From c1a8ccda11e5f4f76fab3b046a3d61bd941f007c Mon Sep 17 00:00:00 2001 From: Kevin Wan Date: Sat, 30 Oct 2021 23:15:39 +0800 Subject: [PATCH] feat: support ssl on zrpc, simplify the config (#1175) --- zrpc/client.go | 9 ++------- zrpc/config.go | 6 ------ zrpc/config_test.go | 5 ----- zrpc/internal/client.go | 28 ++++++++++++++++------------ 4 files changed, 18 insertions(+), 30 deletions(-) diff --git a/zrpc/client.go b/zrpc/client.go index e8a679b4..a9beeb66 100644 --- a/zrpc/client.go +++ b/zrpc/client.go @@ -18,10 +18,8 @@ var ( WithRetry = internal.WithRetry // WithUnaryClientInterceptor is an alias of internal.WithUnaryClientInterceptor. WithUnaryClientInterceptor = internal.WithUnaryClientInterceptor - // WithInsecure is an alias of internal.WithInsecure. - WithInsecure = internal.WithInsecure - // WithTlsClientFromUnilateralism is an alias of internal.WithTlsClientFromUnilateralism - WithTlsClientFromUnilateralism = internal.WithTlsClientFromUnilateralism + // WithTlsClientFromUnilateral is an alias of internal.WithTlsClientFromUnilateral + WithTlsClientFromUnilateral = internal.WithTlsClientFromUnilateral // WithTlsClientFromMutual is an alias of internal.WithTlsClientFromMutual WithTlsClientFromMutual = internal.WithTlsClientFromMutual ) @@ -64,9 +62,6 @@ func NewClient(c RpcClientConf, options ...ClientOption) (Client, error) { opts = append(opts, WithRetry()) } opts = append(opts, options...) - if !c.HasSslVerify() { - opts = append(opts, WithInsecure()) - } var target string var err error diff --git a/zrpc/config.go b/zrpc/config.go index 0b05df84..07b72724 100644 --- a/zrpc/config.go +++ b/zrpc/config.go @@ -30,7 +30,6 @@ type ( Token string `json:",optional"` Retry bool `json:",optional"` // grpc auto retry Timeout int64 `json:",default=2000"` - InsecureVerify bool `json:",default=false"` } ) @@ -73,8 +72,3 @@ func (sc RpcServerConf) Validate() error { func (cc RpcClientConf) HasCredential() bool { return len(cc.App) > 0 && len(cc.Token) > 0 } - -//HasTls checks if there is a SSL in config. -func (cc RpcClientConf) HasSslVerify() bool { - return cc.InsecureVerify -} diff --git a/zrpc/config_test.go b/zrpc/config_test.go index 45a366d7..67d2a4b3 100644 --- a/zrpc/config_test.go +++ b/zrpc/config_test.go @@ -14,11 +14,6 @@ func TestRpcClientConf(t *testing.T) { assert.True(t, conf.HasCredential()) conf = NewEtcdClientConf([]string{"localhost:1234", "localhost:5678"}, "key", "foo", "bar") assert.True(t, conf.HasCredential()) - // ssl on - conf = NewDirectClientConf([]string{"localhost:1234", "localhost:5678"}, "foo", "bar") - assert.False(t, conf.HasSslVerify()) - conf.InsecureVerify = true - assert.True(t, conf.HasSslVerify()) } func TestRpcServerConf(t *testing.T) { diff --git a/zrpc/internal/client.go b/zrpc/internal/client.go index cad7c53e..b23ced5e 100644 --- a/zrpc/internal/client.go +++ b/zrpc/internal/client.go @@ -36,6 +36,7 @@ type ( // A ClientOptions is a client options. ClientOptions struct { Timeout time.Duration + Secure bool Retry bool DialOptions []grpc.DialOption } @@ -69,7 +70,12 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption { opt(&cliOpts) } - options := []grpc.DialOption{ + var options []grpc.DialOption + if !cliOpts.Secure { + options = append([]grpc.DialOption(nil), grpc.WithInsecure()) + } + + options = append(options, grpc.WithBlock(), WithUnaryClientInterceptors( clientinterceptors.UnaryTracingInterceptor, @@ -82,7 +88,7 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption { WithStreamClientInterceptors( clientinterceptors.StreamTracingInterceptor, ), - } + ) return append(options, cliOpts.DialOptions...) } @@ -116,13 +122,6 @@ func WithDialOption(opt grpc.DialOption) ClientOption { } } -// WithInsecure returns a func to customize a ClientOptions with secure option. -func WithInsecure() ClientOption { - return func(options *ClientOptions) { - options.DialOptions = append(options.DialOptions, grpc.WithInsecure()) - } -} - // WithTimeout returns a func to customize a ClientOptions with given timeout. func WithTimeout(timeout time.Duration) ClientOption { return func(options *ClientOptions) { @@ -144,13 +143,15 @@ func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientO } } -// WithTlsClientFromUnilateralism return a func to customize a ClientOptions Verify with Unilateralism authentication. -func WithTlsClientFromUnilateralism(crt, domainName string) ClientOption { +// WithTlsClientFromUnilateral return a func to customize a ClientOptions Verify with Unilateralism authentication. +func WithTlsClientFromUnilateral(crt, domainName string) ClientOption { return func(options *ClientOptions) { c, err := credentials.NewClientTLSFromFile(crt, domainName) if err != nil { log.Fatalf("credentials.NewClientTLSFromFile err: %v", err) } + + options.Secure = true options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c)) } } @@ -162,6 +163,7 @@ func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption { if err != nil { log.Fatalf("tls.LoadX509KeyPair err: %v", err) } + certPool := x509.NewCertPool() ca, err := ioutil.ReadFile(caFile) if err != nil { @@ -177,6 +179,8 @@ func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption { RootCAs: certPool, } - options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(credentials.NewTLS(config))) + options.Secure = true + options.DialOptions = append(options.DialOptions, + grpc.WithTransportCredentials(credentials.NewTLS(config))) } }