grpctls

package
v0.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2023 License: MIT Imports: 7 Imported by: 2

Documentation

Overview

Package grpctls implements dynamic TLS credential support for gRPC.

Example 
// create shared metrics
observer, err := tlsprom.NewObserver(tlsprom.WithGRPC())
check(err)
prometheus.MustRegister(observer)

// create shared TLS config
cfg, err := dynamictls.NewConfig(
	dynamictls.WithObserver(observer),
	dynamictls.WithBase(&tls.Config{
		ClientAuth: tls.RequireAndVerifyClientCert,
		MinVersion: tls.VersionTLS13,
	}),
	dynamictls.WithCertificate(certFile, keyFile),
	dynamictls.WithRootCAs(caFile),
	dynamictls.WithClientCAs(caFile),
	dynamictls.WithHTTP2(),
)
check(err)
defer cfg.Close()

// create shared credentials
creds, err := grpctls.NewCredentials(cfg)
check(err)

// create frontend server with backend client
conn, err := grpc.Dial(
	backendAddr,
	grpc.WithTransportCredentials(creds),
	grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
)
check(err)
defer conn.Close()
srv := grpc.NewServer(grpc.Creds(creds))
pb.RegisterTestServiceServer(srv, &testServer{
	backend: pb.NewTestServiceClient(conn),
})

// listen and serve
lis, err := net.Listen("tcp", addr) // NB: use plain listener
check(err)
check(srv.Serve(lis))
Example (Client) 
// create metrics
observer, err := tlsprom.NewObserver(
	tlsprom.WithGRPC(),
	tlsprom.WithClient(),
)
check(err)
prometheus.MustRegister(observer)

// create TLS config
cfg, err := dynamictls.NewConfig(
	dynamictls.WithObserver(observer),
	dynamictls.WithBase(&tls.Config{
		MinVersion: tls.VersionTLS13,
	}),
	dynamictls.WithCertificate(certFile, keyFile),
	dynamictls.WithRootCAs(caFile),
	dynamictls.WithHTTP2(),
)
check(err)
defer cfg.Close()

// create client with credentials
creds, err := grpctls.NewCredentials(cfg)
check(err)
conn, err := grpc.Dial(
	addr,
	grpc.WithTransportCredentials(creds),
	grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
)
check(err)
defer conn.Close()
client := pb.NewTestServiceClient(conn)

// use client
_ = client
Example (Server) 
// create metrics
observer, err := tlsprom.NewObserver(
	tlsprom.WithGRPC(),
	tlsprom.WithServer(),
)
check(err)
prometheus.MustRegister(observer)

// create TLS config
cfg, err := dynamictls.NewConfig(
	dynamictls.WithObserver(observer),
	dynamictls.WithBase(&tls.Config{
		ClientAuth: tls.RequireAndVerifyClientCert,
		MinVersion: tls.VersionTLS13,
	}),
	dynamictls.WithCertificate(certFile, keyFile),
	dynamictls.WithRootCAs(caFile), // NB: metrics use RootCAs to verify local cert expiration
	dynamictls.WithClientCAs(caFile),
	dynamictls.WithHTTP2(),
)
check(err)
defer cfg.Close()

// create server with credentials
creds, err := grpctls.NewCredentials(cfg)
check(err)
srv := grpc.NewServer(grpc.Creds(creds))
pb.RegisterTestServiceServer(srv, &testServer{})

// listen and serve
lis, err := net.Listen("tcp", addr) // NB: use plain listener
check(err)
check(srv.Serve(lis))

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCredentials 

func NewCredentials(config *dynamictls.Config) (credentials.TransportCredentials, error)

NewCredentials returns gRPC transport credentials based on the given dynamic TLS config.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.