Skip to content

drpc: add TLS certificate handling and metadata infra for auth interceptors #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

shubhamdhama
Copy link

@shubhamdhama shubhamdhama commented Jul 15, 2025

🚨 stacked on #12 🚨

This commit adds infrastructure needed for authentication interceptors:

  1. New drpcctx/tlscert.go: Functions to store/retrieve TLS peer certificates in context
  2. Server-side TLS certificate extraction in drpcserver
  3. Improved metadata API with ClearContext, ClearContextExcept, and GetValue functions
  4. Client-side per-RPC metadata support via WithPerRPCMetadata option

Also, see cockroachdb/cockroach#150225

@shubhamdhama shubhamdhama force-pushed the drpc/server-auth-interceptor branch from 97cbff1 to 89afdcf Compare July 15, 2025 09:08
@shubhamdhama shubhamdhama changed the title drpc: add changes for auth interceptor changes drpc: add TLS certificate handling and metadata infra for auth interceptors Jul 16, 2025
@shubhamdhama shubhamdhama force-pushed the drpc/server-auth-interceptor branch from 89afdcf to b297942 Compare July 16, 2025 07:39
@shubhamdhama shubhamdhama marked this pull request as ready for review July 16, 2025 07:56
This commit fixes a bug in the interceptor selection logic in HandleRPC.
The issue was that we were passing a stream to the receiver for the case
where the input is unitary and the output is a stream.

The fix is to receive the message from the stream within the final receiver
after going through the stream interceptor pipeline. This also means we no
longer receive the message outside the switch statement.
…eptors

This commit adds infrastructure needed for authentication interceptors:

1. New drpcctx/tlscert.go: Functions to store/retrieve TLS peer certificates in context
2. Server-side TLS certificate extraction in drpcserver
3. Improved metadata API with ClearContext, ClearContextExcept, and GetValue functions
4. Client-side per-RPC metadata support via WithPerRPCMetadata option
@shubhamdhama shubhamdhama force-pushed the drpc/server-auth-interceptor branch from 1082c70 to 3a4f5d1 Compare July 29, 2025 05:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant