Skip to content

💥 Enable TLS if api key provided #1229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
THardy98 merged 5 commits into from
Dec 3, 2025
Merged

💥 Enable TLS if api key provided #1229

THardy98 merged 5 commits into from
Dec 3, 2025

Conversation

@THardy98
Copy link
Contributor

@THardy98 THardy98 commented Dec 1, 2025
edited
Loading

What was changed

DWISOTT

  1. Part of Assume TLS enabled if API key provided in SDKs features#687

  2. How was this tested:
    Unit tests

  3. Any docs updates needed?
    Maybe?

@THardy98 THardy98 requested a review from a team as a code owner December 1, 2025 21:08
cretz
cretz reviewed Dec 1, 2025
View reviewed changes
temporalio/service.py Outdated
Comment on lines 152 to 154
# Enable TLS by default when API key is provided and tls not explicitly set
if self.tls is None:
self.tls = self.api_key is not None
Copy link
Member

@cretz cretz Dec 1, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know we default identity here, but I would suggest we don't do this derived default here. I think tls should remain None if they look at their config (because it is the config they created/provided after all) and we only apply the default when building the bridge config.

If necessary, I can show an admittedly contrived situation where setting this config to a value they didn't set can cause a problem if they try to reuse it, but it would be a rare case.

Copy link
Contributor

@tconley1428 tconley1428 Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, mutating the config seems weird versus the config just meaning something different when provided. Either in the worker or the bridge worker etc

cretz
cretz approved these changes Dec 2, 2025
View reviewed changes
Copy link
Member

@cretz cretz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. We need to remember to call this out in release notes quite big. Would also make sure @tconley1428 and/or @VegetarianOrc approve before merging.

@THardy98 THardy98 merged commit cc19379 into main Dec 3, 2025
26 of 27 checks passed
@THardy98 THardy98 deleted the enable-tls-if-api-key branch December 3, 2025 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cretz cretz cretz approved these changes

@tconley1428 tconley1428 tconley1428 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@THardy98 @cretz @tconley1428