func main() { var ( caCert = flag.String("ca-cert", withConfigDir("ca.pem"), "Trusted CA certificate.") debugListenAddr = flag.String("debug-listen-addr", "127.0.0.1:7901", "HTTP listen address.") listenAddr = flag.String("listen-addr", "0.0.0.0:7900", "HTTP listen address.") tlsCert = flag.String("tls-cert", withConfigDir("cert.pem"), "TLS server certificate.") tlsKey = flag.String("tls-key", withConfigDir("key.pem"), "TLS server key.") jwtPublicKey = flag.String("jwt-public-key", withConfigDir("jwt.pem"), "The RSA public key to use for validating JWTs") ) flag.Parse() log.Println("Hello service starting...") cert, err := tls.LoadX509KeyPair(*tlsCert, *tlsKey) if err != nil { log.Fatal(err) } rawCaCert, err := ioutil.ReadFile(*caCert) if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(rawCaCert) creds := credentials.NewTLS(&tls.Config{ Certificates: []tls.Certificate{cert}, ClientCAs: caCertPool, ClientAuth: tls.RequireAndVerifyClientCert, }) gs := grpc.NewServer(grpc.Creds(creds)) hs, err := NewHelloServer(*jwtPublicKey) if err != nil { log.Fatal(err) } pb.RegisterHelloServer(gs, hs) healthServer := health.NewHealthServer() healthServer.SetServingStatus("grpc.health.v1.helloservice", 1) healthpb.RegisterHealthServer(gs, healthServer) ln, err := net.Listen("tcp", *listenAddr) if err != nil { log.Fatal(err) } go gs.Serve(ln) trace.AuthRequest = func(req *http.Request) (any, sensitive bool) { return true, true } log.Println("Hello service started successfully.") log.Fatal(http.ListenAndServe(*debugListenAddr, nil)) }
func main() { var ( debugListenAddr = flag.String("debug-listen-addr", "127.0.0.1:7801", "HTTP listen address.") listenAddr = flag.String("listen-addr", "127.0.0.1:7800", "HTTP listen address.") tlsCert = flag.String("tls-cert", withConfigDir("cert.pem"), "TLS server certificate.") tlsKey = flag.String("tls-key", withConfigDir("key.pem"), "TLS server key.") jwtPrivateKey = flag.String("jwt-private-key", withConfigDir("jwt-key.pem"), "The RSA private key to use for signing JWTs") ) flag.Parse() var err error log.Println("Auth service starting...") for { _, err := os.Open("/var/lib/auth.db") if !os.IsNotExist(err) { break } log.Println("missing auth database, retrying in 5 secs.") time.Sleep(5 * time.Second) } boltdb, err = bolt.Open("/var/lib/auth.db", 0600, nil) if err != nil { log.Fatal(err) } ta, err := credentials.NewServerTLSFromFile(*tlsCert, *tlsKey) if err != nil { log.Fatal(err) } gs := grpc.NewServer(grpc.Creds(ta)) as, err := NewAuthServer(*jwtPrivateKey) if err != nil { log.Fatal(err) } pb.RegisterAuthServer(gs, as) hs := health.NewHealthServer() hs.SetServingStatus("grpc.health.v1.authservice", 1) healthpb.RegisterHealthServer(gs, hs) ln, err := net.Listen("tcp", *listenAddr) if err != nil { log.Fatal(err) } go gs.Serve(ln) trace.AuthRequest = func(req *http.Request) (any, sensitive bool) { return true, true } log.Println("Auth service started successfully.") log.Fatal(http.ListenAndServe(*debugListenAddr, nil)) }
func setUp(t *testing.T, hs *health.HealthServer, maxStream uint32, ua string, e env) (s *grpc.Server, cc *grpc.ClientConn) { sopts := []grpc.ServerOption{grpc.MaxConcurrentStreams(maxStream)} la := ":0" switch e.network { case "unix": la = "/tmp/testsock" + fmt.Sprintf("%d", time.Now()) syscall.Unlink(la) } lis, err := net.Listen(e.network, la) if err != nil { t.Fatalf("Failed to listen: %v", err) } if e.security == "tls" { creds, err := credentials.NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { t.Fatalf("Failed to generate credentials %v", err) } sopts = append(sopts, grpc.Creds(creds)) } s = grpc.NewServer(sopts...) if hs != nil { healthpb.RegisterHealthServer(s, hs) } testpb.RegisterTestServiceServer(s, &testServer{security: e.security}) go s.Serve(lis) addr := la switch e.network { case "unix": default: _, port, err := net.SplitHostPort(lis.Addr().String()) if err != nil { t.Fatalf("Failed to parse listener address: %v", err) } addr = "localhost:" + port } if e.security == "tls" { creds, err := credentials.NewClientTLSFromFile(tlsDir+"ca.pem", "x.test.youtube.com") if err != nil { t.Fatalf("Failed to create credentials %v", err) } cc, err = grpc.Dial(addr, grpc.WithTransportCredentials(creds), grpc.WithDialer(e.dialer), grpc.WithUserAgent(ua)) } else { cc, err = grpc.Dial(addr, grpc.WithDialer(e.dialer), grpc.WithInsecure(), grpc.WithUserAgent(ua)) } if err != nil { t.Fatalf("Dial(%q) = %v", addr, err) } return }
func serverSetUp(t *testing.T, servON bool, hs *health.HealthServer, maxStream uint32, cp grpc.Compressor, dc grpc.Decompressor, e env) (s *grpc.Server, addr string) { t.Logf("Running test in %s environment...", e.name) sopts := []grpc.ServerOption{grpc.MaxConcurrentStreams(maxStream), grpc.RPCCompressor(cp), grpc.RPCDecompressor(dc)} la := ":0" switch e.network { case "unix": la = "/tmp/testsock" + fmt.Sprintf("%d", time.Now()) syscall.Unlink(la) } lis, err := net.Listen(e.network, la) if err != nil { t.Fatalf("Failed to listen: %v", err) } if e.security == "tls" { creds, err := credentials.NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { t.Fatalf("Failed to generate credentials %v", err) } sopts = append(sopts, grpc.Creds(creds)) } s = grpc.NewServer(sopts...) if hs != nil { healthpb.RegisterHealthServer(s, hs) } if servON { testpb.RegisterTestServiceServer(s, &testServer{security: e.security}) } go s.Serve(lis) addr = la switch e.network { case "unix": default: _, port, err := net.SplitHostPort(lis.Addr().String()) if err != nil { t.Fatalf("Failed to parse listener address: %v", err) } addr = "localhost:" + port } return }