Support ni-tls-config Directory Scheme and Add TLS Configuration Templates#1260
Merged
texasaggie97 merged 6 commits intoMay 12, 2026
Conversation
texasaggie97
requested review from
astarche,
maxxboehme and
reckenro
as code owners
…efault TLS - add new server config example for ni-tls-config with feature toggle enabled - remove obsolete server_tls.json and switch packaging references to server_nitlsconfig.json - update shipped server/client TLS YAML templates to align with configure-tls flow - keep shipping defaults TLS-disabled while preserving all configurable TLS fields - add customer-facing inline comments to config and caps files for manual editing - add dedicated client caps template and stage it as ni-grpc-device.caps.yml in client artifacts - normalize URI scheme usage to lowercase file:// and directory:// across templates and script content
texasaggie97
changed the title
dmondrik
approved these changes
May 4, 2026
…nonicalize staging outputs - Rename source config templates to include server/client context - Stage client templates into client.d instead of config - Preserve canonical ni-tls-config output filenames during staging - Update server CMake copy sources to renamed server templates
astarche
approved these changes
May 5, 2026
reckenro
approved these changes
May 5, 2026
maxxboehme
reviewed
May 7, 2026
Collaborator
maxxboehme
left a comment
maxxboehme
left a comment
There was a problem hiding this comment.
With these new client and server configuration files. I think there should be a readme update clearing up their uses.
Signed-off-by: Mark Silva <mark.silva@emerson.com>
Signed-off-by: Mark Silva <mark.silva@emerson.com>
maxxboehme
approved these changes
May 12, 2026
texasaggie97
deleted the
dev/texasaggie97/fix-ni-tls-config-trusted-directory
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this Pull Request accomplish?
This PR enables mutual TLS support in grpc-device through integration with NI managed certificate configuration via ni-tls-config. The work includes:
TLS loader enhancements
Refactors
TlsConfigLoaderto use ni-tls-config contents APIs instead of direct file-path parsing, enablingdirectory://support for trusted certificate bundles.TLS configuration templates with explicit role naming
Introduces role-explicit template source names so usage is clear at the source level:
ni-grpc-device.server.conf.ymlni-grpc-device.server.caps.ymlni-grpc-device.client.defaults.ymlni-grpc-device.client.caps.ymlCanonical runtime filename mapping during staging
Preserves canonical ni-tls-config runtime filenames during staging so runtime behavior stays compatible:
ni-grpc-device.conf.ymlandni-grpc-device.caps.ymlni-grpc-device.defaults.ymlandni-grpc-device.caps.ymlClient artifact staging cleanup
Updates client staging to use
client.das the staging folder (instead ofconfig) for ni-tls client artifacts, improving clarity and resolving reviewer feedback around naming intent.Example configuration and feature gating
Adds
server_nitlsconfig.jsonto demonstrate secure configuration with:"security": "ni-tls-config""feature_toggles": { "ni-tls-config": true }CI/artifact updates
Updates workflow artifact packaging and staging logic so the new template naming model and canonical output mapping are included consistently.
URI scheme normalization
Standardizes URI schemes to lowercase
file://anddirectory://for consistency.Why should this Pull Request be merged?
This change improves TLS security support while reducing naming ambiguity for maintainers. It keeps runtime compatibility by preserving canonical ni-tls-config filenames, but makes source ownership and intent explicit with server/client template naming. It also aligns artifact layout with clearer
client.dstaging semantics and addresses reviewer concern about confusing export naming behavior.What testing has been done?
directory://.file://anddirectory://schemes.