Add TLS and mTLS support#165
Open
HTHou wants to merge 1 commit into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
Adds TLS and mutual TLS (mTLS) support to the Go client’s Thrift transport creation path, allowing sessions, cluster sessions, and session pools to connect securely using configured CA trust and optional client certificates.
Changes:
- Introduces
client.TLSConfigplus helpers to build a*tls.Configfrom CA/client cert/key files. - Routes session and cluster session transport creation through a shared
newTransport(..., tlsConfig)that can create either plain or TLS transports. - Documents TLS/mTLS usage in English and Chinese READMEs and adds unit tests for TLS config behavior.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Documents TLS/mTLS configuration and provides a usage snippet. |
| README_ZH.md | Adds the same TLS/mTLS guidance in Chinese. |
| client/tls.go | Implements TLSConfig, TLS config building, and TLS-capable transport creation. |
| client/tls_test.go | Adds unit tests for cloning base TLS config, loading CA/cert/key files, and cert/key validation. |
| client/sessionpool.go | Plumbs TLSConfig through pool config into session/cluster configs. |
| client/session.go | Switches session and cluster session transport initialization to use the TLS-capable transport helper. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
HTHou
force-pushed
the
codex/add-tls-mtls-support
branch
from
f105c26 to
df6df55
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add TLS and mTLS support for the Go client session transport path.
Changes
client.TLSConfigwith CA trust loading and optional client certificate/key loading.TLSConfigis present for standalone sessions, cluster sessions, reconnects, and session pools.Validation
git diff --cached --checkgo test $(go list ./... | grep -v '/test/e2e')\n\nE2E tests were not run locally because they require an IoTDB service/DNS entry (iotdb) in the test environment.