-
Notifications
You must be signed in to change notification settings - Fork 911
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cln-grpc-plugin: Secure access to your node over the network #5013
Conversation
1c3bfc5
to
0ef0fcb
Compare
3d6d0c0
to
4e6cd52
Compare
0ef0fcb
to
b94b86d
Compare
b94b86d
to
1949b06
Compare
7941e8e
to
f5a059e
Compare
f5a059e
to
57c5c13
Compare
b23527e
to
b717005
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was searching about the plugin architecture, to think about how to implement the grpc
interface for my dart wrapper. In the meanwhile I left one comment (very very stupid).
Half of the code is the tls
config, and I'm not the right person to review it
1723cb2
to
4703783
Compare
57c5c13
to
8b8e9bd
Compare
f0dc233
to
c8a25b4
Compare
8b8e9bd
to
ef84498
Compare
dba9dd0
to
bccc8dc
Compare
I think experimental is too harsh: if it requires a config option to activate (grpc-port AFAICT), that's enough. IMHO. Plugins generally don't have the same requirements as core functionality IMHO. I wonder if we should call it grpc or cln-grpc instead of grpc-plugin? So please add a Changelog-Added: plugins: Also nice to have:
|
d0e0fa5
to
a56eb26
Compare
@rustyrussell I have your branch merged in and it compiles. Will spend today adding more types since they can be difficult to add later, and add some tests to verify the generated conversions are working ok 👍 |
We are about to generate the python grpc bindings, but only when we have Rust enabled.
Currently still unencrypted, but will get its mTLS authentication in the next commits.
If we aren't using the correct certificates we should reject the connections during the mTLS connection setup. This test tries to connect with the wrong client cert to the node, and the server will reject it.
Changelog-Added: cln-grpc-plugin: The plugin can be configured to listen on a specific port using the `grpc-port` option
Suggested-by: Rusty Russell <@rustyrussell> Changelog-Added: plugins: `cln-grpc` first class GRPC interface for remotely controlling nodes over mTLS authentication
plugins/grpc-plugin/src/main.rs
Outdated
"Which port should the grpc plugin listen for incoming connections?", | ||
)) | ||
.start() | ||
.await?; | ||
|
||
let bind_port = match plugin.option("grpc-port") { | ||
Some(options::Value::Integer(-1)) => { | ||
log::warn!("`grpc-port` option is not configured, exiting."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably just log::info? It's a great plugin, but every non-activated plugin should probably not shout to be activated :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trivial change requested... I would merge anyway, but I know more is coming...
For now we don't want to autostart. Suggested-by: Rusty Russell <@rustyrussell>
a56eb26
to
21385e2
Compare
Fixed up. The remaining grpc methods are in a separate PR, so feel free to merge this one :-) |
e.g. ``` lightningd-1: 2022-03-28T11:02:12.476Z DEBUG plugin-cln-grpc: add_pem_file processed 1 valid and 0 invalid certs lightningd-1: 2022-03-28T11:02:12.478Z DEBUG plugin-cln-grpc: Connecting to \"lightning-rpc\" and serving grpc on 0.0.0.0:36331 lightningd-1: 2022-03-28T11:02:12.478Z DEBUG connectd: REPLY WIRE_CONNECTD_ACTIVATE_REPLY with 0 fds lightningd-1: 2022-03-28T11:02:12.478Z INFO lightningd: -------------------------------------------------- lightningd-1: 2022-03-28T11:02:12.478Z INFO lightningd: Server started with public key ``` Which means we don't see it, since start() swallows it: ``` > raise TimeoutError('Unable to find "{}" in logs.'.format(exs)) E TimeoutError: Unable to find "[re.compile('serving grpc on 0.0.0.0:')]" in logs. ``` Signed-off-by: Rusty Russell <[email protected]>
Pushed a simple test race fix. Ack 343961d |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ack 343961d
(with just some small comment!)
Suggested-by: Vincenzo Palazzo <@vincenzopalazzo>
Ack a47770d |
This is the final PR in the cln-* series. It uses all the primitives we built in the previous 3 PRs and uses them to expose the JSON-RPC over grpc, with mTLS authentication builtin.