[HTTP Binding]: adding metadata options for client auth during mTLS (#3050)

* [HTTP Binding]: adding metadata options for client authentication during mTLS Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com> * Apply suggestions from code review Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com> Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com> * Update daprdocs/content/en/reference/components-reference/supported-bindings/http.md Signed-off-by: Mark Fussell <markfussell@gmail.com> * Update daprdocs/content/en/reference/components-reference/supported-bindings/http.md Signed-off-by: Mark Fussell <markfussell@gmail.com> * Update daprdocs/content/en/reference/components-reference/supported-bindings/http.md Signed-off-by: Mark Fussell <markfussell@gmail.com> --------- Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com> Signed-off-by: Mark Fussell <markfussell@gmail.com> Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com> Co-authored-by: Mark Fussell <markfussell@gmail.com>
2023-02-01 01:04:16 +05:30 · 2023-02-01 01:04:16 +05:30 · 9551d689ae
parent 3fa9fabee0
commit 9551d689ae
2 changed files with 625 additions and 269 deletions
--- a/daprdocs/content/en/reference/components-reference/supported-bindings/http.md
+++ b/daprdocs/content/en/reference/components-reference/supported-bindings/http.md
@ -20,6 +20,13 @@ spec:
  metadata:
  - name: url
    value: http://something.com
+  - name: MTLSRootCA
+    value: /Users/somepath/root.pem #<path to root CA> or <pem encoded string>
+  - name: MTLSClientCert
+    value: /Users/somepath/client.pem #<path to client cert> or <pem encoded string>
+  - name: MTLSClientKey
+    value: /Users/somepath/client.key #<path to client key> or <pem encoded string>
+
 ```

 ## Spec metadata fields
@ -27,6 +34,9 @@ spec:
 | Field              | Required | Binding support | Details | Example |
 |--------------------|:--------:|--------|--------|---------|
 | url                | Y        | Output |The base URL of the HTTP endpoint to invoke | `http://host:port/path`, `http://myservice:8000/customers`
+| MTLSRootCA         | N        | Output |Path to root ca certificate or pem encoded string |
+| MTLSClientCert     | N        | Output |Path to client certificate or pem encoded string  |
+| MTLSClientKey      | N        | Output |Path client private key or pem encoded string |

 ## Binding support

@ -292,6 +302,17 @@ curl -d '{ "operation": "get" }' \

 {{< /tabs >}}

+## Using mTLS or enabling client TLS authentication along with HTTPS
+You can configure the HTTP binding to use mTLS or client TLS authentication along with HTTPS by providing the `MTLSRootCA`, `MTLSClientCert`, and `MTLSClientKey` metadata fields in the binding component.
+
+These fields can be passed as a file path or as a pem encoded string. 
+- If the file path is provided, the file is read and the contents are used. 
+- If the pem encoded string is provided, the string is used as is.
+When these fields are configured, the Dapr sidecar uses the provided certificate to authenticate itself with the server during the TLS handshake process.
+
+### When to use:
+You can use this when the server with which the HTTP binding is configured to communicate requires mTLS or client TLS authentication.
+

 ## Related links

--- a/daprdocs/package-lock.json
+++ b/daprdocs/package-lock.json