mirror of https://github.com/grpc/grpc-go.git
142 lines
4.8 KiB
Go
142 lines
4.8 KiB
Go
/*
|
|
*
|
|
* Copyright 2023 gRPC authors.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
*/
|
|
|
|
// Binary client demonstrates how to include authorization credentials in the
|
|
// form of metadata in every RPC for server side validation.
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"time"
|
|
|
|
"golang.org/x/oauth2"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/credentials"
|
|
"google.golang.org/grpc/credentials/oauth"
|
|
"google.golang.org/grpc/examples/data"
|
|
"google.golang.org/grpc/examples/features/authz/token"
|
|
ecpb "google.golang.org/grpc/examples/features/proto/echo"
|
|
"google.golang.org/grpc/status"
|
|
)
|
|
|
|
var addr = flag.String("addr", "localhost:50051", "the address to connect to")
|
|
|
|
func callUnaryEcho(ctx context.Context, client ecpb.EchoClient, message string, opts ...grpc.CallOption) error {
|
|
resp, err := client.UnaryEcho(ctx, &ecpb.EchoRequest{Message: message}, opts...)
|
|
if err != nil {
|
|
return status.Errorf(status.Code(err), "UnaryEcho RPC failed: %v", err)
|
|
}
|
|
fmt.Println("UnaryEcho: ", resp.Message)
|
|
return nil
|
|
}
|
|
|
|
func callBidiStreamingEcho(ctx context.Context, client ecpb.EchoClient, opts ...grpc.CallOption) error {
|
|
c, err := client.BidirectionalStreamingEcho(ctx, opts...)
|
|
if err != nil {
|
|
return status.Errorf(status.Code(err), "BidirectionalStreamingEcho RPC failed: %v", err)
|
|
}
|
|
for i := 0; i < 5; i++ {
|
|
err := c.Send(&ecpb.EchoRequest{Message: fmt.Sprintf("Request %d", i+1)})
|
|
if err == io.EOF {
|
|
// Bidi streaming RPC errors happen and make Send return io.EOF,
|
|
// not the RPC error itself. Call Recv to determine the error.
|
|
break
|
|
}
|
|
if err != nil {
|
|
// Some local errors are reported this way, e.g. errors serializing
|
|
// the request message.
|
|
return status.Errorf(status.Code(err), "sending StreamingEcho message: %v", err)
|
|
}
|
|
}
|
|
c.CloseSend()
|
|
for {
|
|
resp, err := c.Recv()
|
|
if err == io.EOF {
|
|
break
|
|
}
|
|
if err != nil {
|
|
return status.Errorf(status.Code(err), "receiving StreamingEcho message: %v", err)
|
|
}
|
|
fmt.Println("BidiStreaming Echo: ", resp.Message)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func newCredentialsCallOption(t token.Token) grpc.CallOption {
|
|
tokenBase64, err := t.Encode()
|
|
if err != nil {
|
|
log.Fatalf("encoding token: %v", err)
|
|
}
|
|
oath2Token := oauth2.Token{AccessToken: tokenBase64}
|
|
return grpc.PerRPCCredentials(oauth.TokenSource{TokenSource: oauth2.StaticTokenSource(&oath2Token)})
|
|
}
|
|
|
|
func main() {
|
|
flag.Parse()
|
|
|
|
// Create tls based credential.
|
|
creds, err := credentials.NewClientTLSFromFile(data.Path("x509/ca_cert.pem"), "x.test.example.com")
|
|
if err != nil {
|
|
log.Fatalf("failed to load credentials: %v", err)
|
|
}
|
|
// Set up a connection to the server.
|
|
conn, err := grpc.NewClient(*addr, grpc.WithTransportCredentials(creds))
|
|
if err != nil {
|
|
log.Fatalf("grpc.NewClient(%q): %v", *addr, err)
|
|
}
|
|
defer conn.Close()
|
|
|
|
// Make an echo client and send RPCs.
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
defer cancel()
|
|
client := ecpb.NewEchoClient(conn)
|
|
|
|
// Make RPCs as an authorized user and expect them to succeed.
|
|
authorisedUserTokenCallOption := newCredentialsCallOption(token.Token{Username: "super-user", Secret: "super-secret"})
|
|
if err := callUnaryEcho(ctx, client, "hello world", authorisedUserTokenCallOption); err != nil {
|
|
log.Fatalf("Unary RPC by authorized user failed: %v", err)
|
|
}
|
|
if err := callBidiStreamingEcho(ctx, client, authorisedUserTokenCallOption); err != nil {
|
|
log.Fatalf("Bidirectional RPC by authorized user failed: %v", err)
|
|
}
|
|
|
|
// Make RPCs as an unauthorized user and expect them to fail with status code PermissionDenied.
|
|
unauthorisedUserTokenCallOption := newCredentialsCallOption(token.Token{Username: "bad-actor", Secret: "super-secret"})
|
|
if err := callUnaryEcho(ctx, client, "hello world", unauthorisedUserTokenCallOption); err != nil {
|
|
switch c := status.Code(err); c {
|
|
case codes.PermissionDenied:
|
|
log.Printf("Unary RPC by unauthorized user failed as expected: %v", err)
|
|
default:
|
|
log.Fatalf("Unary RPC by unauthorized user failed unexpectedly: %v, %v", c, err)
|
|
}
|
|
}
|
|
if err := callBidiStreamingEcho(ctx, client, unauthorisedUserTokenCallOption); err != nil {
|
|
switch c := status.Code(err); c {
|
|
case codes.PermissionDenied:
|
|
log.Printf("Bidirectional RPC by unauthorized user failed as expected: %v", err)
|
|
default:
|
|
log.Fatalf("Bidirectional RPC by unauthorized user failed unexpectedly: %v", err)
|
|
}
|
|
}
|
|
}
|