[HPCC-27035] Allow external esp client to connect securely with a certificate - HPCC

XML

Word

Printable

Details

Type: Improvement
Status: Accepted
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: cloud, ESP
Labels:
None

Compatibility:
Minor
Roadmap:
Not applicable

Description

We need the ability for external clients (clients in another trusted environment) to connect to the an esp service with a certificate (the new DFS service is the use case).

Some of this may already be in place/doable, but I think we need:
1) a mechanism to generate and export certificates for external use.(admin only).
2) Allow for client esp interfaces to plug these certificates into their use of the client interfaces.

e.g. an external client creates an instance of a IClientWsDfs, and it needs to provide the certificate which allows it to connect to the service url.
I presume that certificate will be stored in a secret on the client side which the engines will use when connecting to the remote DFS service.

afishbeck - probably needs further discussion.

Attachments

Issue Links

relates to

HPCC-27257 Allow DFS clients to connect to DFS with client certificates

Resolved

Sub-Tasks

Progress

Helm support for generating remote client certificates for accessing services

Resolved

Anthony Fishbeck

Activity

People

Assignee:: Anthony Fishbeck

Reporter:: Jake Smith

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Jan/22 12:04 AM

Updated:: 02/Mar/22 9:46 AM