feat: simplify the grpc tls authentication (#1199)

master
Kevin Wan 3 years ago committed by GitHub
parent 1ece3a498f
commit 3c894a3fb7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -20,12 +20,10 @@ var (
WithTimeout = internal.WithTimeout WithTimeout = internal.WithTimeout
// WithRetry is an alias of internal.WithRetry. // WithRetry is an alias of internal.WithRetry.
WithRetry = internal.WithRetry WithRetry = internal.WithRetry
// WithTransportCredentials return a func to make the gRPC calls secured with given credentials.
WithTransportCredentials = internal.WithTransportCredentials
// WithUnaryClientInterceptor is an alias of internal.WithUnaryClientInterceptor. // WithUnaryClientInterceptor is an alias of internal.WithUnaryClientInterceptor.
WithUnaryClientInterceptor = internal.WithUnaryClientInterceptor WithUnaryClientInterceptor = internal.WithUnaryClientInterceptor
// WithTlsClientFromUnilateral is an alias of internal.WithTlsClientFromUnilateral
WithTlsClientFromUnilateral = internal.WithTlsClientFromUnilateral
// WithTlsClientFromMutual is an alias of internal.WithTlsClientFromMutual
WithTlsClientFromMutual = internal.WithTlsClientFromMutual
) )
type ( type (

@ -2,12 +2,8 @@ package internal
import ( import (
"context" "context"
"crypto/tls"
"crypto/x509"
"errors" "errors"
"fmt" "fmt"
"io/ioutil"
"log"
"strings" "strings"
"time" "time"
@ -147,51 +143,17 @@ func WithRetry() ClientOption {
} }
} }
// WithUnaryClientInterceptor returns a func to customize a ClientOptions with given interceptor. // WithTransportCredentials return a func to make the gRPC calls secured with given credentials.
func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientOption { func WithTransportCredentials(creds credentials.TransportCredentials) ClientOption {
return func(options *ClientOptions) {
options.DialOptions = append(options.DialOptions, WithUnaryClientInterceptors(interceptor))
}
}
// WithTlsClientFromUnilateral return a func to customize a ClientOptions Verify with Unilateralism authentication.
func WithTlsClientFromUnilateral(crt, domainName string) ClientOption {
return func(options *ClientOptions) { return func(options *ClientOptions) {
c, err := credentials.NewClientTLSFromFile(crt, domainName)
if err != nil {
log.Fatalf("credentials.NewClientTLSFromFile err: %v", err)
}
options.Secure = true options.Secure = true
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c)) options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(creds))
} }
} }
// WithTlsClientFromMutual return a func to customize a ClientOptions Verify with mutual authentication. // WithUnaryClientInterceptor returns a func to customize a ClientOptions with given interceptor.
func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption { func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientOption {
return func(options *ClientOptions) { return func(options *ClientOptions) {
cert, err := tls.LoadX509KeyPair(crtFile, keyFile) options.DialOptions = append(options.DialOptions, WithUnaryClientInterceptors(interceptor))
if err != nil {
log.Fatalf("tls.LoadX509KeyPair err: %v", err)
}
certPool := x509.NewCertPool()
ca, err := ioutil.ReadFile(caFile)
if err != nil {
log.Fatalf("credentials: failed to ReadFile CA certificates err: %v", err)
}
if !certPool.AppendCertsFromPEM(ca) {
log.Fatalf("credentials: failed to append certificates err: %v", err)
}
config := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: certPool,
}
options.Secure = true
options.DialOptions = append(options.DialOptions,
grpc.WithTransportCredentials(credentials.NewTLS(config)))
} }
} }

@ -38,6 +38,13 @@ func TestWithNonBlock(t *testing.T) {
assert.True(t, options.NonBlock) assert.True(t, options.NonBlock)
} }
func TestWithTransportCredentials(t *testing.T) {
var options ClientOptions
opt := WithTransportCredentials(nil)
opt(&options)
assert.Equal(t, 1, len(options.DialOptions))
}
func TestWithUnaryClientInterceptor(t *testing.T) { func TestWithUnaryClientInterceptor(t *testing.T) {
var options ClientOptions var options ClientOptions
opt := WithUnaryClientInterceptor(func(ctx context.Context, method string, req, reply interface{}, opt := WithUnaryClientInterceptor(func(ctx context.Context, method string, req, reply interface{},

Loading…
Cancel
Save