Add tls support to frontend connection

Makefile

@@ -94,7 +94,7 @@ dev: $(KIND) $(KUBECTL)
 	@sudo $(KIND) create cluster --name=$(PROJECT_NAME)-dev --kubeconfig=$(USER_DIR)/.kube/config
 	@$(KUBECTL) cluster-info --context kind-$(PROJECT_NAME)-dev
 	@$(INFO) Installing Crossplane CRDs
-	@$(KUBECTL) create -k https://github.com/crossplane/crossplane//cluster?ref=master
+	@$(KUBECTL) create -k https://github.com/crossplane/crossplane//cluster?ref=v1.16.2
 	@$(INFO) Installing Provider temporal CRDs
 	@$(KUBECTL) apply -R -f package/crds
 	@$(INFO) Start Provider temporal via: $(GO) run cmd/provider/main.go --debug

README.md

@@ -50,6 +50,17 @@ spec:
       name: provider-temporal-config-creds
       key: credentials  
 ```
+
+Provider Credentials with TLS:
+```
+{
+  "HostPort": "temporal:7233",
+  "UseTLS": true,
+  "CACert": "-----BEGIN CERTIFICATE-----\nhere insert CA certificate\n-----END CERTIFICATE-----",
+  "CertFile": "-----BEGIN CERTIFICATE-----\nhere insert certificate\n-----END CERTIFICATE-----",
+  "KeyFile": "-----BEGIN RSA PRIVATE KEY-----\nhere insert key\n-----END RSA PRIVATE KEY-----",
+}
+```
 # Troubleshooting
 Create a DeploymentRuntimeConfig and set the arg `--debug` on the package-runtime container:
 
@@ -193,4 +204,15 @@ guide may also be of use.
 Start temporal environment for tests
 ```
 sudo docker-compose -f tests/docker-compose.yaml up 
-```
+```
+## TLS
+
+In case test certificates are expired, run `bash certs/generate-test-certs.sh` and new certificates will be created.
+
+Then, edit `internal/clients/service_test.go` and update the new test certificates to `jsonConfig` after you replace the newlines with `\n`.
+
+```
+awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/client.pem
+awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/client.key
+awk 'NR > 1 {printf "\\n"} {printf "%s", $0} END {printf ""}' certs/ca.crt
+```

certs/ca.cert

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFRTCCAy2gAwIBAgIUTfLoHTSYNEx0LXYnju+wJF6EP4EwDQYJKoZIhvcNAQEL
+BQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB
+LCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowMjELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENBLCBJbmMuMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2+PV/h7kTWoUI3KhadR5yvrnqW4
+/NiBAV6TToxMK97KSs2J5EAIKjtg3o+1vL2Tkc6mOAegqGLsVWwpxUCTChBPDjiM
+LsBx1c7uTU0m7eDIBoMDMNy5Vy+tvT5vey+pdM4KORdzHIkjctilWWdJuUF+qRzp
+ijgIruNsEj5CbYz57xXoS3wErfJlUu9GX+LFizR2OQMvIiF09dTbTyQ1a2bOmQYD
+8nVz7yo7ENCJlPonQYkSBfVuXIyR5LTouPsv2DYNGlT63rwEY3t0aq23Datmv9QP
+2k1jCMz3HcTUFHa+ErSd6opJYr9Fw+J6k/Ifho8xq3R6iJ5D9Wk15ozPA9tdZt/T
+vBmDb0QD9SvIirLuDBZ2eHbdCG2uLq/tLf87f04y3Q4VcAa0CCp+mGCMil9pnSki
+LqmcD0iAApQU3RtdX6uqV1TC9oK7UYomJY4nB2EwneIpYDupQPjZhCtlxGJboxkC
+pZR79TTe1duoUKS6sm0LiJZ65eXmADLJeqrNBoSheHFrQOYcFZ5bfoA83uEhcNnw
+4NqhKrIm2L5NZZOITNvnsASGftL38O2FkflU24pYMIRf4q2IoTGSxXbzMMoveKXw
+p2FPUUEv/EVJbPWnWKKATRJY6BJaHEPzsSqUX2GaEqxQPsVigWf9wyVcf4XrkIP4
+lbNtWyRIXi3D3hcCAwEAAaNTMFEwHQYDVR0OBBYEFL3nlLBSjx4kwpQrmkkInt2A
+SA+lMB8GA1UdIwQYMBaAFL3nlLBSjx4kwpQrmkkInt2ASA+lMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAEtkQ4MeRo7KYonhE5373xbtMNXkKhK
+vnDHJQL3YWUa+sY/+siZYK0dj+ZVSk3WAlI4MQyml66RV97uj/ywGIXvPFIU0v31
+qEAiqJ6ARDnxkfRFj3m7Kk7O3LN20TS4khFSXLvn4NHDswbyVpTePHTnN8Kqwn8b
+tx657Y1zWvSqPrHYU4D0b2EjNt4P/DufMUJFtgyu26qOef0iAuhK+Tb6ZAUndZJd
+BkxEl82/N5IYeSV6TnwuK3WmkgVqLt7jQ9ycOQGP23AloKsgDyAIaftw3Dl0RcR9
+4u7lEEoNq5RAOMewyPsCAz+l8kUvjXJ7zkAaI9MHWcAqutU96xExA1UlyBflTjE/
+cTbLa8Bv5Z1HgUnvTpuPZMUMEogRYpmsyPliWx+zmnlW+3JfyqyDchWst47wBJ96
+mBZ3bAPHTkU9TMmEuFz83awJlTKfYGBYovH3LOecYpgil6D5e8BkdICQRFBZlI+6
+FoGQAXm99KOvoS0t+fyoszhWDxkCR8qsdXqZNjMl9TLweLazSqd+oXoNcQ7TvA6r
+oTnrnRZMOrVk68ad3MtalYJoBRAx2QfMNR6fPzS2xJ85tpCXcLMDSbFoW5jamX0x
+Y42DQDWrqdV8j9q2J3HvevRHljTO7viSFa7s7QJj78vwP4ExlSTwojQaToAEhbL8
+jo2clz/N0p+0
+-----END CERTIFICATE-----

certs/client-cert.conf

@@ -0,0 +1,17 @@
+[req]
+default_bits = 4096
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+[dn]
+C = US
+ST = WA
+O = Test Client, Inc.
+CN = localhost
+[req_ext]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = localhost
+IP.1 = ::1
+IP.2 = 127.0.0.1

certs/client.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC30pL4KBqpqPVh
+1DDQ+TNveWKPciq3fulYxbGKqj/y6NRhHE52HP0nfbTAFUKpQQ2dqDxu9eYnGZFp
+4ELusILGg1fGwS5YBT6I3h0m+aNJvIn7Gh71LI1+j8PgHFW26EbEGnWDp2guekLr
+2muIgreTu68/RuE/yFJqFKK3gV1eDmZ7jOrUUdZtMn0DDkLHzHakQ288DCOGA48X
+taEnZDDRvlpI/ZvMmIo9GzA4pTewKpuSKj3dGGShN9f1KVShi7AgLRQ7X72/ys0j
+8DNpco4Vh8Z/zCjvp5wT9NI6t9uBtwVtwd8OL+LblnaTP4HfeuG7wHWGCo6xwMsp
+sijlzel0w+yQvsbdpzg6DcwvKa/KBheLaELZbdSkfWd6uCGvBE1aiFOcscDBTpT+
+L1CMYjlY0CiSK1gk1q471ryvSc/bV5aluMJUs6xlqg3luXGWfNWkjILwgU+kqA/j
+byKK8CoDjdZ5OjXN4fZkbDcrNP5QMIG+CSB5lC0jgdpxdKQwPJ8bAW8MAdtffXL3
+8WuN5p38GwGvwNDFWpT54xrjo6ZF7LmNwqz8pSDkwDAtApysHWavmQlWBKQECyAE
+Ghe8HTlL20zhg+AeP93ntTZeQ4nymnwyygLpWXBCsIYL9QyeTT/Mhy2MmzN1DrIZ
+VB4QkSlBC697z5VscHDPq7Kvzn74IQIDAQABAoICAEIwzmASHMuzvav82pkc6qL8
+u/s4Gl6Zkc+32/644C8JHJRdO3l3ZcbHEoNKBIdql8sJzb0MyVOR9tT/fkpxf52Y
+pM46OIRUWxiwliG3KU9/VtX2qWgSI18LyHXV7h1fFUA+4MrHyJFXz+oaa7crjovh
+PLDVxn0PlnGBPbhDGkooeEmLy/EpCMOoNvCXPX+xRZVPfOnL2yzB8lAQxFcpUhTs
+bJk0zNmGodxwAlSbVWqXZQ5kLIOE6ZNNxvMN713+LSzg3pSknHBHx8dlkjWpnLTu
+/5B8BM+K9H4RHXQsSRuzuf40Hav/nToBu2+5IfxFRKw1GHxsJ8aky+MXNnfNRf77
+GUrzxUE5X6wV15rjYHnEu/TnXlzqeZVusLtpqpava0tEPWsPNqOwwrQsn6ZTzG6Q
+30aqPVwjKUHjrzuQEHG8o4K6qkCBZq6+klKbFOI9WtI6B30N2ThfuONEIf4PrCZr
+as5oOhkFzt2ZD3rBL9UAKJRjNCxL6ZbJagckSEvAFfZK8CEUKYrk9oqzB2gthwcb
+8c+hjhxgC6RyPkPJmCwNpKrB+sC1zto8oM7PzNy1BbrWwNsaD6mOtvzYC/jzgPm/
+bL6baxIsJtQBaKHkzVx1wmSqvJmpl+s1EQZqExcl+zx3qSAZEnKq24s8PcCLHrhq
+6vB8mlkEanWv3Ar/1a17AoIBAQDwAAGDQdsQKOV0DVwwrrKkj0M2Y8OKyGuMb2Qc
+4sS0Liyv5CooLLOERKa8ECGPs9+Ryu/dg8y+eFZCm8nMV0GA74YOEkbUwGWjnjZy
+M4c/xfYIOv9+CvdqHU5Wh1Lt/8SFw4XZCr+5BeBNG46M9os2DMVnkbXplcSvl6Lb
+1SjTvDIBiG3+5Z0yU8hDI3ZDy1mELbzW4b+4P6QSdS6uIE2jgNFom1tIjdo0QNNF
+0gylIZflO3zbmb/R3kaxgWORQoYg3+UzcpqllG3W2FmcF/cKgfye7Gidg+SO8p/L
+zhqtn38qNG3bKuI2TacjWu5mArqLEK2Swe0nrjdCXDSbKWlHAoIBAQDEE867P7OM
+kL/S0MDr6t4JEDJrRuTNARqlFaM12oGmZFQeClxy/CMweNPdMlCx9TYDrG892vUY
+Gmr6mqzQ8SzBCQNtV3YAIEJshEA3S7a/YoMIlo6cafyMSN5iz23Gh8y1JfmOpiQf
+ffMolTdcKE/VsRHHiVAo6IocX0F0J0tm2ZvzpK6YYCmSuyuFDrg7ksVFYB9VPxDZ
+cnkyj3T9NEmCEwodfL4sc4mmLntjIpXF1xrPf08sO2V/Ct0nv/nFq+VO6k2U0AUK
+VQRLOLPj7SOKvUR7JPLBwNjbPUhyq3nX2ROXrUclgEqKAFlk2YmH9X3KNHIsobVV
+DogBb+vzusdXAoIBAEV4Gvf9ZgWFcPVosJi+2KLdfR0PP5i6brcVvyrFUR6+htza
+9IDwf333yTOCj9RiwoIW9dtuvSMc/gsFwSHO1/0UV/9Wtv36OvFjaGsiEzIYgSDc
+wvue/QLQPM67GPwfHqmBcQrkG57Y3pYzNc4Dx0P76mASQ0+7tFUHVXLAfrLbNLZQ
+4VX47MmWis80QpVZFS43dwPUEISqlzlohfyNCSwcq4DWB1Q3C0Q4x27cYCCkWq1V
+zMxb8rQy3M+gnkt7sAtwA44izDTFhA2+TiHqpe16tr7hu15swQnHnQ2HOR2sn0h+
+KJZaEWSakZigR4VroMeEKlninFzyBrjEq82F7R0CggEAE4lttdaZC0547oaCUn9q
+dDi67Vl4/rw3bW+EfZ8x/+RLRVr+7y4US4YehhG3XKP0J9WMl/szJJ2tPx8eTQta
+zDkbsE9goI6WT721sEzI/rTQHZDy0L72vPudvPayF2/8g6gu/3mqa8De85I6m+Ig
+YkhsXxddd1YEPON44BvyNWNFWLd19hTOz6H6qh1XWgg7w7faJ2JLSX9QeCs3GuuU
+z3MaNOnzAPbaJkbHYI9XoQjX0Qj8WInqiQgKFSXZu0pvZLeP114KwobKELyrn/BG
+9FH7etGppoiSkvW+PD69uzYT768CQchQpQN35MaQH43kZLtpDO1n5fu2rX37YqOf
+rQKCAQBIMsdsjvgvKVaglIJIzIgR9eFTryFo3HRKD7wasb8dcmlzbN1dwTE4Cck2
+XeQI5Ne4ks/CLkS/ygi8yrsPx1N8eMnYz0aGJbPVk/zxfor1vrIBpUMKFMR2KhWC
+hCXz2TenOYcujc7KFJq828Ku5O6REfdo6CYFT8ag2PwZOVQwp6Okm1ehUq+f+QMN
+DrmxZadj5zL9qjMf2QXnQ5J1ihfDmuX0e36DarAq9f3jujblKFMEkAx+hocXoMmj
+mru+V50PbFH2uc4t/dcmCWMPm/BX7zrQwkJffatj7lwwcyIPbIPwSObLgWfSEI1d
+jLG9z3ZTkwHuHm/qkFZG/RKSsOgw
+-----END PRIVATE KEY-----

certs/client.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFejCCA2KgAwIBAgIUEI7nS+4t8W3HYGNShYOTzlIIdoUwDQYJKoZIhvcNAQEL
+BQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB
+LCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowSjELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAldBMRowGAYDVQQKDBFUZXN0IENsaWVudCwgSW5jLjES
+MBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAt9KS+Cgaqaj1YdQw0Pkzb3lij3Iqt37pWMWxiqo/8ujUYRxOdhz9J320wBVC
+qUENnag8bvXmJxmRaeBC7rCCxoNXxsEuWAU+iN4dJvmjSbyJ+xoe9SyNfo/D4BxV
+tuhGxBp1g6doLnpC69priIK3k7uvP0bhP8hSahSit4FdXg5me4zq1FHWbTJ9Aw5C
+x8x2pENvPAwjhgOPF7WhJ2Qw0b5aSP2bzJiKPRswOKU3sCqbkio93RhkoTfX9SlU
+oYuwIC0UO1+9v8rNI/AzaXKOFYfGf8wo76ecE/TSOrfbgbcFbcHfDi/i25Z2kz+B
+33rhu8B1hgqOscDLKbIo5c3pdMPskL7G3ac4Og3MLymvygYXi2hC2W3UpH1nergh
+rwRNWohTnLHAwU6U/i9QjGI5WNAokitYJNauO9a8r0nP21eWpbjCVLOsZaoN5blx
+lnzVpIyC8IFPpKgP428iivAqA43WeTo1zeH2ZGw3KzT+UDCBvgkgeZQtI4HacXSk
+MDyfGwFvDAHbX31y9/Frjead/BsBr8DQxVqU+eMa46OmRey5jcKs/KUg5MAwLQKc
+rB1mr5kJVgSkBAsgBBoXvB05S9tM4YPgHj/d57U2XkOJ8pp8MsoC6VlwQrCGC/UM
+nk0/zIctjJszdQ6yGVQeEJEpQQuve8+VbHBwz6uyr85++CECAwEAAaNwMG4wLAYD
+VR0RBCUwI4IJbG9jYWxob3N0hxAAAAAAAAAAAAAAAAAAAAABhwR/AAABMB0GA1Ud
+DgQWBBSyv1xsyjmiMpxPoDwXyqv3m40etDAfBgNVHSMEGDAWgBS955SwUo8eJMKU
+K5pJCJ7dgEgPpTANBgkqhkiG9w0BAQsFAAOCAgEAgvdRnBGB5mqtcUaYeKFBsl0w
+RDUOOQpMXJ1KF4oUovJnAIG0RlY93+ULi78riTfHoHZ0spQCL+cplW2PPJaWIaOr
+nYGjr92EoR2wQ+wU1sCbq+q+UbzNc3tB1OcYXDbWZew1mkWQpLi/WW4n2rqJM81H
+Vb1AqlAFXEf20Z7+2L3gPzz7tq8uaGffiTAO1GLUNd3XcnMiXwvI9MzVJfIwOQyb
+iVFHKI4BLYNV8M3rJp1bs0C4jdFxhP5wR+X3F9UftgmKjIjBVV4DvcP6Otwk/qPi
+vBd7Zbe4Don4tRr/ihQZ9AE0UghloKfic+xadEkDQsiZ4/VIVqWmRldyriDSsGKY
+yayoukVPGQFvNw+4HUZPnpTwn16pn90k5MCEanVHo0MkXqnHziN+R8aV2nBbj1um
+SS6oNUjxQENuQBSFXZjKurssLQVVqolBjI/phD5miY8FfAcxjnAcU/LuYrq75u8K
+Fb5cO9ra19YmWtumMiabaoyVxjLLH/QYu6NMmVBa1NrLObz9UAIEUUbdWN05vPBK
+iJuLXwD1XeBYxmjiI59cl/H2urpX20FxiHJeC3T49p/SiryixxK6fp+hnJNOfY75
+QfccXTAFYngqrs7UGkiDn7AYEl2Ffv44CvWRvACIiL1TqxRgPdJZHceYqLwCfbgV
+cmoFO2F27/Uo4XmKOgw=
+-----END CERTIFICATE-----

certs/cluster-cert.conf

@@ -0,0 +1,16 @@
+[req]
+default_bits = 4096
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+[dn]
+C = US
+ST = WA
+O = Test Cluster, Inc.
+CN = localhost
+[req_ext]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = localhost
+IP.1 = ::1

certs/cluster.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCr6sj3mqlaOH9q
+r9fBRcHJoNjlY0ViSaNqwtQNmbxY3EMBe3t5OA2DP4NTQiGxFfzt3ffxXxYN9sfi
+icVO0kRXf7KDJfwV88eroqR2RXyK085BWp7WlS71RjrhoNR6Nqg5fL1vSYRxPSfy
+a3O3PrgwwQ7gSBDFBzkmu0J+flNRVI4nUAdPypCv74mRxrJi+plkG/JUwAE0T8eZ
+jdSF9q7MmCHkhxX5YANiTM+blWKGeZOkYdu6C+bxTNGlZFEDLOogLVruQrHjIzwY
+Gra7gcNKmGaPXHypa/9QuXRSli32MyObV9z7FK3j+EWw9uBNG49fJEYmmP0RvWQa
+wlXuA8dyF1L0AGduSVzKKVi+VY++CGGxWOxIGfa0t7f+WH0icmfEM+t+qqs9BnEE
+wSPOl8bVUiAnGwumoWEZ5QgHaxZJhYmPHnpP/EaEaxNUbdW4tsNz0dq4A1MeFHky
+Dw6/F+XjijBBn3TSTrdvsLooGR8mgpekqBAFbJ5ewaoZjXjbj5I9shbMKo/0QcJW
+TP0KWVgk20OPuHLRFb3rFZXWznUx0e/+ELqEaNRI/pYTuicy9nfapy69Pxxe37GU
+x9KNk6BmDpmanMhmjBKRxKCFHGNy8OLojfTRQBWqoxv+fY7fsanqGdFx86qM3wjO
+x4vPKWbT40Ltb77fLb5RkvVXz1+eEwIDAQABAoICACfofVWJOCYC9oUgI9Awbs9t
+ANyjIlCyMnbOmmY72W6xVvapoRyfJ/ffTw+NSv/uUEQxomSMQ7TjJDyQ6dYl1oqP
+ULPEJhQ8fo332ADCmaoqh/dA352FjRyP/IwzBxAFzyBlNh527QFShoruabLQovZi
+Yp8q64Wpaxl0H/f4QEQhgkxa9g+OQO8uhntqKi/y55fHKwaEeeMYYAfj1kFw5dwF
+ttxzhWTZ5n8zwH/n+jKoV18x/k1ehPJf+EzSEEJR81mb3b9wiRXmsIUR8nhto5WV
+8jz2ZdP4h5DINFoVlb7Q2UOu7lP01XcVw6vUa3ZK3wnhhE1id2DeW7Yghc0WYH5Y
+xzKXOEccpM5n2rfZGHoRJGxQw3JLUQBjNHRZRXI/XsSatm7oWJsGjMbOe1NT2C05
+9wGVompf+J/+E5fbWqbIpxdCUmgXS+odyGm4cnnqBkxKNSoyGjfpo5cjk9HcXAqn
+4NyE5lJ97kvmIGyoo7Dax7TjVWiojqS7u5Mbnko6+4UmrMD/inLKAxVwF9UodI7D
+tORrFxX4seEMfd2/MX+WbP4Ur8aBZb2wHuDX+87WgVuu/KM/OsJ8XeJWuxS9UgA6
+bLytTF701exAbxKs6Yqe54oVQKPXJohPNsiVwfthfU++daQjlMPqDZO+173toSss
+BSxkXps1gtQWz601ix0RAoIBAQDT0nTFwtVLm73Mp1gc2UN/SdpcDJSj+t0R4s8n
+/qOblacWotzVYN2EcOPkRcVKskjCXJV4mXrki7Jz8qVbUX+IQnHawFiDAFDs7AJF
+S6DQA5TPeSSFWYFAFJmYoQ7vN0mBgzEedl3/pAeNsKmDD7zG46xrTU3QuoKthgGJ
+SIMrdShm8rQ8H2Jh6FYPMyfVIyTSjLOaubcDnh76F7O6LlZkatgPoASdLZfPoC14
+zrpHA/fpA9rnFfcDHtyyWB7B0FypsLdgSTgsNozB95eYdyQH2rwn4Ca0YdwqoJJe
+T/WC3bmpYQfd3bco3oK7N6nY2ILtff69nXU8TLKDWmxvMq2DAoIBAQDPxbwLN8Mr
+eZDQeoOdAXDf7gq2GlFFHNqUpX7JWNpQjnxdZym7p3RlZ/RRIeL7mDy7LJHM6vBw
+zNKk6OSmUBCqrwx7HmA2Ae9QcS8Gjb0gkozgNuD8LiFDBeeJ/aDxs3ByaMGfRvBr
++Lrtg0sG1HezQ14vG9nPi1xarN4eiJKXdRy6U/sNEOkIB08VAOFTRSARiZngVD9J
+qi4Etc5AozEDFBylOKInVpOahuzHMdbacVmczWFOl+Gcxm8TzADHr+M5F6YLM2me
+kWGYiK9jw0IBN+DutIF9r/7v5yURlLsgShPjKytB2Mpj1H+vA45RfPqs88wqb7Ns
+5UofnsF0nXgxAoIBAQDHbiNBOpHlcMl/EKN17dyN0HPFLJcZ2IwhVeDib+2MA5dg
+SZAPWfbVxg/aERKSpE66p76W4DIDUb9/SRoEYzPmj2Bwq53qIPcQSZhNs8nBb03B
+FPackkuNkJeYSzMraGtNg75QRvNzR/VQot7GJZ//xcXE9PBpr+BvDXcO0PWmidSz
+MJke7hGLytqTzv8WvdLiZVSIPYgg4NObdYtipFP0kV/BPlB5x75h3hZR4pkhWYwk
+l9uWrGh3SKxTQYIbylgj79yGzAkWH3ng+YKCKtICjx+Nj44BUQ2gGLQWFcQ6JRWz
+ckaczi2vTefZ6quAHUEP5wtbbQ8+6Zs87nqfKyCPAoIBACTIKpwJySFfKgXeSoJ3
+CNZ7u6W1TwHfM8rw6VsXwb5VGysl4jt4T6DMIHJkf1xu/QFdyInwZZRyji/nkuLm
+dazhxGHfZMTq3sTs5JhSa1Li3tGqpXW/bOACoZTKM73WOGfop65czp8ur1jwz01s
+O6yeloPceFjHoRfkVoYtQ1ZQwz8xMtaDUd27/YIIX9tv91djdrxB7dpKqE7pKJRE
+z55t5wxQ1FQGfabzj+NLrW+KdYTOzxUsyiII9w0YJmMzfhRTXW/KMD6EGjT4raQJ
+oxu4GrfneK0ZhRZPYz6Th/UVaCPlNok3qcy2h8wh4wYGDBKmLlSs5aS3isHCRxkv
+72ECggEAZ2TD9Q2WekzjSDwhVgXARtWsd5lPE0o4hvN2gwbRy+DL90HOHsVXfIZZ
+OvtVrSwd+Jq5MtuJV2DVx7AsyafqMkNL+l6eitHTJjfItMQYK1zjDJGkDwNRl3T3
+zWu0qrga308JwMu8jvncaX0qCIPCdY2l56tIVquqSxviEC899o83U7tosHqOxS+5
+Et7VPl+vtw/uT379zudbuxRRlSibdg8Y29Td9KbJGystrtU/lXJ1fUxmVrz1At33
+lrTVMpeOr9UjHsnVC9xngnGnfFBTkctvhBvdDlylTbZ0z84mF0Vhq1wuVoI0AZgu
+2/GlTo9c9RvB9guyoeGhG7n9TqqSxQ==
+-----END PRIVATE KEY-----

certs/cluster.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdTCCA12gAwIBAgIUEI7nS+4t8W3HYGNShYOTzlIIdoQwDQYJKoZIhvcNAQEL
+BQAwMjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRYwFAYDVQQKDA1UZXN0IENB
+LCBJbmMuMB4XDTI0MDkyMDExMzY1OFoXDTI1MDkyMDExMzY1OFowSzELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAldBMRswGQYDVQQKDBJUZXN0IENsdXN0ZXIsIEluYy4x
+EjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAKvqyPeaqVo4f2qv18FFwcmg2OVjRWJJo2rC1A2ZvFjcQwF7e3k4DYM/g1NC
+IbEV/O3d9/FfFg32x+KJxU7SRFd/soMl/BXzx6uipHZFfIrTzkFantaVLvVGOuGg
+1Ho2qDl8vW9JhHE9J/Jrc7c+uDDBDuBIEMUHOSa7Qn5+U1FUjidQB0/KkK/viZHG
+smL6mWQb8lTAATRPx5mN1IX2rsyYIeSHFflgA2JMz5uVYoZ5k6Rh27oL5vFM0aVk
+UQMs6iAtWu5CseMjPBgatruBw0qYZo9cfKlr/1C5dFKWLfYzI5tX3PsUreP4RbD2
+4E0bj18kRiaY/RG9ZBrCVe4Dx3IXUvQAZ25JXMopWL5Vj74IYbFY7EgZ9rS3t/5Y
+fSJyZ8Qz636qqz0GcQTBI86XxtVSICcbC6ahYRnlCAdrFkmFiY8eek/8RoRrE1Rt
+1bi2w3PR2rgDUx4UeTIPDr8X5eOKMEGfdNJOt2+wuigZHyaCl6SoEAVsnl7BqhmN
+eNuPkj2yFswqj/RBwlZM/QpZWCTbQ4+4ctEVvesVldbOdTHR7/4QuoRo1Ej+lhO6
+JzL2d9qnLr0/HF7fsZTH0o2ToGYOmZqcyGaMEpHEoIUcY3Lw4uiN9NFAFaqjG/59
+jt+xqeoZ0XHzqozfCM7Hi88pZtPjQu1vvt8tvlGS9VfPX54TAgMBAAGjajBoMCYG
+A1UdEQQfMB2CCWxvY2FsaG9zdIcQAAAAAAAAAAAAAAAAAAAAATAdBgNVHQ4EFgQU
+ZZEqU8TCqT8g2kMFORgQjNzcWPMwHwYDVR0jBBgwFoAUveeUsFKPHiTClCuaSQie
+3YBID6UwDQYJKoZIhvcNAQELBQADggIBAG9ux4A3G1gHP+coM9cEjrl2vxNgIZQX
+0Gs47oPH98Bw7j8OvTngf7g0cz4Q+Afv2mdK8s95pxy09SDUpZcKinrM1CSoSl7A
+6iMymOiRmS5C2gbpfe9Nd+MbuuCqxIfUha7Y2s/XO1+E+Cxf2wBztXteISLmkAVZ
+ZearrYYhpySflbMiNeCU0/yvmdAC0BL51zR8fvZ/LvYOK0mEkAvc5jKJrXNBNlkL
+IoElKE7lkRSb5ZbiXBBfJ+m9bc+i53Vbr9NoHHqA/nWPnCg8YmrJhl7/qaZOC1u+
+czs1Dj05oHx+WNfR8A5xnTcmCrgtLpf0Bg+1mx6QHAgHk73+SoOu8OEAqeCmKz10
+U30LguB6TDPK90yUhIZHo6FJxQJoKex7ph0WhLwGM8NAiTSApZcvuZbVOu4y7kKm
++y7QK80XCICajr4iKJQSm7kqsoEA5HawZGH0LcaO7+zp+Jnka4bB6RIbfbAePkYx
+r8dF3vs69JdPAkklRcW6NIWUA3tQT/RcFBQlG8+dO8MynrTsrWQh+VuqSdZBtcyk
+/AYAfXJPKO2JrzwE9PnN32FFvbvhJ967C3WVcDB0nTw7sQDvr42GGT8pfqOkN1z6
+qvjteAgbOceRsnR/Zl/SjENo5By67n7EmKFIznWffGeZurtoA5KM7YuhCdnd51uS
+LwpXS8CJoWtJ
+-----END CERTIFICATE-----

certs/generate-test-certs.sh

@@ -0,0 +1,22 @@
+# This scripts generates test keys and certificates for the sample.
+# In a production environment such artifacts should be genrated
+# by a proper certificate authority and handled in a secure manner.
+
+CERTS_DIR=./certs
+mkdir $CERTS_DIR
+
+# Generate a private key and a certificate for a test certificate authority
+openssl genrsa -out $CERTS_DIR/ca.key 4096
+openssl req -new -x509 -key $CERTS_DIR/ca.key -sha256 -subj "/C=US/ST=WA/O=Test CA, Inc." -days 365 -out $CERTS_DIR/ca.cert
+
+# Generate a private key and a certificate for cluster 
+openssl genrsa -out $CERTS_DIR/cluster.key 4096
+openssl req -new -key $CERTS_DIR/cluster.key -out $CERTS_DIR/cluster.csr -config $CERTS_DIR/cluster-cert.conf
+openssl x509 -req -in $CERTS_DIR/cluster.csr -CA $CERTS_DIR/ca.cert -CAkey $CERTS_DIR/ca.key -CAcreateserial -out $CERTS_DIR/cluster.pem -days 365 -sha256 -extfile $CERTS_DIR/cluster-cert.conf -extensions req_ext
+
+# Generate a private key and a certificate for clients
+openssl req -newkey rsa:4096 -nodes -keyout "$CERTS_DIR/client.key" -out "$CERTS_DIR/client.csr" -config $CERTS_DIR/client-cert.conf
+openssl x509 -req -in $CERTS_DIR/client.csr -CA $CERTS_DIR/ca.cert -CAkey $CERTS_DIR/ca.key -CAcreateserial -out $CERTS_DIR/client.pem -days 365 -sha256 -extfile $CERTS_DIR/client-cert.conf -extensions req_ext
+# Export to .pfx 
+# "-keypbe NONE -certpbe NONE -passout pass:" specifies an unencrypted archive
+openssl pkcs12 -export -out $CERTS_DIR/client.pfx -inkey $CERTS_DIR/client.key -in $CERTS_DIR/client.pem -keypbe NONE -certpbe NONE -passout pass:

go.mod

@@ -88,7 +88,7 @@ require (
 	google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
-	google.golang.org/grpc v1.61.0 // indirect
+	google.golang.org/grpc v1.61.0
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

internal/clients/namespace_test.go

@@ -22,6 +22,16 @@ func createTemporalNamespaceService(t *testing.T) *TemporalServiceImpl {
 	return temporalService
 }
 
+func createTemporalNamespaceServiceTLS(t *testing.T) *TemporalServiceImpl {
+	temporalService := createTemporalServiceTLS(t)
+
+	_, err := temporalService.DeleteAllNamespaces(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+	return temporalService
+}
+
 func createDefaultNamespaceParametersWithName(name string) *core.TemporalNamespaceParameters {
 	desc := "Desc1"
 	mail := "[email protected]"
@@ -234,6 +244,64 @@ func TestCreateDelete(t *testing.T) {
 	assertNamespacesCount(t, temporalService, 0)
 }
 
+func TestCreateTLS(t *testing.T) {
+	skipIfIsShort(t)
+
+	temporalService := createTemporalNamespaceServiceTLS(t)
+	testNamespace := createDefaultNamespaceParametersWithName("TestTLS007")
+
+	err := temporalService.CreateNamespace(context.Background(), testNamespace)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	created, err := temporalService.DescribeNamespaceByName(context.Background(), testNamespace.Name)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertNamespaceAreEqual(t, temporalService, created, testNamespace)
+	assertNamespacesCount(t, temporalService, 1)
+
+	_, err = temporalService.DeleteNamespaceByName(context.Background(), testNamespace.Name)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertNamespacesCount(t, temporalService, 0)
+}
+
+func TestCreateDeleteTLS(t *testing.T) {
+	skipIfIsShort(t)
+
+	temporalService := createTemporalNamespaceServiceTLS(t)
+	testNamespace1 := createDefaultNamespaceParametersWithName("TestTLS004")
+
+	err1 := temporalService.CreateNamespace(context.Background(), testNamespace1)
+	if err1 != nil {
+		t.Fatal(err1)
+	}
+
+	created1, err1 := temporalService.DescribeNamespaceByName(context.Background(), testNamespace1.Name)
+	if err1 != nil {
+		t.Fatal(err1)
+	}
+
+	assertNamespaceAreEqual(t, temporalService, created1, testNamespace1)
+	assertNamespacesCount(t, temporalService, 1)
+
+	deleted, err1 := temporalService.DeleteNamespaceByName(context.Background(), created1.Name)
+	if err1 != nil {
+		t.Fatal(err1)
+	}
+
+	if deleted == nil {
+		t.Fatal("Namespace " + created1.Name + " not deleted")
+	}
+	t.Logf("Deleted: %s", *deleted)
+	assertNamespacesCount(t, temporalService, 0)
+}
+
 func assertNamespaceAreEqual(t *testing.T, temporalService NamespaceService, actual *core.TemporalNamespaceObservation, expected *core.TemporalNamespaceParameters) {
 	mappedActual, err := temporalService.MapToNamespaceCompare(actual)
 	if err != nil {