feat: cert file and TLS skip verify#44
Merged
mfiedorowicz merged 7 commits intodevelopfrom Sep 3, 2025
Merged
Conversation
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
…ption Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
mfiedorowicz
requested review from
MicahParks,
jajeffries,
leoparente and
ltucker
as code owners
github-actions
bot
added
documentation
|
Go test coverage
Total coverage: 79.3% |
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
jajeffries
reviewed
Sep 1, 2025
jajeffries
approved these changes
Sep 1, 2025
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
leoparente
approved these changes
Sep 1, 2025
MicahParks
approved these changes
Sep 2, 2025
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces support for custom TLS certificates and improved TLS verification controls in the Diode SDK, along with updates to the SDK version, documentation, and CI configuration. The changes add new environment variables and client options for managing TLS, update certificate loading logic, and clarify secure/insecure connection handling. Additionally, the CI workflows and linting configuration are modernized, and documentation is expanded to explain the new features.
TLS/certificate support improvements:
Added support for custom TLS certificates via the
DIODE_CERT_FILEenvironment variable and theWithCertFileclient option; also introducedDIODE_SKIP_TLS_VERIFYandWithSkipTLSVerifyto control TLS verification. Certificate loading logic now allows specifying a custom cert file or using system certs. (diode/client.go, [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11];diode/testdata/test-cert.pem, [12]Updated connection logic to distinguish between secure (
grpcs://,https://) and insecure (grpc://,http://) schemes, enabling or disabling TLS verification accordingly, and allowing legacy certificate support. (diode/client.go, [1] [2] [3] [4] [5]Documentation updates:
README.mdto document new TLS environment variables, client options, and usage examples, including secure/insecure scheme handling and custom certificate instructions. (README.md, F3e782d8L21R21, README.mdR122-R166)Version and configuration updates:
1.4.0to reflect new features. (diode/client.go, diode/client.goL37-R59)CI and linting improvements:
golangci-lintaction, and modernized thegolangci.yamlconfiguration for improved linting and formatting. (.github/workflows/lint.yaml, [1];.github/workflows/test.yaml, [2];.github/golangci.yaml, [3]Miscellaneous:
diode/dryrun.go.