feat:add tls config & healthProbe

sjy-dv · Jan 12, 2024 · be4ab80 · be4ab80
1 parent d7d6618
commit be4ab80
Show file tree

Hide file tree

Showing 7 changed files with 183 additions and 4 deletions.
diff --git a/client/client.go b/client/client.go
@@ -100,9 +100,19 @@ func RegisterBridgerClient(opt *options.Options) *BridgerAgent {
 			grpc.MaxCallSendMsgSize(maxSendMsgSize),
 		),
 	}
-	if opt.Credentials {
-		clientOpts = append(clientOpts, grpc.WithTransportCredentials(
-			credentials.NewTLS(&tls.Config{})))
+	if opt.Credentials.Enable {
+		if opt.Credentials.TLS != nil {
+			clientOpts = append(clientOpts, grpc.WithTransportCredentials(
+				credentials.NewTLS(opt.Credentials.TLS.Clone()),
+			))
+		} else if opt.Credentials.Cred != nil {
+			clientOpts = append(clientOpts, grpc.WithTransportCredentials(opt.Credentials.Cred))
+		} else {
+			clientOpts = append(clientOpts, grpc.WithTransportCredentials(
+				credentials.NewTLS(&tls.Config{
+					InsecureSkipVerify: true,
+				})))
+		}
 	} else {
 		clientOpts = append(clientOpts, grpc.WithTransportCredentials(
 			insecure.NewCredentials()))

diff --git a/client/options/options.go b/client/options/options.go
@@ -2,9 +2,11 @@ package options
 
 import (
 	"context"
+	"crypto/tls"
 	"time"
 
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 )
 
 type Options struct {
@@ -21,7 +23,13 @@ type Options struct {
 	KeepAliveTimeout time.Duration
 	KeepAliveTime    time.Duration
 	MaxSession       int32
-	Credentials      bool
+	Credentials      Credentials
+}
+
+type Credentials struct {
+	Enable bool
+	TLS    *tls.Config
+	Cred   credentials.TransportCredentials
 }
 
 const DefaultMsgSize = 104858000 // 10mb

diff --git a/examples/tls/client.go b/examples/tls/client.go
@@ -0,0 +1,68 @@
+package main
+
+import (
+	"log"
+	"time"
+
+	"github.com/sjy-dv/bridger/client"
+	"github.com/sjy-dv/bridger/client/options"
+	"google.golang.org/grpc/credentials"
+)
+
+/*
+If you are connecting to a pure gRPC server using SSL in Ingress,
+
+	simply set Enable to true without any additional configuration.
+*/
+func main() {
+	/*
+		not tls
+	*/
+	// bridgerClient := client.RegisterBridgerClient(&options.Options{
+	// 	Addr:           "127.0.0.1:50051",
+	// 	MinChannelSize: 1,
+	// 	MaxChannelSize: 4,
+	// 	Timeout:        time.Duration(time.Second * 5),
+	// })
+	// defer bridgerClient.Close()
+	/*
+		using ca.cert
+	*/
+	// b, _ := os.ReadFile("ca.cert")
+	// cp := x509.NewCertPool()
+	// if !cp.AppendCertsFromPEM(b) {
+	// 	panic("credentials: failed to append certificates")
+	// }
+	// bridgerClient := client.RegisterBridgerClient(&options.Options{
+	// 	Addr:           "127.0.0.1:50051",
+	// 	MinChannelSize: 1,
+	// 	MaxChannelSize: 4,
+	// 	Timeout:        time.Duration(time.Second * 5),
+	// 	Credentials: options.Credentials{
+	// 		Enable: true,
+	// 		TLS: &tls.Config{
+	// 			InsecureSkipVerify: false,
+	// 			RootCAs:            cp,
+	// 		},
+	// 	},
+	// })
+	// defer bridgerClient.Close()
+	/*
+		using pem
+	*/
+	creds, err := credentials.NewClientTLSFromFile("service.pem", "")
+	if err != nil {
+		log.Fatalf("could not process the credentials: %v", err)
+	}
+	bridgerClient := client.RegisterBridgerClient(&options.Options{
+		Addr:           "127.0.0.1:50051",
+		MinChannelSize: 1,
+		MaxChannelSize: 4,
+		Timeout:        time.Duration(time.Second * 5),
+		Credentials: options.Credentials{
+			Enable: true,
+			Cred:   creds,
+		},
+	})
+	defer bridgerClient.Close()
+}
diff --git a/examples/tls/server.go b/examples/tls/server.go
@@ -0,0 +1,62 @@
+package main
+
+import (
+	"log"
+
+	"github.com/sjy-dv/bridger/server"
+	"github.com/sjy-dv/bridger/server/dispatcher"
+	"github.com/sjy-dv/bridger/server/options"
+	"google.golang.org/grpc/credentials"
+)
+
+func main() {
+	bridger := server.New()
+	creds, err := credentials.NewServerTLSFromFile("service.pem", "service.key")
+	if err != nil {
+		log.Fatalf("Failed to setup TLS: %v", err)
+	}
+	bridger.Register("/greetings", greetings)
+	bridger.Register("/greetings/withname",
+		greetingsWithHeaderName,
+		"is using metadata api")
+	bridger.RegisterBridgerServer(&options.Options{
+		Port:                         50051,
+		ChainUnaryInterceptorLogger:  true,
+		ChainStreamInterceptorLogger: true,
+		Credentials: options.Credentials{
+			Enable: true,
+			Cred:   creds,
+		},
+	})
+}
+
+func greetings(dtx dispatcher.DispatchContext) *dispatcher.ResponseWriter {
+	var (
+		req = struct {
+			Msg string
+		}{}
+		err error
+	)
+	err = dtx.Bind(&req)
+	if err != nil {
+		return dtx.Error(err)
+	}
+	req.Msg = req.Msg + "\n" + "Me too.."
+	return dtx.Reply(&req)
+}
+
+func greetingsWithHeaderName(dtx dispatcher.DispatchContext) *dispatcher.ResponseWriter {
+	var (
+		req = struct {
+			Msg string
+		}{}
+		err error
+	)
+	err = dtx.Bind(&req)
+	if err != nil {
+		return dtx.Error(err)
+	}
+	name := dtx.GetMetadata("name")
+	req.Msg = "Hello " + name
+	return dtx.Reply(&req)
+}
diff --git a/server/bootstrap.go b/server/bootstrap.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	_ "google.golang.org/grpc/encoding/gzip"
+	"google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/grpc/keepalive"
 
 	grpc_logrus "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus"
@@ -108,10 +109,16 @@ func (b *Bridger) RegisterBridgerServer(opt *options.Options) error {
 			Timeout: options.DefaultKeepAliveTimeout,
 		}))
 	}
+	if opt.Credentials.Enable && opt.Credentials.Cred != nil {
+		serverOptions = append(serverOptions, grpc.Creds(opt.Credentials.Cred.Clone()))
+	}
 	dispatch := rpcDispatcher{}
 	dispatch.DispatchService = &dispatchService{dispatch}
 	grpcServer := grpc.NewServer(serverOptions...)
 	pb.RegisterBridgerServer(grpcServer, dispatch.DispatchService)
+	if opt.HealthProbe {
+		grpc_health_v1.RegisterHealthServer(grpcServer, dispatch.healthCheck)
+	}
 	b.Logger.WithField("action", "grpc_startup").Infof("grpc server listening at %v", lis.Addr())
 	if err := grpcServer.Serve(lis); err != nil {
 		b.Logger.WithError(err)

diff --git a/server/options/options.go b/server/options/options.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 )
 
 type Options struct {
@@ -20,6 +21,13 @@ type Options struct {
 	KeepAliveTimeout         time.Duration
 	KeepAliveTime            time.Duration
 	EnforcementPolicyMinTime time.Duration
+	Credentials              Credentials
+	HealthProbe              bool // you must include health_probe binary
+}
+
+type Credentials struct {
+	Enable bool
+	Cred   credentials.TransportCredentials
 }
 
 const (

diff --git a/server/register.go b/server/register.go
@@ -7,18 +7,24 @@ import (
 	pb "github.com/sjy-dv/bridger/grpc/protocol/v0"
 
 	"github.com/sjy-dv/bridger/server/dispatcher"
+	"google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/protobuf/types/known/emptypb"
 )
 
 type rpcDispatcher struct {
 	pb.UnimplementedBridgerServer
 	DispatchService *dispatchService
+	healthCheck     *healthRpcService
 }
 
 type dispatchService struct {
 	rpcDispatcher
 }
 
+type healthRpcService struct {
+	rpcDispatcher
+}
+
 func (dispatch *rpcDispatcher) Ping(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) {
 	return &emptypb.Empty{}, nil
 }
@@ -50,3 +56,13 @@ func (dispatch *rpcDispatcher) Dispatch(ctx context.Context, req *pb.PayloadEmit
 	res := <-c
 	return res.Result, res.Error
 }
+
+func (r healthRpcService) Check(ctx context.Context, req *grpc_health_v1.HealthCheckRequest) (*grpc_health_v1.HealthCheckResponse, error) {
+	retval := &grpc_health_v1.HealthCheckResponse{}
+	retval.Status = grpc_health_v1.HealthCheckResponse_SERVING
+	return retval, nil
+}
+
+func (r healthRpcService) Watch(*grpc_health_v1.HealthCheckRequest, grpc_health_v1.Health_WatchServer) error {
+	return nil
+}