Documentation
¶
Index ¶
- Variables
- func AddPemToCertPool(pemCerts []byte, pool *x509.CertPool) error
- func DialConnection(node Node) (*grpc.ClientConn, error)
- func GetTLSCACerts(file string) ([]byte, error)
- type ClientConfig
- type DynamicClientCredentials
- func (dtc *DynamicClientCredentials) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)
- func (dtc *DynamicClientCredentials) Clone() credentials.TransportCredentials
- func (dtc *DynamicClientCredentials) Info() credentials.ProtocolInfo
- func (dtc *DynamicClientCredentials) OverrideServerName(name string) error
- func (dtc *DynamicClientCredentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)
- type GRPCClient
- type KeepaliveOptions
- type Node
- type SecureOptions
- type TLSOption
Constants ¶
This section is empty.
Variables ¶
View Source
var ( MaxRecvMsgSize = 100 * 1024 * 1024 MaxSendMsgSize = 100 * 1024 * 1024 )
View Source
var ErrServerHandshakeNotImplemented = errors.New("core/comm: server handshakes are not implemented with clientCreds")
Functions ¶
func AddPemToCertPool ¶
AddPemToCertPool adds PEM-encoded certs to a cert pool
func DialConnection ¶
func DialConnection(node Node) (*grpc.ClientConn, error)
func GetTLSCACerts ¶
Types ¶
type ClientConfig ¶
type ClientConfig struct {
// SecOpts defines the security parameters
SecOpts SecureOptions
// KaOpts defines the keepalive parameters
KaOpts KeepaliveOptions
// Timeout specifies how long the client will block when attempting to
// establish a connection
Timeout time.Duration
// AsyncConnect makes connection creation non blocking
AsyncConnect bool
}
ClientConfig defines the parameters for configuring a GRPCClient instance
type DynamicClientCredentials ¶
func (*DynamicClientCredentials) ClientHandshake ¶
func (*DynamicClientCredentials) Clone ¶
func (dtc *DynamicClientCredentials) Clone() credentials.TransportCredentials
func (*DynamicClientCredentials) Info ¶
func (dtc *DynamicClientCredentials) Info() credentials.ProtocolInfo
func (*DynamicClientCredentials) OverrideServerName ¶
func (dtc *DynamicClientCredentials) OverrideServerName(name string) error
func (*DynamicClientCredentials) ServerHandshake ¶
func (dtc *DynamicClientCredentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)
type GRPCClient ¶
type GRPCClient struct {
// contains filtered or unexported fields
}
func CreateGRPCClient ¶
func CreateGRPCClient(node Node) (*GRPCClient, error)
func NewGRPCClient ¶
func NewGRPCClient(config ClientConfig) (*GRPCClient, error)
NewGRPCClient creates a new implementation of GRPCClient given an address and client configuration
func (*GRPCClient) NewConnection ¶
func (client *GRPCClient) NewConnection(address string, tlsOptions ...TLSOption) (*grpc.ClientConn, error)
NewConnection returns a grpc.ClientConn for the target address and overrides the server name used to verify the hostname on the certificate returned by a server when using TLS
type KeepaliveOptions ¶
type KeepaliveOptions struct {
// ClientInterval is the duration after which if the client does not see
// any activity from the server it pings the server to see if it is alive
ClientInterval time.Duration
// ClientTimeout is the duration the client waits for a response
// from the server after sending a ping before closing the connection
ClientTimeout time.Duration
// ServerInterval is the duration after which if the server does not see
// any activity from the client it pings the client to see if it is alive
ServerInterval time.Duration
// ServerTimeout is the duration the server waits for a response
// from the client after sending a ping before closing the connection
ServerTimeout time.Duration
// ServerMinInterval is the minimum permitted time between client pings.
// If clients send pings more frequently, the server will disconnect them
ServerMinInterval time.Duration
}
KeepaliveOptions is used to set the gRPC keepalive settings for both clients and servers
type Node ¶
type Node struct {
Addr string `yaml:"addr"`
SslTargetNameOverride string `yaml:"ssl_target_name_override"`
TLSCACert string `yaml:"tls_ca_cert"`
Org string `yaml:"org"`
TLSCAKey string `yaml:"tls_ca_key"`
TLSCARoot string `yaml:"tls_ca_root"`
TLSCACertByte []byte
TLSCAKeyByte []byte
TLSCARootByte []byte
}
func (*Node) LoadConfig ¶
type SecureOptions ¶
type SecureOptions struct {
// VerifyCertificate, if not nil, is called after normal
// certificate verification by either a TLS client or server.
// If it returns a non-nil error, the handshake is aborted and that error results.
VerifyCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
// PEM-encoded X509 public key to be used for TLS communication
Certificate []byte
// PEM-encoded private key to be used for TLS communication
Key []byte
// Set of PEM-encoded X509 certificate authorities used by clients to
// verify server certificates
ServerRootCAs [][]byte
// Set of PEM-encoded X509 certificate authorities used by servers to
// verify client certificates
ClientRootCAs [][]byte
// Whether or not to use TLS for communication
UseTLS bool
// Whether or not TLS client must present certificates for authentication
RequireClientCert bool
// CipherSuites is a list of supported cipher suites for TLS
CipherSuites []uint16
// TimeShift makes TLS handshakes time sampling shift to the past by a given duration
TimeShift time.Duration
}
SecureOptions defines the security parameters (e.g. TLS) for a GRPCServer or GRPCClient instance
Source Files
Click to show internal directories.
Click to hide internal directories.