Hey David, This isn't exposed right now. You'd have to expose the gRPC option on the client and server sides; right now while Flight does set up SSL credentials when TLS is enabled, it's only to allow you to set the root certificate on the client [1] and the server certificate [2]. There is already support for custom authentication methods, though, if you're amenable to something other than mTLS (e.g. username/password or auth token).
If you're interested in contributing this, I think it should be fairly straightforward - you'd just need to add options that get passed through to gRPC - though you'd have to also expose the option to Python. For Java servers, you can use the flight-grpc artifact [3] to obtain a "plain" gRPC service from your Flight Producer implementation, which you can then attach to a gRPC server that you've configured with mTLS. Unfortunately this convenience isn't (reasonably) possible to implement in Python with the way that gRPC-C++ and gRPC-Python are designed. Best, David [1]: https://github.com/apache/arrow/blob/2914899326d50d3e2853f5ecbd165028d862378f/cpp/src/arrow/flight/client.cc#L538-L542 [2]: https://github.com/apache/arrow/blob/2914899326d50d3e2853f5ecbd165028d862378f/cpp/src/arrow/flight/server.cc#L674-L678 [3]: https://search.maven.org/search?q=g:org.apache.arrow%20AND%20a:flight-grpc On 4/9/20, David Seapy <ddse...@ccri.com> wrote: > grpc supports connections using mutual TLS with client and server > certificates. Is there an example of how to do this with arrow flight > libraries, or does one need to step down to the grpc-level when making > requests? > > Specifically we are working on having data-scientists establish a > connection with our scala flight server from their python client. If it > is not currently supported but is a feature that the community would > benefit from, then maybe we can take a stab at adding support for this. > > Any advice or pointers would be appreciated. > > Thanks! > > - David Seapy > >
