Azure / cadl-ranch

Cadl Scenarios for client generations
https://azure.github.io/cadl-ranch/
MIT License
8 stars 33 forks source link

Discussion on changing protocol from "http" to "https" #639

Open pshao25 opened 4 months ago

pshao25 commented 4 months ago

I've tried locally this is feasible. Open up this issue to discuss whether we should do this.

Background: For all the MPG client and some DPG client that using oauth2, .net SDK has a policy that "the protocol must be https". I think java has the same problem but not sure if other languages have.

When I try to bypass this check, there are some subsequent issues. So we are thinking changing cadl-ranch from "http" to "https", which means we need certificate. A self-signed certificate is the easiest way. Question is where we put this certificate:

Option 1 In the source code of cadl-ranch. Cons: I'm not sure if it violates any compliance, since it contains private key, though we really don't care about the privacy of this certificate.

Option 2 Every time we start the server, we call a script somewhere to generate this certificate. Cons: needs to install openssl in the build agent, and generating a cert might cost several seconds.

Impacts for the client At least for .net client, there will be a certificate check for each call. We need to bypass this check because the certificate is self-signed. If other languages have this check too, they need to bypass it as well.

lirenhe commented 1 month ago

@pshao25, shall we make cadl-ranch lightweight and put more effort for client/server testing for protocol related tests?