Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

grpc: add a call option to override the :authority header on a per-RPC basis #5361

Open
5 tasks
easwars opened this issue May 16, 2022 · 3 comments
Open
5 tasks

grpc: add a call option to override the :authority header on a per-RPC basis #5361

easwars opened this issue May 16, 2022 · 3 comments
Assignees
@eshitachandwani
Labels
Area: Auth Includes regular credentials API and implementation. Also includes advancedtls, authz, rbac etc. P2 Type: Feature New features or improvements in behavior

Comments

@easwars
Copy link
Contributor

easwars commented May 16, 2022
edited by dfawley
Loading

This is one of the items mentioned in #4717 which did not get done. The below description has been copied over verbatim from #4717. This is low priority and we want to implement this only if there is sufficient interest for it.

  • Add a call option to override the :authority header on a per-RPC basis. client: Add CallOption for setting authority; allow even without WithInsecure #3444
    • An optional interface will be added, to be implemented by AuthInfo implementations, to validate this override.
      • Implementations will need to perform a hostname validation check on the peer certificate, received during the handshake, to validate this override.
      • RPCs will fail if this call option is set, but:
        • AuthInfo for the subChannel does not implement this interface
        • validation by AuthInfo fails
    • Existing TLS based credentials implementations will be enhanced to support this.
    • Existing xDS credentials implementation will be enhanced to support this.
      • Use list of SANs provided by management server to validate.
    • Insecure credentials will allow for any authority value.
@easwars easwars added Status: Help Wanted P2 Type: Feature New features or improvements in behavior labels May 16, 2022
This was referenced May 16, 2022
Closed
Closed
@dfawley dfawley mentioned this issue Oct 28, 2022
Merged
@110y 110y mentioned this issue Nov 10, 2022
Closed
@110y
Copy link

110y commented Nov 10, 2022

@easwars

I created a PR that adds a new CallOption for setting :authority per RPC: #5787
Could you please check this PR...?

@JaydenTeoh
Copy link
Contributor

@easwars @ginayeh Happy to work on this issue if this is still of priority. If so, can I have some pointers on where to start next? I would also appreciate some clarity on what needs to be done. Thank you!

@arvindbr8
Copy link
Member

Thanks for your interest @JaydenTeoh.
IMO, this issue requires some more clarification and might be easier for someone internal to pick this up. Sorry for the mislabel.

If you are still interested, please look for other issues marked "Status: Help Wanted" or "Hacktoberfest".

@eshitachandwani eshitachandwani added the Area: Auth Includes regular credentials API and implementation. Also includes advancedtls, authz, rbac etc. label Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eshitachandwani eshitachandwani

Labels
Area: Auth Includes regular credentials API and implementation. Also includes advancedtls, authz, rbac etc. P2 Type: Feature New features or improvements in behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@easwars @ginayeh @110y @arvindbr8 @eshitachandwani @JaydenTeoh