Support TLS with gRPCReporter (#62)

SkyAPM · Jun 15, 2020 · e61c0b1 · e61c0b1
1 parent 7ba623d
commit e61c0b1
Show file tree

Hide file tree

Showing 8 changed files with 117 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -27,7 +27,7 @@ deps:
 
 .PHONY: test
 test:
-	go test -v -race -cover -coverprofile=coverage.txt -covermode=atomic `go list ./... | grep -v github.com/SkyAPM/go2sky/reporter/grpc`
+	go test -v -race -cover -coverprofile=coverage.txt -covermode=atomic `go list ./... | grep -v github.com/SkyAPM/go2sky/reporter/grpc | grep -v github.com/SkyAPM/go2sky/test`
 
 .PHONY: proto-gen
 proto-gen:

diff --git a/README.md b/README.md
@@ -17,14 +17,15 @@ The API of this project is still evolving. The use of vendoring tool is recommen
 # Quickstart
 
 By completing this quickstart, you will learn how to trace local methods. For more details, please view 
-[the example](example_trace_test.go)
+[the example](example_trace_test.go).
 
 ## Configuration
 
 GO2Sky can export traces to Apache SkyWalking OAP server or local logger. In the following example, we configure GO2Sky to export to OAP server, 
-which is listening on `oap-skywalking` port `11800`, and all of the spans from this program will be associated with a service name `example`.
+which is listening on `oap-skywalking` port `11800`, and all the spans from this program will be associated with a service name `example`. 
+`reporter.GRPCReporter` can also adjust the behavior through `reporter.GRPCReporterOption`, [view all](docs/GRPC-Reporter-Option.md).
 
- ```go
+```go
 r, err := reporter.NewGRPCReporter("oap-skywalking:11800")
 if err != nil {
     log.Fatalf("new reporter error %v \n", err)

diff --git a/docs/GRPC-Reporter-Option.md b/docs/GRPC-Reporter-Option.md
@@ -0,0 +1,11 @@
+### GRPCReporterOption
+
+`GRPCReporterOption` allows for functional options to adjust behaviour of a `gRPC` reporter to be created by `NewGRPCReporter`.
+
+|    Function    | Describe |
+| ---------- | --- |
+| `reporter.WithLogger` |  setup logger for gRPC reporter |
+| `reporter.WithCheckInterval` |  setup service and endpoint registry check interval |
+| `reporter.WithInstanceProps` |  setup service instance properties eg: org=SkyAPM |
+| `reporter.WithTransportCredentials` |  setup transport layer security |
+| `reporter.WithAuthentication` |  used Authentication for gRPC |
diff --git a/reporter/grpc.go b/reporter/grpc.go
@@ -30,14 +30,15 @@ import (
 	managementv3 "github.com/SkyAPM/go2sky/reporter/grpc/management"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/connectivity"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/metadata"
 )
 
 const (
 	maxSendQueueSize     int32 = 30000
 	defaultCheckInterval       = 20 * time.Second
 	defaultLogPrefix           = "go2sky-gRPC"
-	authKey            = "Authentication"
+	authKey                    = "Authentication"
 )
 
 // NewGRPCReporter create a new reporter to send data to gRPC oap server. Only one backend address is allowed.
@@ -50,7 +51,16 @@ func NewGRPCReporter(serverAddr string, opts ...GRPCReporterOption) (go2sky.Repo
 	for _, o := range opts {
 		o(r)
 	}
-	conn, err := grpc.Dial(serverAddr, grpc.WithInsecure()) //TODO add TLS
+
+	var credsDialOption grpc.DialOption
+	if r.creds != nil {
+		// use tls
+		credsDialOption = grpc.WithTransportCredentials(r.creds)
+	} else {
+		credsDialOption = grpc.WithInsecure()
+	}
+
+	conn, err := grpc.Dial(serverAddr, credsDialOption)
 	if err != nil {
 		return nil, err
 	}
@@ -92,9 +102,17 @@ func WithInstanceProps(props map[string]string) GRPCReporterOption {
 	}
 }
 
+// WithTransportCredentials setup transport layer security
+func WithTransportCredentials(creds credentials.TransportCredentials) GRPCReporterOption {
+	return func(r *gRPCReporter) {
+		r.creds = creds
+	}
+}
+
+// WithAuthentication used Authentication for gRPC
 func WithAuthentication(auth string) GRPCReporterOption {
 	return func(r *gRPCReporter) {
-		r.md = metadata.New( map[string]string{authKey: auth})
+		r.md = metadata.New(map[string]string{authKey: auth})
 	}
 }
 
@@ -108,7 +126,9 @@ type gRPCReporter struct {
 	traceClient      agentv3.TraceSegmentReportServiceClient
 	managementClient managementv3.ManagementServiceClient
 	checkInterval    time.Duration
-	md  metadata.MD;
+
+	md    metadata.MD
+	creds credentials.TransportCredentials
 }
 
 func (r *gRPCReporter) Boot(service string, serviceInstance string) {

diff --git a/reporter/grpc_test.go b/reporter/grpc_test.go
@@ -32,6 +32,7 @@ import (
 	managementv3 "github.com/SkyAPM/go2sky/reporter/grpc/management"
 	"github.com/SkyAPM/go2sky/reporter/grpc/management/mock_management"
 	"github.com/golang/mock/gomock"
+	"google.golang.org/grpc/credentials"
 )
 
 const (
@@ -126,9 +127,19 @@ func TestGRPCReporter_Close(t *testing.T) {
 }
 
 func TestGRPCReporterOption(t *testing.T) {
+	// props
 	instanceProps := make(map[string]string)
 	instanceProps["org"] = "SkyAPM"
+
+	// log
 	logger := log.New(os.Stderr, "WithLogger", log.LstdFlags)
+
+	// tls
+	creds, err := credentials.NewClientTLSFromFile("../test/test-data/certs/cert.crt", "SkyAPM.org")
+	if err != nil {
+		t.Error(err)
+	}
+
 	tests := []struct {
 		name       string
 		option     GRPCReporterOption
@@ -184,6 +195,15 @@ func TestGRPCReporterOption(t *testing.T) {
 				}
 			},
 		},
+		{
+			name:   "with tls",
+			option: WithTransportCredentials(creds),
+			verifyFunc: func(t *testing.T, reporter *gRPCReporter) {
+				if reporter.creds != creds {
+					t.Error("error are not set TransportCredentials")
+				}
+			},
+		},
 	}
 
 	for _, tt := range tests {

diff --git a/test/test-data/certs/README.md b/test/test-data/certs/README.md
@@ -0,0 +1,8 @@
+# Self-signed certificates
+
+    openssl genrsa -out cert.key 2048
+    openssl req -new -x509 -sha256 -key cert.key -out cert.crt -days 3650
+
+For the common name, please type the following FQDN:
+
+    SkyAPM.org
diff --git a/test/test-data/certs/cert.crt b/test/test-data/certs/cert.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIUKKpIHrwwKjkL3tfvAyb9Zw/n+A4wDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKU2t5QVBNLm9yZzAe
+Fw0yMDA2MDkxNjA3MzBaFw0zMDA2MDcxNjA3MzBaMFoxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQxEzARBgNVBAMMClNreUFQTS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCtgxmr32F3f9GSn4ZeK8+X/LkD9Nu3znWWOYF1Jw2wcYm+8S+4
+ru/roz5IQSNQZDmoAXZVkOjLhO8OG+qMwKy/ZKBxVFN8wL0n0Q+EPDkDCeY+9dTJ
+c7w/5fIHvvnj2dgEppWdq+mAGaC/XJuGVfxRAEfsckn9EBDmf5XqH0P5emZHnLV2
+OoBZOP6H2pjXcy8F2O6+ZUMzn+mQE7mGN8QpUq+odcab2D65WgPyyuaThX56ivWA
+MeOB76BMkOZ0G5H6zWQ2HcWHd/oKHMaoCIWvgtMZ51Lj3AaM2UeCjZrLvyTQzCtn
+Zyp6KgHpoHYxGk4zBU4/xxruiGdKf2Lc5l2fAgMBAAGjUzBRMB0GA1UdDgQWBBTK
+JMnMwE46jfvumrMQTxiZ/I/XDjAfBgNVHSMEGDAWgBTKJMnMwE46jfvumrMQTxiZ
+/I/XDjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCkuiKAdOaL
+440+5VPHsq+xkno6mEA7qfVznj7CeVMWiMMJYYpsw9dMA9KkJCZB7HrUlj3MqH7m
+KZaDcD4Sdkd9ysD+Lhm0uurESpAEi3O6tpZI7xrLKq3LY7lWGQvTKkgAaNtUk7mY
+8Kc2rxnj/OJM/5e14OVJZN6cjmhsp3wS5lA5zc3XdYVYj0FRjclIQPx5Cx2uDfQo
+GlYK+gD1iOrROM6ydAzwktcer6YN78IFjhWe1jsLAblLJwy05RGMPZYdjvfk58m1
+J0IMdYcZ4+iyEuSUlauf7WwreUjwWpfYfVUlhQtTLERqhm3UrI68teh5zD/saeVQ
+DHXRlcyKcJK0
+-----END CERTIFICATE-----
diff --git a/test/test-data/certs/cert.key b/test/test-data/certs/cert.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEArYMZq99hd3/Rkp+GXivPl/y5A/Tbt851ljmBdScNsHGJvvEv
+uK7v66M+SEEjUGQ5qAF2VZDoy4TvDhvqjMCsv2SgcVRTfMC9J9EPhDw5AwnmPvXU
+yXO8P+XyB77549nYBKaVnavpgBmgv1ybhlX8UQBH7HJJ/RAQ5n+V6h9D+XpmR5y1
+djqAWTj+h9qY13MvBdjuvmVDM5/pkBO5hjfEKVKvqHXGm9g+uVoD8srmk4V+eor1
+gDHjge+gTJDmdBuR+s1kNh3Fh3f6ChzGqAiFr4LTGedS49wGjNlHgo2ay78k0Mwr
+Z2cqeioB6aB2MRpOMwVOP8ca7ohnSn9i3OZdnwIDAQABAoIBAGt6IKWw6bvOxe8P
+t3iPpLhdh/EmdA8n6PhTyJfbyAP6YDuRRGEeo2iPpp21E33Rh1FFDpqz9y9RuY5A
+xonHM3oeh6+Lb2eAL+sA+Z6MezghoqhvOA5NDVd7RO99YWa84q0Gzvhqq2l49nRy
+lbehfXhjNyoEJUaG9CEC+Mab9UwLerXpgOXLHKfDpmUGTyO7PO79lYSWkTFQkYLy
+SvFFddl2Klh+4v/kk+dASJnk971liH/ln3UpUvS0wSouYIm/TBwSsdUUCQAUzJ50
+iiKzqc9wtaAWwuS5B5SQ84+53gL/bk7TFTRjDczvuvqqCnbEpvxzoaPW8JfL/YDn
+xAH7EZkCgYEA4PF1b4J48KmVR8oHcjNe/OGqncGe+CTcUDOP+50y+oaeQ3QVGYb5
+a08EV8oumITwxzY1yQWPsXUVzDVr6nDNaqrZV8ZOzEoTe16JWE6L5/YbwVxyzTDZ
+lOxEHeu4jHHuWJeuuYP7pfO+7bT2rOyglDBzNZgu8a46qwbOQXn8HfMCgYEAxXfT
+v7d0yW0oXRg9FNT8w5+ydaAUS8CJhsLb7anacnPxufZN5kE/8Un1HOsozyrujfpA
+yJi4yJds0GhyY3CmQiFW0rezMCDSCQoF1ZY13RnQk+0qV7SCyryCa22K+pTu87k3
+c5Gz4uqQSTgrWjxKEOCR8cLqXBMQzZT25xfwsKUCgYAQTa/jSyOU3dWyBFSR1GNY
+FMsW8AejmJhXP8V5yST+v28NGIbG+N9vBaUc78x8xXXmGmm/jiWiCQhxapXNwitB
+RezGzdq8N8o9sNZnjhnZ0B6m3xp7AMVkY9N0D7eqhj9uMGA7lfNRTd9Sv0D5u5TP
+6MsQ4VzVq3kZGD8uw7agPQKBgQCt9DpoSG+sRenp4MFmSZ6FonguoJ9ggDNmsN/X
+ROr4KmWGoZDMRyzSHYm9OPfRUIuoLQ3G6KrXonWsPmaObR05Ym8+368NtcvxRJAR
+MOswZF5XAfVsH8ucV2Y4xt5IkszRjZdoyrECNAp5Re8C5duFdJ98r22PQQhrYlAD
+EhbpNQKBgFH38OszYe/d57Wg6VQ05QeJuvoeh5OurqqwDgUVAJDmsjyRhJIrMk6K
+vrPvsoKW6jou8FBFeaFJxvi6LUpBYF3RDFe+d1UTtkDnTDJ+5AqhWPQMfdIsruQI
+h/PE5YYkB3GAKNCPlkT8NmhyK0fkzEyXCWjrqeRWAaATTE/F5yiM
+-----END RSA PRIVATE KEY-----