mirror of
https://github.com/meta-llama/llama-stack.git
synced 2025-06-28 02:53:30 +00:00
e3ad17ec5e
# What does this PR do? This adds a config option for a CA to be specified with which client certs are verified. If specified client certs are required. This offers a simple way of securing access to the server. (Note: at present it is not possible to access the details of the client certificate using uvicorn (unless it was monkey patched). Though there is a defined TLS extension for ASGI, this is not implemented in uvicorn pending a review and likely change to the specification. See https://github.com/encode/uvicorn/pull/1119 and https://github.com/django/asgiref/issues/466. Without access to the DN it isn't possible to set user access attributes for a mutually authentication tls connection, so more fine grained access control is not yet possible). [//]: # (If resolving an issue, uncomment and update the line below) [//]: # (Closes #[issue-number]) ## Test Plan Used proposed config option to specify a CA and verified that the server can only be accessed with a valid client certificate. [//]: # (## Documentation) Signed-off-by: Gordon Sim <gsim@redhat.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| auth.py | ||
| auth_providers.py | ||
| endpoints.py | ||
| server.py | ||