drpc: add TLS certificate handling and metadata infra for auth interceptors #11
+101
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shubhamdhama
force-pushed
the
drpc/server-auth-interceptor
branch
from
97cbff1 to
89afdcf
Compare
shubhamdhama
changed the title
shubhamdhama
force-pushed
the
drpc/server-auth-interceptor
branch
from
89afdcf to
b297942
Compare
shubhamdhama
force-pushed
the
drpc/server-auth-interceptor
branch
from
1082c70 to
3a4f5d1
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
shubhamdhama
force-pushed
the
drpc/server-auth-interceptor
branch
2 times, most recently
from
86d94c4 to
3b188c3
Compare
shubhamdhama
requested review from
Copilot and
cthumuluru-crdb
and removed request for
Copilot
There was a problem hiding this comment.
Pull Request Overview
This PR adds TLS certificate handling and metadata infrastructure for authentication interceptors. It extracts TLS peer certificates on the server side and provides improved metadata APIs for managing per-RPC metadata in clients.
- Adds TLS peer certificate extraction and context storage in server connections
- Introduces new metadata utility functions for context manipulation (ClearContext, ClearContextExcept, GetValue)
- Implements client-side per-RPC metadata support with WithPerRPCMetadata option
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| drpcserver/server.go | Adds TLS certificate extraction and context storage during connection handling |
| drpcctx/tlscert.go | New module providing TLS peer certificate context utilities |
| drpcmetadata/metadata.go | Adds context clearing and value retrieval functions to metadata API |
| drpcclient/dialoptions.go | Adds WithPerRPCMetadata dial option for client configuration |
| drpcclient/clientconn.go | Implements per-RPC metadata injection in client calls |
shubhamdhama
force-pushed
the
drpc/server-auth-interceptor
branch
from
3b188c3 to
a2fbe6d
Compare
cthumuluru-crdb
approved these changes
Aug 1, 2025
…eptors This commit adds infrastructure needed for authentication interceptors: 1. New drpcctx/tlscert.go: Functions to store/retrieve TLS peer certificates in context 2. Server-side TLS certificate extraction in drpcserver 3. Improved metadata API with ClearContext, ClearContextExcept, and GetValue functions 4. Client-side per-RPC metadata support via WithPerRPCMetadata option
shubhamdhama
force-pushed
the
drpc/server-auth-interceptor
branch
from
a2fbe6d to
4fd5c54
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds infrastructure needed for authentication interceptors:
Also, see cockroachdb/cockroach#150225