grpctls

package

v0.4.3 Latest Latest Go to latest Published: May 10, 2023 License: MIT Imports: 7 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/abursavich/dynamictls

Links

Open Source Insights

Documentation ¶

Overview ¶

Package grpctls implements dynamic TLS credential support for gRPC.

Example ¶

// create shared metrics
observer, err := tlsprom.NewObserver(tlsprom.WithGRPC())
check(err)
prometheus.MustRegister(observer)

// create shared TLS config
cfg, err := dynamictls.NewConfig(
	dynamictls.WithObserver(observer),
	dynamictls.WithBase(&tls.Config{
		ClientAuth: tls.RequireAndVerifyClientCert,
		MinVersion: tls.VersionTLS13,
	}),
	dynamictls.WithCertificate(certFile, keyFile),
	dynamictls.WithRootCAs(caFile),
	dynamictls.WithClientCAs(caFile),
	dynamictls.WithHTTP2(),
)
check(err)
defer cfg.Close()

// create shared credentials
creds, err := grpctls.NewCredentials(cfg)
check(err)

// create frontend server with backend client
conn, err := grpc.Dial(
	backendAddr,
	grpc.WithTransportCredentials(creds),
	grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
)
check(err)
defer conn.Close()
srv := grpc.NewServer(grpc.Creds(creds))
pb.RegisterTestServiceServer(srv, &testServer{
	backend: pb.NewTestServiceClient(conn),
})

// listen and serve
lis, err := net.Listen("tcp", addr) // NB: use plain listener
check(err)
check(srv.Serve(lis))

Output:

Example (Client) ¶

// create metrics
observer, err := tlsprom.NewObserver(
	tlsprom.WithGRPC(),
	tlsprom.WithClient(),
)
check(err)
prometheus.MustRegister(observer)

// create TLS config
cfg, err := dynamictls.NewConfig(
	dynamictls.WithObserver(observer),
	dynamictls.WithBase(&tls.Config{
		MinVersion: tls.VersionTLS13,
	}),
	dynamictls.WithCertificate(certFile, keyFile),
	dynamictls.WithRootCAs(caFile),
	dynamictls.WithHTTP2(),
)
check(err)
defer cfg.Close()

// create client with credentials
creds, err := grpctls.NewCredentials(cfg)
check(err)
conn, err := grpc.Dial(
	addr,
	grpc.WithTransportCredentials(creds),
	grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
)
check(err)
defer conn.Close()
client := pb.NewTestServiceClient(conn)

// use client
_ = client

Output:

Example (Server) ¶

// create metrics
observer, err := tlsprom.NewObserver(
	tlsprom.WithGRPC(),
	tlsprom.WithServer(),
)
check(err)
prometheus.MustRegister(observer)

// create TLS config
cfg, err := dynamictls.NewConfig(
	dynamictls.WithObserver(observer),
	dynamictls.WithBase(&tls.Config{
		ClientAuth: tls.RequireAndVerifyClientCert,
		MinVersion: tls.VersionTLS13,
	}),
	dynamictls.WithCertificate(certFile, keyFile),
	dynamictls.WithRootCAs(caFile), // NB: metrics use RootCAs to verify local cert expiration
	dynamictls.WithClientCAs(caFile),
	dynamictls.WithHTTP2(),
)
check(err)
defer cfg.Close()

// create server with credentials
creds, err := grpctls.NewCredentials(cfg)
check(err)
srv := grpc.NewServer(grpc.Creds(creds))
pb.RegisterTestServiceServer(srv, &testServer{})

// listen and serve
lis, err := net.Listen("tcp", addr) // NB: use plain listener
check(err)
check(srv.Serve(lis))

Output:

Index ¶

func NewCredentials(config *dynamictls.Config) (credentials.TransportCredentials, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCredentials ¶

func NewCredentials(config *dynamictls.Config) (credentials.TransportCredentials, error)

NewCredentials returns gRPC transport credentials based on the given dynamic TLS config.

Types ¶

This section is empty.

Source Files ¶

View all Source files

grpctls.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL