Example #1
0
func testHealthCheckServingStatus(t *testing.T, e env) {
	hs := health.NewHealthServer()
	s, cc := setUp(hs, math.MaxUint32, "", e)
	defer tearDown(s, cc)
	if _, err := healthCheck(1*time.Second, cc, "grpc.health.v1alpha.HealthCheck"); err != grpc.Errorf(codes.NotFound, "unknown service") {
		t.Fatalf("HealthCheck/Check(_, _) = _, %v, want _, error code %d", err, codes.NotFound)
	}
	hs.SetServingStatus("", "grpc.health.v1alpha.HealthCheck", healthpb.HealthCheckResponse_SERVING)
	out, err := healthCheck(1*time.Second, cc, "grpc.health.v1alpha.HealthCheck")
	if err != nil {
		t.Fatalf("HealthCheck/Check(_, _) = _, %v, want _, <nil>", err)
	}
	if out.Status != healthpb.HealthCheckResponse_SERVING {
		t.Fatalf("Got the serving status %v, want SERVING", out.Status)
	}
	hs.SetServingStatus("", "grpc.health.v1alpha.HealthCheck", healthpb.HealthCheckResponse_NOT_SERVING)
	out, err = healthCheck(1*time.Second, cc, "grpc.health.v1alpha.HealthCheck")
	if err != nil {
		t.Fatalf("HealthCheck/Check(_, _) = _, %v, want _, <nil>", err)
	}
	if out.Status != healthpb.HealthCheckResponse_NOT_SERVING {
		t.Fatalf("Got the serving status %v, want NOT_SERVING", out.Status)
	}

}
Example #2
0
func testHealthCheckOnFailure(t *testing.T, e env) {
	hs := health.NewHealthServer()
	hs.SetServingStatus("", "grpc.health.v1alpha.HealthCheck", 1)
	s, cc := setUp(hs, math.MaxUint32, "", e)
	defer tearDown(s, cc)
	if _, err := healthCheck(0*time.Second, cc, "grpc.health.v1alpha.HealthCheck"); err != grpc.Errorf(codes.DeadlineExceeded, "context deadline exceeded") {
		t.Fatalf("HealthCheck/Check(_, _) = _, %v, want _, error code %d", err, codes.DeadlineExceeded)
	}
}
Example #3
0
func testHealthCheckOnSuccess(t *testing.T, e env) {
	hs := health.NewHealthServer()
	hs.SetServingStatus("", "grpc.health.v1alpha.HealthCheck", 1)
	s, cc := setUp(hs, math.MaxUint32, "", e)
	defer tearDown(s, cc)
	if _, err := healthCheck(1*time.Second, cc, "grpc.health.v1alpha.HealthCheck"); err != nil {
		t.Fatalf("HealthCheck/Check(_, _) = _, %v, want _, <nil>", err)
	}
}
Example #4
0
func main() {
	var (
		caCert          = flag.String("ca-cert", withConfigDir("ca.pem"), "Trusted CA certificate.")
		debugListenAddr = flag.String("debug-listen-addr", "127.0.0.1:7901", "HTTP listen address.")
		listenAddr      = flag.String("listen-addr", "0.0.0.0:7900", "HTTP listen address.")
		tlsCert         = flag.String("tls-cert", withConfigDir("cert.pem"), "TLS server certificate.")
		tlsKey          = flag.String("tls-key", withConfigDir("key.pem"), "TLS server key.")
		jwtPublicKey    = flag.String("jwt-public-key", withConfigDir("jwt.pem"), "The RSA public key to use for validating JWTs")
	)
	flag.Parse()

	log.Println("Hello service starting...")

	cert, err := tls.LoadX509KeyPair(*tlsCert, *tlsKey)
	if err != nil {
		log.Fatal(err)
	}

	rawCaCert, err := ioutil.ReadFile(*caCert)
	if err != nil {
		log.Fatal(err)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(rawCaCert)

	creds := credentials.NewTLS(&tls.Config{
		Certificates: []tls.Certificate{cert},
		ClientCAs:    caCertPool,
		ClientAuth:   tls.RequireAndVerifyClientCert,
	})

	gs := grpc.NewServer(grpc.Creds(creds))

	hs, err := NewHelloServer(*jwtPublicKey)
	if err != nil {
		log.Fatal(err)
	}

	pb.RegisterHelloServer(gs, hs)

	healthServer := health.NewHealthServer()
	healthServer.SetServingStatus("grpc.health.v1.helloservice", 1)
	healthpb.RegisterHealthServer(gs, healthServer)

	ln, err := net.Listen("tcp", *listenAddr)
	if err != nil {
		log.Fatal(err)
	}
	go gs.Serve(ln)

	trace.AuthRequest = func(req *http.Request) (any, sensitive bool) { return true, true }

	log.Println("Hello service started successfully.")
	log.Fatal(http.ListenAndServe(*debugListenAddr, nil))
}
Example #5
0
func main() {
	var (
		debugListenAddr = flag.String("debug-listen-addr", "127.0.0.1:7801", "HTTP listen address.")
		listenAddr      = flag.String("listen-addr", "127.0.0.1:7800", "HTTP listen address.")
		tlsCert         = flag.String("tls-cert", withConfigDir("cert.pem"), "TLS server certificate.")
		tlsKey          = flag.String("tls-key", withConfigDir("key.pem"), "TLS server key.")
		jwtPrivateKey   = flag.String("jwt-private-key", withConfigDir("jwt-key.pem"), "The RSA private key to use for signing JWTs")
	)
	flag.Parse()

	var err error
	log.Println("Auth service starting...")
	for {
		_, err := os.Open("/var/lib/auth.db")
		if !os.IsNotExist(err) {
			break
		}
		log.Println("missing auth database, retrying in 5 secs.")
		time.Sleep(5 * time.Second)
	}

	boltdb, err = bolt.Open("/var/lib/auth.db", 0600, nil)
	if err != nil {
		log.Fatal(err)
	}

	ta, err := credentials.NewServerTLSFromFile(*tlsCert, *tlsKey)
	if err != nil {
		log.Fatal(err)
	}

	gs := grpc.NewServer(grpc.Creds(ta))

	as, err := NewAuthServer(*jwtPrivateKey)
	if err != nil {
		log.Fatal(err)
	}
	pb.RegisterAuthServer(gs, as)

	hs := health.NewHealthServer()
	hs.SetServingStatus("grpc.health.v1.authservice", 1)
	healthpb.RegisterHealthServer(gs, hs)

	ln, err := net.Listen("tcp", *listenAddr)
	if err != nil {
		log.Fatal(err)
	}
	go gs.Serve(ln)

	trace.AuthRequest = func(req *http.Request) (any, sensitive bool) { return true, true }
	log.Println("Auth service started successfully.")
	log.Fatal(http.ListenAndServe(*debugListenAddr, nil))
}
func main() {
	var (
		dbUser          = flag.String("db-user", "auth", "Auth database username.")
		dbPasswd        = flag.String("db-pass", "", "Auth database password.")
		dbHost          = flag.String("db-host", "", "Auth database host.")
		dbPort          = flag.String("db-port", "3306", "Auth database port.")
		dbServerName    = flag.String("db-server-name", "", "Auth database server name.")
		dbServerCACert  = flag.String("db-server-ca-cert", "/etc/auth/db-server-ca.pem", "Database server ca certificate")
		dbClientCert    = flag.String("db-client-cert", "/etc/auth/db-client-cert.pem", "Database client certificate.")
		dbClientKey     = flag.String("db-client-key", "/etc/auth/db-client-key.pem", "Database client key.")
		debugListenAddr = flag.String("debug-listen-addr", "127.0.0.1:7801", "HTTP listen address.")
		listenAddr      = flag.String("listen-addr", "127.0.0.1:7800", "HTTP listen address.")
		tlsCert         = flag.String("tls-cert", "/etc/auth/cert.pem", "TLS server certificate.")
		tlsKey          = flag.String("tls-key", "/etc/auth/key.pem", "TLS server key.")
		jwtPrivateKey   = flag.String("jwt-private-key", "/etc/auth/jwt-key.pem", "The RSA private key to use for signing JWTs")
	)
	flag.Parse()

	var err error
	log.Println("Auth service starting...")

	certPool := x509.NewCertPool()
	pem, err := ioutil.ReadFile(*dbServerCACert)
	if err != nil {
		log.Fatal(err)
	}
	if ok := certPool.AppendCertsFromPEM(pem); !ok {
		log.Fatal("Failed to append PEM.")
	}
	clientCert := make([]tls.Certificate, 0, 1)
	certs, err := tls.LoadX509KeyPair(*dbClientCert, *dbClientKey)
	if err != nil {
		log.Fatal(err)
	}
	clientCert = append(clientCert, certs)
	mysql.RegisterTLSConfig("custom", &tls.Config{
		ServerName:   *dbServerName,
		RootCAs:      certPool,
		Certificates: clientCert,
	})

	dbAddr := net.JoinHostPort(*dbHost, *dbPort)
	dbConfig := mysql.Config{
		User:      *dbUser,
		Passwd:    *dbPasswd,
		Net:       "tcp",
		Addr:      dbAddr,
		DBName:    "auth",
		TLSConfig: "custom",
	}

	for {
		db, err = sql.Open("mysql", dbConfig.FormatDSN())
		if err != nil {
			goto dberror
		}
		err = db.Ping()
		if err != nil {
			goto dberror
		}
		break

	dberror:
		log.Println(err)
		log.Println("error connecting to the auth database, retrying in 5 secs.")
		time.Sleep(5 * time.Second)
	}

	ta, err := credentials.NewServerTLSFromFile(*tlsCert, *tlsKey)
	if err != nil {
		log.Fatal(err)
	}

	gs := grpc.NewServer(grpc.Creds(ta))

	as, err := NewAuthServer(*jwtPrivateKey)
	if err != nil {
		log.Fatal(err)
	}
	pb.RegisterAuthServer(gs, as)

	hs := health.NewHealthServer()
	hs.SetServingStatus("grpc.health.v1.authservice", 1)
	healthpb.RegisterHealthServer(gs, hs)

	ln, err := net.Listen("tcp", *listenAddr)
	if err != nil {
		log.Fatal(err)
	}
	go gs.Serve(ln)

	trace.AuthRequest = func(req *http.Request) (any, sensitive bool) { return true, true }
	log.Println("Auth service started successfully.")
	log.Fatal(http.ListenAndServe(*debugListenAddr, nil))
}