From c5f55a615d8685a3a5b934eec12d015be431e236 Mon Sep 17 00:00:00 2001 From: iamqizhao Date: Wed, 25 Feb 2015 18:53:11 -0800 Subject: [PATCH 1/3] revert --- interop/client/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interop/client/client.go b/interop/client/client.go index f4e24ea3..465255c1 100644 --- a/interop/client/client.go +++ b/interop/client/client.go @@ -302,7 +302,7 @@ func main() { serverAddr := net.JoinHostPort(*serverHost, strconv.Itoa(*serverPort)) var opts []grpc.DialOption if *useTLS { - sn := *serverHost + var sn string if *tlsServerName != "" { sn = *tlsServerName } From 83497d8642cc67f3f493832cbbcec3e2186131fc Mon Sep 17 00:00:00 2001 From: iamqizhao Date: Wed, 25 Feb 2015 19:01:56 -0800 Subject: [PATCH 2/3] add grpc-auth-support.md (tls only) --- grpc-auth-support.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 grpc-auth-support.md diff --git a/grpc-auth-support.md b/grpc-auth-support.md new file mode 100644 index 00000000..82eb5729 --- /dev/null +++ b/grpc-auth-support.md @@ -0,0 +1,23 @@ +# Authentication + +As outlined here gRPC supports a number of different mechanisms for asserting identity between an client and server. We'll present some code-samples here demonstrating how to provide TLS support encryption and identity assertions as well as passing OAuth2 tokens to services that support it. + +# Enabling TLS on a gRPC client + +```Go +conn, err := grpc.Dial(serverAddr, grpc.WithClientTLS(credentials.NewClientTLSFromCert(nil, "")) +``` + +# Enableing TLS on a gRPC server + +```Go +creds, err := credentials.NewServerTLSFromFile(*certFile, *keyFile) +if err != nil { + log.Fatalf("Failed to generate credentials %v", err) +} +server.Serve(creds.NewListener(lis)) +``` + +# Using OAuth2 + + From 339ed4f7672ec8180921263c7c351222ef28dd8b Mon Sep 17 00:00:00 2001 From: iamqizhao Date: Wed, 25 Feb 2015 19:10:13 -0800 Subject: [PATCH 3/3] add grpc-auth-support.md (GCE and JWT) --- grpc-auth-support.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/grpc-auth-support.md b/grpc-auth-support.md index 82eb5729..4bca3754 100644 --- a/grpc-auth-support.md +++ b/grpc-auth-support.md @@ -11,13 +11,28 @@ conn, err := grpc.Dial(serverAddr, grpc.WithClientTLS(credentials.NewClientTLSFr # Enableing TLS on a gRPC server ```Go -creds, err := credentials.NewServerTLSFromFile(*certFile, *keyFile) +creds, err := credentials.NewServerTLSFromFile(certFile, keyFile) if err != nil { log.Fatalf("Failed to generate credentials %v", err) } server.Serve(creds.NewListener(lis)) ``` -# Using OAuth2 +# Authenticating with Google +## Google Compute Engine (GCE) + +```Go +conn, err := grpc.Dial(serverAddr, grpc.WithClientTLS(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(credentials.NewComputeEngine()))) +``` + +## JWT + +```Go +jwtCreds, err := credentials.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope) +if err != nil { + log.Fatalf("Failed to create JWT credentials: %v", err) +} +conn, err := grpc.Dial(serverAddr, grpc.WithClientTLS(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(jwtCreds))) +```