feat: support ssl on zrpc, simplify the config (#1175)

master
Kevin Wan 3 years ago committed by GitHub
parent 9df6786b09
commit c1a8ccda11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -18,10 +18,8 @@ var (
WithRetry = internal.WithRetry
// WithUnaryClientInterceptor is an alias of internal.WithUnaryClientInterceptor.
WithUnaryClientInterceptor = internal.WithUnaryClientInterceptor
// WithInsecure is an alias of internal.WithInsecure.
WithInsecure = internal.WithInsecure
// WithTlsClientFromUnilateralism is an alias of internal.WithTlsClientFromUnilateralism
WithTlsClientFromUnilateralism = internal.WithTlsClientFromUnilateralism
// WithTlsClientFromUnilateral is an alias of internal.WithTlsClientFromUnilateral
WithTlsClientFromUnilateral = internal.WithTlsClientFromUnilateral
// WithTlsClientFromMutual is an alias of internal.WithTlsClientFromMutual
WithTlsClientFromMutual = internal.WithTlsClientFromMutual
)
@ -64,9 +62,6 @@ func NewClient(c RpcClientConf, options ...ClientOption) (Client, error) {
opts = append(opts, WithRetry())
}
opts = append(opts, options...)
if !c.HasSslVerify() {
opts = append(opts, WithInsecure())
}
var target string
var err error

@ -30,7 +30,6 @@ type (
Token string `json:",optional"`
Retry bool `json:",optional"` // grpc auto retry
Timeout int64 `json:",default=2000"`
InsecureVerify bool `json:",default=false"`
}
)
@ -73,8 +72,3 @@ func (sc RpcServerConf) Validate() error {
func (cc RpcClientConf) HasCredential() bool {
return len(cc.App) > 0 && len(cc.Token) > 0
}
//HasTls checks if there is a SSL in config.
func (cc RpcClientConf) HasSslVerify() bool {
return cc.InsecureVerify
}

@ -14,11 +14,6 @@ func TestRpcClientConf(t *testing.T) {
assert.True(t, conf.HasCredential())
conf = NewEtcdClientConf([]string{"localhost:1234", "localhost:5678"}, "key", "foo", "bar")
assert.True(t, conf.HasCredential())
// ssl on
conf = NewDirectClientConf([]string{"localhost:1234", "localhost:5678"}, "foo", "bar")
assert.False(t, conf.HasSslVerify())
conf.InsecureVerify = true
assert.True(t, conf.HasSslVerify())
}
func TestRpcServerConf(t *testing.T) {

@ -36,6 +36,7 @@ type (
// A ClientOptions is a client options.
ClientOptions struct {
Timeout time.Duration
Secure bool
Retry bool
DialOptions []grpc.DialOption
}
@ -69,7 +70,12 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption {
opt(&cliOpts)
}
options := []grpc.DialOption{
var options []grpc.DialOption
if !cliOpts.Secure {
options = append([]grpc.DialOption(nil), grpc.WithInsecure())
}
options = append(options,
grpc.WithBlock(),
WithUnaryClientInterceptors(
clientinterceptors.UnaryTracingInterceptor,
@ -82,7 +88,7 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption {
WithStreamClientInterceptors(
clientinterceptors.StreamTracingInterceptor,
),
}
)
return append(options, cliOpts.DialOptions...)
}
@ -116,13 +122,6 @@ func WithDialOption(opt grpc.DialOption) ClientOption {
}
}
// WithInsecure returns a func to customize a ClientOptions with secure option.
func WithInsecure() ClientOption {
return func(options *ClientOptions) {
options.DialOptions = append(options.DialOptions, grpc.WithInsecure())
}
}
// WithTimeout returns a func to customize a ClientOptions with given timeout.
func WithTimeout(timeout time.Duration) ClientOption {
return func(options *ClientOptions) {
@ -144,13 +143,15 @@ func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientO
}
}
// WithTlsClientFromUnilateralism return a func to customize a ClientOptions Verify with Unilateralism authentication.
func WithTlsClientFromUnilateralism(crt, domainName string) ClientOption {
// WithTlsClientFromUnilateral return a func to customize a ClientOptions Verify with Unilateralism authentication.
func WithTlsClientFromUnilateral(crt, domainName string) ClientOption {
return func(options *ClientOptions) {
c, err := credentials.NewClientTLSFromFile(crt, domainName)
if err != nil {
log.Fatalf("credentials.NewClientTLSFromFile err: %v", err)
}
options.Secure = true
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c))
}
}
@ -162,6 +163,7 @@ func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
if err != nil {
log.Fatalf("tls.LoadX509KeyPair err: %v", err)
}
certPool := x509.NewCertPool()
ca, err := ioutil.ReadFile(caFile)
if err != nil {
@ -177,6 +179,8 @@ func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
RootCAs: certPool,
}
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(credentials.NewTLS(config)))
options.Secure = true
options.DialOptions = append(options.DialOptions,
grpc.WithTransportCredentials(credentials.NewTLS(config)))
}
}

Loading…
Cancel
Save