098cbc9c67
all of the packages and tests work with both grpc and drpc. we'll probably need to do some jenkins pipelines to run the tests with drpc as well. most of the changes are really due to a bit of cleanup of the pkg/transport.Client api into an rpc.Dialer in the spirit of a net.Dialer. now that we don't need observers, we can pass around stateless configuration to everything rather than stateful things that issue observations. it also adds a DialAddressID for the case where we don't have a pb.Node, but we do have an address and want to assert some ID. this happened pretty frequently, and now there's no more weird contortions creating custom tls options, etc. a lot of the other changes are being consistent/using the abstractions in the rpc package to do rpc style things like finding peer information, or checking status codes. Change-Id: Ief62875e21d80a21b3c56a5a37f45887679f9412
96 lines
2.6 KiB
Go
96 lines
2.6 KiB
Go
// Copyright (C) 2019 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
// +build !drpc
|
|
|
|
package rpc
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"net"
|
|
"sync"
|
|
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/credentials"
|
|
)
|
|
|
|
// dial performs the dialing to the grpc endpoint with tls.
|
|
func (d Dialer) dial(ctx context.Context, address string, tlsConfig *tls.Config) (_ *Conn, err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
creds := &captureStateCreds{TransportCredentials: credentials.NewTLS(tlsConfig)}
|
|
conn, err := grpc.DialContext(ctx, address,
|
|
grpc.WithTransportCredentials(creds),
|
|
grpc.WithBlock(),
|
|
grpc.FailOnNonTempDialError(true),
|
|
grpc.WithContextDialer(d.dialContext))
|
|
if err != nil {
|
|
return nil, Error.Wrap(err)
|
|
}
|
|
|
|
state, ok := creds.Get()
|
|
if !ok {
|
|
_ = conn.Close()
|
|
return nil, Error.New("unable to get tls connection state when dialing")
|
|
}
|
|
|
|
return &Conn{
|
|
raw: conn,
|
|
state: state,
|
|
}, nil
|
|
}
|
|
|
|
// dialInsecure performs dialing to the grpc endpoint with no tls.
|
|
func (d Dialer) dialInsecure(ctx context.Context, address string) (_ *Conn, err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
conn, err := grpc.DialContext(ctx, address,
|
|
grpc.WithBlock(),
|
|
grpc.FailOnNonTempDialError(true),
|
|
grpc.WithContextDialer(d.dialContext))
|
|
if err != nil {
|
|
return nil, Error.Wrap(err)
|
|
}
|
|
|
|
return &Conn{raw: conn}, nil
|
|
}
|
|
|
|
// captureStateCreds captures the tls connection state from a client/server handshake.
|
|
type captureStateCreds struct {
|
|
credentials.TransportCredentials
|
|
once sync.Once
|
|
state tls.ConnectionState
|
|
ok bool
|
|
}
|
|
|
|
// Get returns the stored tls connection state.
|
|
func (c *captureStateCreds) Get() (state tls.ConnectionState, ok bool) {
|
|
c.once.Do(func() {})
|
|
return c.state, c.ok
|
|
}
|
|
|
|
// ClientHandshake dispatches to the underlying credentials and tries to store the
|
|
// connection state if possible.
|
|
func (c *captureStateCreds) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (
|
|
net.Conn, credentials.AuthInfo, error) {
|
|
|
|
conn, auth, err := c.TransportCredentials.ClientHandshake(ctx, authority, rawConn)
|
|
if tlsInfo, ok := auth.(credentials.TLSInfo); ok {
|
|
c.once.Do(func() { c.state, c.ok = tlsInfo.State, true })
|
|
}
|
|
return conn, auth, err
|
|
}
|
|
|
|
// ServerHandshake dispatches to the underlying credentials and tries to store the
|
|
// connection state if possible.
|
|
func (c *captureStateCreds) ServerHandshake(rawConn net.Conn) (
|
|
net.Conn, credentials.AuthInfo, error) {
|
|
|
|
conn, auth, err := c.TransportCredentials.ServerHandshake(rawConn)
|
|
if tlsInfo, ok := auth.(credentials.TLSInfo); ok {
|
|
c.once.Do(func() { c.state, c.ok = tlsInfo.State, true })
|
|
}
|
|
return conn, auth, err
|
|
}
|