SSL, false for insecure. | ||
*/ | ||
bool useTls() const { return useTls_; } | ||
/** | ||
* The PEM-encoded certificate root for server connections, or the empty string | ||
* if using system defaults. | ||
* | ||
* @return A PEM-encoded certificate chain, or empty. | ||
*/ | ||
const std::string &tlsRootCerts() const { return tlsRootCerts_; } | ||
/** | ||
* The PEM-encoded certificate chain to use for the client | ||
* when using mutual TLS, or the empty string for no mutual TLS. | ||
* | ||
* @return A PEM-encoded certificate chain, or empty. | ||
*/ | ||
const std::string &clientCertChain() const { return clientCertChain_; } | ||
/** | ||
* The PEM-encoded client private key to use for mutual TLS. | ||
* | ||
* @return A PEM-encoded private key, or empty. | ||
*/ | ||
const std::string &clientPrivateKey() const { return clientPrivateKey_; } | ||
/** | ||
* Integer-valued channel options set for server connections. | ||
* | ||
* @return A vector of pairs of string option name and integer option value | ||
*/ | ||
const int_options_t &intOptions() const { return intOptions_; } | ||
/** | ||
* String-valued channel options set for server connections. | ||
* | ||
* @return A vector of pairs of string option name and string option value | ||
*/ | ||
const string_options_t &stringOptions() const { return stringOptions_; } | ||
/** | ||
* Extra headers that should be sent with each outgoing server request. | ||
* | ||
* @return A vector of pairs of string header name and string header value | ||
*/ | ||
const extra_headers_t &extraHeaders() const { return extraHeaders_; } | ||
|
||
private: | ||
std::string authorizationValue_; | ||
std::string sessionType_; | ||
bool useTls_ = false; | ||
std::string tlsRootCerts_; | ||
std::string clientCertChain_; | ||
std::string clientPrivateKey_; | ||
int_options_t intOptions_; | ||
string_options_t stringOptions_; | ||
extra_headers_t extraHeaders_; | ||
|
||
friend class Client; | ||
}; | ||
|
||
} // namespace deephaven::client |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.