gRPC authentication proposal - using gRPC secure channels#1541
Open
JacekBartynowski wants to merge 20 commits intolabgrid-project:masterfrom
Open
gRPC authentication proposal - using gRPC secure channels#1541JacekBartynowski wants to merge 20 commits intolabgrid-project:masterfrom
JacekBartynowski wants to merge 20 commits intolabgrid-project:masterfrom
Conversation
Author
|
Here is a proposal for securing the gRPC channels (SSL encryption).
|
Contributor
|
I imagine the private key (and thus the certificates?) would need to be generated on first start rather than included in the code, for anyone to see and copy? |
Author
|
These are self signed keys only for development and debugging purposes
Sent from Proton Mail Android
…-------- Original Message --------
On 12/11/2024 11:49, Sebastian Goscik wrote:
I imagine the private key (and thus the certificates?) would need to be generated on first start rather than included in the code, for anyone to see and copy?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
JacekBartynowski
force-pushed
the
master
branch
from
7a2b399 to
2033967
Compare
…ate Python packages - decoupling authentication code
Add methods to the RawNetworkInterfaceDriver to set interfaces up and down, as well as getting and waiting for the interface state. This allows the driver to take more control over the interface, preconfiguration is not needed anymore. Tests that expect the exporter interface to be down (such as ethernet selftests, cable tests) are now possible. Note that the RawNetworkInterfaceDriver now brings the bound interface up on activate and down on deactivate. Signed-off-by: Bastian Krause <bst@pengutronix.de> Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Add interface configuration (`ethtool --change`) support to the RawNetworkInterfaceDriver. This allows configuring the bound interface (speed, lanes, duplex, port, master-slave, mdix, autoneg, advertise, phyad, xcvr, wol, sopass, msglvl). Also add add a `get_settings()` method to query those settings. Note that ethtool gained the required --json support for the default sub command in v6.10. Signed-off-by: Bastian Krause <bst@pengutronix.de> Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Add interface Energy Efficient Ethernet (EEE) configuration (`ethtool --set-eee`) support to the RawNetworkInterfaceDriver. This allows configuring the EEE parameters eee, tx-lpi, tx-timer and advertise on the bound interface. Also add a `get_eee_settings()` method to query those settings. Note that ethtool gained the required --json support for this sub command in v6.10. Signed-off-by: Bastian Krause <bst@pengutronix.de> Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Add interface pause configuration (`ethtool --pause`) support to the RawNetworkInterfaceDriver. This allows configuring the pause parameters autoneg, rx and tx on the bound interface. Also add a `get_pause_settings()` method to query those settings. Signed-off-by: Bastian Krause <bst@pengutronix.de> Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
…ate Python packages - decoupling authentication code Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <Jacek.Bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <Jacek.Bartynowski@arm.com>
Author
|
I update the Pull request, mainly added the instrumentation to select custom authentication plugins for the gRPC authentication. |
…generation Signed-off-by: Jacek Bartynowski <Jacek.Bartynowski@arm.com>
Author
|
I added instruction on generating SSL certificate and key + sample configuration file that could be re-used for this purpose. I updated the certificate + key files, they should contain now generic configuration. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Checklist