Skip to content

Commit

Permalink
feat(TLS): Support skipCertCheck option to bypass certificate check
Browse files Browse the repository at this point in the history
This option allows for connecting to Milvus instances with self-signed certificates, without the need to pass the certificate

 DCO 1.1 Signed-off-by: Zander Bobronnikov <[email protected]>

Signed-off-by: Zander Bobronnikov <[email protected]>
  • Loading branch information
zander-bobronnikov committed Nov 5, 2024
1 parent ab7357d commit 1f48880
Show file tree
Hide file tree
Showing 6 changed files with 548 additions and 815 deletions.
1 change: 1 addition & 0 deletions milvus/const/client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,5 @@ export enum TLS_MODE {
DISABLED,
ONE_WAY,
TWO_WAY,
UNAUTHORIZED
}
11 changes: 11 additions & 0 deletions milvus/grpc/BaseClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import {
ChannelOptions,
credentials,
ChannelCredentials,
VerifyOptions,
} from '@grpc/grpc-js';
import { Pool } from 'generic-pool';
import {
Expand Down Expand Up @@ -173,6 +174,8 @@ export class BaseClient {
? TLS_MODE.TWO_WAY
: this.tlsMode;

this.tlsMode = this.config.tls?.skipCertCheck ? TLS_MODE.UNAUTHORIZED : this.tlsMode;

// Create credentials based on the TLS mode
switch (this.tlsMode) {
case TLS_MODE.ONE_WAY:
Expand Down Expand Up @@ -216,6 +219,14 @@ export class BaseClient {
verifyOptions
);
break;
case TLS_MODE.UNAUTHORIZED:
const opts: VerifyOptions = {
checkServerIdentity : () => { return undefined; },
rejectUnauthorized : false
};

this.creds = credentials.createSsl(null, null, null, opts);
break;
default:
// If no TLS mode is specified, create insecure credentials
this.creds = credentials.createInsecure();
Expand Down
2 changes: 2 additions & 0 deletions milvus/types/Client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ export interface ClientConfig {
verifyOptions?: Record<string, any>;
// server name
serverName?: string;
// skip certificate check entirely
skipCertCheck?: boolean;
};

// generic-pool options: refer to https://github.com/coopernurse/node-pool
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"doc-json": "npx typedoc milvus --json"
},
"dependencies": {
"@grpc/grpc-js": "^1.8.22",
"@grpc/grpc-js": "^1.12.1",
"@grpc/proto-loader": "^0.7.10",
"@petamoriken/float16": "^3.8.6",
"dayjs": "^1.11.7",
Expand Down
15 changes: 15 additions & 0 deletions test/grpc/MilvusClient.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,21 @@ describe(`Milvus client`, () => {
expect(m1s.clientId).toEqual('1');
});

it(`should create a grpc client with skipCertCheck option successfully`, async () => {
const m1u = new MilvusClient({
address: IP,
tls: {
skipCertCheck : true
},
id: '1',
__SKIP_CONNECT__: true,
});

expect(await m1u.channelPool).toBeDefined();
expect(m1u.tlsMode).toEqual(TLS_MODE.UNAUTHORIZED);
expect(m1u.clientId).toEqual('1');
});

it(`should create a grpc client without SSL credentials when ssl is false`, async () => {
const m2 = new MilvusClient({
address: IP,
Expand Down
Loading

0 comments on commit 1f48880

Please sign in to comment.