plugins/client/grpc/client_config.go - skywalking-satellite - Git at Google

 // Licensed to Apache Software Foundation (ASF) under one or more contributor
 // license agreements. See the NOTICE file distributed with
 // this work for additional information regarding copyright
 // ownership. Apache Software Foundation (ASF) licenses this file to you under
 // the Apache License, Version 2.0 (the "License"); you may
 // not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 package grpc

 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
 	"os"

 	"github.com/apache/skywalking-satellite/plugins/client/grpc/lb"

 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
 	_ "google.golang.org/grpc/encoding/gzip" // for install the "gzip" decompressor
 	"google.golang.org/grpc/metadata"
 )

 // loadConfig use the client params to build the grpc client config.
 func (c *Client) loadConfig() (*[]grpc.DialOption, error) {
 	options := make([]grpc.DialOption, 0)

 	if c.EnableTLS {
 		configTLS, err := c.configTLS()
 		if err != nil {
 			return nil, err
 		}
 		options = append(options, grpc.WithTransportCredentials(credentials.NewTLS(configTLS)))
 	} else {
 		options = append(options, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	}

 	var authHeader metadata.MD
 	if c.Authentication != "" {
 		authHeader = metadata.New(map[string]string{"Authentication": c.Authentication})
 	}

 	// append auth or report error
 	options = append(options, grpc.WithStreamInterceptor(func(ctx context.Context, desc *grpc.StreamDesc,
 		cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
 		if authHeader != nil {
 			ctx = metadata.NewOutgoingContext(ctx, authHeader)
 		}
 		clientStream, err := streamer(ctx, desc, cc, method, opts...)
 		if err != nil {
 			c.reportError(err)
 		}
 		return clientStream, err
 	}))
 	grpc.WithUnaryInterceptor(func(ctx context.Context, method string, req, reply interface{},
 		cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
 		if authHeader != nil {
 			ctx = metadata.NewOutgoingContext(ctx, authHeader)
 		}
 		err := invoker(ctx, method, req, reply, cc, opts...)
 		if err != nil {
 			c.reportError(err)
 		}
 		return err
 	})

 	// using self build load balancer
 	options = append(options, grpc.WithDefaultServiceConfig(fmt.Sprintf("{\"loadBalancingPolicy\":\"%s\"}", lb.Name)))

 	return &options, nil
 }

 // configTLS loads and parse the TLS configs.
 func (c *Client) configTLS() (tc *tls.Config, tlsErr error) {
 	if err := checkTLSFile(c.CaPemPath); err != nil {
 		return nil, err
 	}
 	tlsConfig := new(tls.Config)
 	tlsConfig.Renegotiation = tls.RenegotiateNever
 	tlsConfig.InsecureSkipVerify = c.InsecureSkipVerify
 	caPem, err := ioutil.ReadFile(c.CaPemPath)
 	if err != nil {
 		return nil, err
 	}
 	certPool := x509.NewCertPool()
 	if !certPool.AppendCertsFromPEM(caPem) {
 		return nil, fmt.Errorf("failed to append certificates")
 	}
 	tlsConfig.RootCAs = certPool

 	if c.ClientKeyPath != "" && c.ClientPemPath != "" {
 		if err := checkTLSFile(c.ClientKeyPath); err != nil {
 			return nil, err
 		}
 		if err := checkTLSFile(c.ClientPemPath); err != nil {
 			return nil, err
 		}
 		clientPem, err := tls.LoadX509KeyPair(c.ClientPemPath, c.ClientKeyPath)
 		if err != nil {
 			return nil, err
 		}
 		tlsConfig.Certificates = []tls.Certificate{clientPem}
 	}
 	return tlsConfig, nil
 }

 // checkTLSFile checks the TLS files.
 func checkTLSFile(path string) error {
 	file, err := os.Open(path)
 	if err != nil {
 		return err
 	}
 	stat, err := file.Stat()
 	if err != nil {
 		return err
 	}
 	if stat.Size() == 0 {
 		return fmt.Errorf("the TLS file is illegal: %s", path)
 	}
 	return nil
 }
	// Licensed to Apache Software Foundation (ASF) under one or more contributor
	// license agreements. See the NOTICE file distributed with
	// this work for additional information regarding copyright
	// ownership. Apache Software Foundation (ASF) licenses this file to you under
	// the Apache License, Version 2.0 (the "License"); you may
	// not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	package grpc

	import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"os"

	"github.com/apache/skywalking-satellite/plugins/client/grpc/lb"

	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
	"google.golang.org/grpc/credentials/insecure"
	_ "google.golang.org/grpc/encoding/gzip" // for install the "gzip" decompressor
	"google.golang.org/grpc/metadata"
	)

	// loadConfig use the client params to build the grpc client config.
	func (c Client) loadConfig() ([]grpc.DialOption, error) {
	options := make([]grpc.DialOption, 0)

	if c.EnableTLS {
	configTLS, err := c.configTLS()
	if err != nil {
	return nil, err
	}
	options = append(options, grpc.WithTransportCredentials(credentials.NewTLS(configTLS)))
	} else {
	options = append(options, grpc.WithTransportCredentials(insecure.NewCredentials()))
	}

	var authHeader metadata.MD
	if c.Authentication != "" {
	authHeader = metadata.New(map[string]string{"Authentication": c.Authentication})
	}

	// append auth or report error
	options = append(options, grpc.WithStreamInterceptor(func(ctx context.Context, desc *grpc.StreamDesc,
	cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
	if authHeader != nil {
	ctx = metadata.NewOutgoingContext(ctx, authHeader)
	}
	clientStream, err := streamer(ctx, desc, cc, method, opts...)
	if err != nil {
	c.reportError(err)
	}
	return clientStream, err
	}))
	grpc.WithUnaryInterceptor(func(ctx context.Context, method string, req, reply interface{},
	cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
	if authHeader != nil {
	ctx = metadata.NewOutgoingContext(ctx, authHeader)
	}
	err := invoker(ctx, method, req, reply, cc, opts...)
	if err != nil {
	c.reportError(err)
	}
	return err
	})

	// using self build load balancer
	options = append(options, grpc.WithDefaultServiceConfig(fmt.Sprintf("{\"loadBalancingPolicy\":\"%s\"}", lb.Name)))

	return &options, nil
	}

	// configTLS loads and parse the TLS configs.
	func (c Client) configTLS() (tc tls.Config, tlsErr error) {
	if err := checkTLSFile(c.CaPemPath); err != nil {
	return nil, err
	}
	tlsConfig := new(tls.Config)
	tlsConfig.Renegotiation = tls.RenegotiateNever
	tlsConfig.InsecureSkipVerify = c.InsecureSkipVerify
	caPem, err := ioutil.ReadFile(c.CaPemPath)
	if err != nil {
	return nil, err
	}
	certPool := x509.NewCertPool()
	if !certPool.AppendCertsFromPEM(caPem) {
	return nil, fmt.Errorf("failed to append certificates")
	}
	tlsConfig.RootCAs = certPool

	if c.ClientKeyPath != "" && c.ClientPemPath != "" {
	if err := checkTLSFile(c.ClientKeyPath); err != nil {
	return nil, err
	}
	if err := checkTLSFile(c.ClientPemPath); err != nil {
	return nil, err
	}
	clientPem, err := tls.LoadX509KeyPair(c.ClientPemPath, c.ClientKeyPath)
	if err != nil {
	return nil, err
	}
	tlsConfig.Certificates = []tls.Certificate{clientPem}
	}
	return tlsConfig, nil
	}

	// checkTLSFile checks the TLS files.
	func checkTLSFile(path string) error {
	file, err := os.Open(path)
	if err != nil {
	return err
	}
	stat, err := file.Stat()
	if err != nil {
	return err
	}
	if stat.Size() == 0 {
	return fmt.Errorf("the TLS file is illegal: %s", path)
	}
	return nil
	}