feat: support ssl on zrpc, simplify the config (#1175)
This commit is contained in:
Kevin Wan
GitHub
@@ -18,10 +18,8 @@ var (
|
|||||||
WithRetry = internal.WithRetry
|
WithRetry = internal.WithRetry
|
||||||
// WithUnaryClientInterceptor is an alias of internal.WithUnaryClientInterceptor.
|
// WithUnaryClientInterceptor is an alias of internal.WithUnaryClientInterceptor.
|
||||||
WithUnaryClientInterceptor = internal.WithUnaryClientInterceptor
|
WithUnaryClientInterceptor = internal.WithUnaryClientInterceptor
|
||||||
// WithInsecure is an alias of internal.WithInsecure.
|
// WithTlsClientFromUnilateral is an alias of internal.WithTlsClientFromUnilateral
|
||||||
WithInsecure = internal.WithInsecure
|
WithTlsClientFromUnilateral = internal.WithTlsClientFromUnilateral
|
||||||
// WithTlsClientFromUnilateralism is an alias of internal.WithTlsClientFromUnilateralism
|
|
||||||
WithTlsClientFromUnilateralism = internal.WithTlsClientFromUnilateralism
|
|
||||||
// WithTlsClientFromMutual is an alias of internal.WithTlsClientFromMutual
|
// WithTlsClientFromMutual is an alias of internal.WithTlsClientFromMutual
|
||||||
WithTlsClientFromMutual = internal.WithTlsClientFromMutual
|
WithTlsClientFromMutual = internal.WithTlsClientFromMutual
|
||||||
)
|
)
|
||||||
@@ -64,9 +62,6 @@ func NewClient(c RpcClientConf, options ...ClientOption) (Client, error) {
|
|||||||
opts = append(opts, WithRetry())
|
opts = append(opts, WithRetry())
|
||||||
}
|
}
|
||||||
opts = append(opts, options...)
|
opts = append(opts, options...)
|
||||||
if !c.HasSslVerify() {
|
|
||||||
opts = append(opts, WithInsecure())
|
|
||||||
}
|
|
||||||
|
|
||||||
var target string
|
var target string
|
||||||
var err error
|
var err error
|
||||||
|
|||||||
@@ -30,7 +30,6 @@ type (
|
|||||||
Token string `json:",optional"`
|
Token string `json:",optional"`
|
||||||
Retry bool `json:",optional"` // grpc auto retry
|
Retry bool `json:",optional"` // grpc auto retry
|
||||||
Timeout int64 `json:",default=2000"`
|
Timeout int64 `json:",default=2000"`
|
||||||
InsecureVerify bool `json:",default=false"`
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -73,8 +72,3 @@ func (sc RpcServerConf) Validate() error {
|
|||||||
func (cc RpcClientConf) HasCredential() bool {
|
func (cc RpcClientConf) HasCredential() bool {
|
||||||
return len(cc.App) > 0 && len(cc.Token) > 0
|
return len(cc.App) > 0 && len(cc.Token) > 0
|
||||||
}
|
}
|
||||||
|
|
||||||
//HasTls checks if there is a SSL in config.
|
|
||||||
func (cc RpcClientConf) HasSslVerify() bool {
|
|
||||||
return cc.InsecureVerify
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -14,11 +14,6 @@ func TestRpcClientConf(t *testing.T) {
|
|||||||
assert.True(t, conf.HasCredential())
|
assert.True(t, conf.HasCredential())
|
||||||
conf = NewEtcdClientConf([]string{"localhost:1234", "localhost:5678"}, "key", "foo", "bar")
|
conf = NewEtcdClientConf([]string{"localhost:1234", "localhost:5678"}, "key", "foo", "bar")
|
||||||
assert.True(t, conf.HasCredential())
|
assert.True(t, conf.HasCredential())
|
||||||
// ssl on
|
|
||||||
conf = NewDirectClientConf([]string{"localhost:1234", "localhost:5678"}, "foo", "bar")
|
|
||||||
assert.False(t, conf.HasSslVerify())
|
|
||||||
conf.InsecureVerify = true
|
|
||||||
assert.True(t, conf.HasSslVerify())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRpcServerConf(t *testing.T) {
|
func TestRpcServerConf(t *testing.T) {
|
||||||
|
|||||||
@@ -36,6 +36,7 @@ type (
|
|||||||
// A ClientOptions is a client options.
|
// A ClientOptions is a client options.
|
||||||
ClientOptions struct {
|
ClientOptions struct {
|
||||||
Timeout time.Duration
|
Timeout time.Duration
|
||||||
|
Secure bool
|
||||||
Retry bool
|
Retry bool
|
||||||
DialOptions []grpc.DialOption
|
DialOptions []grpc.DialOption
|
||||||
}
|
}
|
||||||
@@ -69,7 +70,12 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption {
|
|||||||
opt(&cliOpts)
|
opt(&cliOpts)
|
||||||
}
|
}
|
||||||
|
|
||||||
options := []grpc.DialOption{
|
var options []grpc.DialOption
|
||||||
|
if !cliOpts.Secure {
|
||||||
|
options = append([]grpc.DialOption(nil), grpc.WithInsecure())
|
||||||
|
}
|
||||||
|
|
||||||
|
options = append(options,
|
||||||
grpc.WithBlock(),
|
grpc.WithBlock(),
|
||||||
WithUnaryClientInterceptors(
|
WithUnaryClientInterceptors(
|
||||||
clientinterceptors.UnaryTracingInterceptor,
|
clientinterceptors.UnaryTracingInterceptor,
|
||||||
@@ -82,7 +88,7 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption {
|
|||||||
WithStreamClientInterceptors(
|
WithStreamClientInterceptors(
|
||||||
clientinterceptors.StreamTracingInterceptor,
|
clientinterceptors.StreamTracingInterceptor,
|
||||||
),
|
),
|
||||||
}
|
)
|
||||||
|
|
||||||
return append(options, cliOpts.DialOptions...)
|
return append(options, cliOpts.DialOptions...)
|
||||||
}
|
}
|
||||||
@@ -116,13 +122,6 @@ func WithDialOption(opt grpc.DialOption) ClientOption {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// WithInsecure returns a func to customize a ClientOptions with secure option.
|
|
||||||
func WithInsecure() ClientOption {
|
|
||||||
return func(options *ClientOptions) {
|
|
||||||
options.DialOptions = append(options.DialOptions, grpc.WithInsecure())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// WithTimeout returns a func to customize a ClientOptions with given timeout.
|
// WithTimeout returns a func to customize a ClientOptions with given timeout.
|
||||||
func WithTimeout(timeout time.Duration) ClientOption {
|
func WithTimeout(timeout time.Duration) ClientOption {
|
||||||
return func(options *ClientOptions) {
|
return func(options *ClientOptions) {
|
||||||
@@ -144,13 +143,15 @@ func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientO
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// WithTlsClientFromUnilateralism return a func to customize a ClientOptions Verify with Unilateralism authentication.
|
// WithTlsClientFromUnilateral return a func to customize a ClientOptions Verify with Unilateralism authentication.
|
||||||
func WithTlsClientFromUnilateralism(crt, domainName string) ClientOption {
|
func WithTlsClientFromUnilateral(crt, domainName string) ClientOption {
|
||||||
return func(options *ClientOptions) {
|
return func(options *ClientOptions) {
|
||||||
c, err := credentials.NewClientTLSFromFile(crt, domainName)
|
c, err := credentials.NewClientTLSFromFile(crt, domainName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("credentials.NewClientTLSFromFile err: %v", err)
|
log.Fatalf("credentials.NewClientTLSFromFile err: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
options.Secure = true
|
||||||
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c))
|
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -162,6 +163,7 @@ func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("tls.LoadX509KeyPair err: %v", err)
|
log.Fatalf("tls.LoadX509KeyPair err: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
certPool := x509.NewCertPool()
|
certPool := x509.NewCertPool()
|
||||||
ca, err := ioutil.ReadFile(caFile)
|
ca, err := ioutil.ReadFile(caFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -177,6 +179,8 @@ func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
|
|||||||
RootCAs: certPool,
|
RootCAs: certPool,
|
||||||
}
|
}
|
||||||
|
|
||||||
options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(credentials.NewTLS(config)))
|
options.Secure = true
|
||||||
|
options.DialOptions = append(options.DialOptions,
|
||||||
|
grpc.WithTransportCredentials(credentials.NewTLS(config)))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user