Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ENH][SEC]: CIP-01022024 SSL Verify Client Config #1604

Merged
merged 9 commits into from
Feb 7, 2024

Conversation

tazarov
Copy link
Contributor

@tazarov tazarov commented Jan 2, 2024

Description of changes

Summarize the changes made by this PR.

  • New functionality
    • New CIP to introduce SSL verify flag to support custom PKIs or to accept self-signed certs for testing and experimentation purposes

Test plan

How are these changes tested?

  • Tests pass locally with pytest for python

Documentation Changes

CIP document in the PR.

Copy link

github-actions bot commented Jan 2, 2024

Reviewer Checklist

Please leverage this checklist to ensure your code review is thorough before approving

Testing, Bugs, Errors, Logs, Documentation

  • Can you think of any use case in which the code does not behave as intended? Have they been tested?
  • Can you think of any inputs or external events that could break the code? Is user input validated and safe? Have they been tested?
  • If appropriate, are there adequate property based tests?
  • If appropriate, are there adequate unit tests?
  • Should any logging, debugging, tracing information be added or removed?
  • Are error messages user-friendly?
  • Have all documentation changes needed been made?
  • Have all non-obvious changes been commented?

System Compatibility

  • Are there any potential impacts on other parts of the system or backward compatibility?
  • Does this change intersect with any items on our roadmap, and if so, is there a plan for fitting them together?

Quality

  • Is this code of a unexpectedly high quality (Readability, Modularity, Intuitiveness)

@tazarov
Copy link
Contributor Author

tazarov commented Jan 22, 2024

@HammadB, all issues resolved. Ready to go, PTAL.

@HammadB HammadB requested a review from beggers January 25, 2024 18:56
Copy link
Contributor

@beggers beggers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a really good feature to add. I asked a couple minor questions -- let's get this bad boy checked in later today.

## Public Interfaces

New settings variable `chroma_server_ssl_verify` accepting either a boolean or a path to a certificate file. If the
value is a path to a certificate file, the file will be used to verify the server's certificate. The value is passed
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the value is a boolean?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Boolean means just ignore (false) or enforce (true) SSL cert verification. I'll document that.


## Public Interfaces

New settings variable `chroma_server_ssl_verify` accepting either a boolean or a path to a certificate file. If the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we specify that this settings variable only matters for clients? And probably document that fact in a comment next to the settings variable itself.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can go even further and add this to the official docs. Let me quickly have a look to see if it makes sense to add it somewhere.

@tazarov
Copy link
Contributor Author

tazarov commented Feb 6, 2024

@beggers, I think this is ready, but we need to add JS client parity here or in a quick follow-up. Wdyt?

tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 7, 2024
- Fixed and issue with isomorphic-fetch in the runtime.
- Added scripts for creating SSL certs and running Chroma SSL server.
- Added SSL tests.

Refs: chroma-core#1604
@tazarov
Copy link
Contributor Author

tazarov commented Feb 7, 2024

@beggers, JS SSL support was added in a separate stacked PR.

tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 7, 2024
tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 7, 2024
tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 7, 2024
- Fixed utils to support isomorphic-fetch Response
- Added some cleanups

Refs: chroma-core#1604
@beggers beggers merged commit a62cfb0 into chroma-core:main Feb 7, 2024
97 checks passed
tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 9, 2024
- Fixed and issue with isomorphic-fetch in the runtime.
- Added scripts for creating SSL certs and running Chroma SSL server.
- Added SSL tests.

Refs: chroma-core#1604
tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 9, 2024
tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 9, 2024
tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 9, 2024
- Fixed utils to support isomorphic-fetch Response
- Added some cleanups

Refs: chroma-core#1604
tazarov added a commit to amikos-tech/chroma-core that referenced this pull request Feb 10, 2024
## Description of changes

*Summarize the changes made by this PR.*
 - New functionality
- New CIP to introduce SSL verify flag to support custom PKIs or to
accept self-signed certs for testing and experimentation purposes

## Test plan
*How are these changes tested?*

- [x] Tests pass locally with `pytest` for python

## Documentation Changes
CIP document in the PR.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants