Skip to content

fix(checkoutservice): Option 3 — Centralized dialService helper with enforced TLS#4

Open
mikecstone wants to merge 1 commit into
masterfrom
fix/grpc-tls-dial-helper
Open

fix(checkoutservice): Option 3 — Centralized dialService helper with enforced TLS#4
mikecstone wants to merge 1 commit into
masterfrom
fix/grpc-tls-dial-helper

Conversation

@mikecstone

@mikecstone mikecstone commented May 17, 2026

Copy link
Copy Markdown
Owner

Summary

  • Introduces dialService(ctx, addr), a shared helper method on checkoutService that wraps grpc.DialContext with system CA TLS credentials and the OpenCensus stats handler
  • Replaces all 8 inline grpc.DialContext(... grpc.WithInsecure() ...) call sites with cs.dialService(ctx, addr)
  • Fixes context.TODO()ctx in convertCurrency

Trade-offs

Pros:

  • Eliminates the 8-way duplication of dial boilerplate — TLS is enforced in exactly one place
  • Structural guarantee: a future developer adding a new service client calls cs.dialService() and gets TLS for free; they'd have to actively bypass it to introduce insecure connections
  • Smallest surface area to audit for TLS correctness going forward
  • Uses system root CA (same trust model as Option 1) — no cert infrastructure required

Cons:

  • One-way TLS only (same limitation as Option 1) — upgrade to mTLS (see Option 2) if client authentication is required
  • All connections share the same TLS configuration; if different services need different CA pools, the helper would need to accept options

Note on the existing TODO comment

main.go line 431 has // TODO: Dial and create client once, reuse. — this PR does not address connection pooling, but the dialService helper makes that refactor straightforward in a follow-up.

When to use this

Best fit when you want to fix the security issue and clean up the code duplication in the same PR. Recommended as the baseline regardless of whether you later layer mTLS on top.

Test plan

  • Confirm PlaceOrder end-to-end works after the change
  • Verify no grpc.WithInsecure() references remain in the file (grep WithInsecure src/checkoutservice/main.go should return nothing)
  • Confirm that adding a new service client in future uses dialService and not a raw grpc.DialContext

🤖 Generated with Claude Code

@claude
fix(checkoutservice): centralize gRPC dialing with enforced TLS
ff61010 
Introduces dialService(), a shared helper that wraps grpc.DialContext with
TLS credentials (system root CA) and the OpenCensus stats handler. All 8
service connection call sites are replaced with cs.dialService(), removing
grpc.WithInsecure() entirely and preventing it from reappearing on future
additions. Also fixes context.TODO() -> ctx in convertCurrency.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ox-security

ox-security Bot commented May 17, 2026

Copy link
Copy Markdown

OX Security Logo

OX Security reviewed this pull request — nothing to fix.

No issues found

Branch fix/grpc-tls-dial-helpermaster

View scan in OX Security →

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mikecstone