astelm
/
grpcurl
mirror of https://github.com/fullstorydev/grpcurl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added ALTS client options as cmd arguments.

This commit is contained in:
Jonathan Beaulieu 2022-10-24 18:57:49 +00:00
parent 6a7c4742e2
commit cc08c6392e
1 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
cmd/grpcurl/grpcurl.go
View File

@ -58,7 +58,9 @@ var (
Use plain-text HTTP/2 when connecting to server (no TLS).`)) Use plain-text HTTP/2 when connecting to server (no TLS).`))
usealts = flags.Bool("alts", false, prettify(` usealts = flags.Bool("alts", false, prettify(`
Use Application Layer Transport Security (ALTS) when connecting to server.`)) Use Application Layer Transport Security (ALTS) when connecting to server.`))
insecure = flags.Bool("insecure", false, prettify(` altsHandshakerServiceAddress = flags.String("alts-handshaker-service", "", prettify(`If set, this server will be used to do the ATLS handshaking.`))
altsTargetServiceAccounts multiString
insecure = flags.Bool("insecure", false, prettify(`
Skip server certificate and domain verification. (NOT SECURE!) Not Skip server certificate and domain verification. (NOT SECURE!) Not
valid with -plaintext option.`)) valid with -plaintext option.`))
cacert = flags.String("cacert", "", prettify(` cacert = flags.String("cacert", "", prettify(`
@ -203,6 +205,12 @@ func init() {
-use-reflection is used in combination with a -proto or -protoset flag, -use-reflection is used in combination with a -proto or -protoset flag,
the provided descriptor sources will be used in addition to server the provided descriptor sources will be used in addition to server
reflection to resolve messages and extensions.`)) reflection to resolve messages and extensions.`))
flags.Var(&altsTargetServiceAccounts, "alts-target-service-account", prettify(`
A list of expected target service accounts. If the service is running as
any of the provided service account the connection and request will be
made else the connection will fail to connect. If not target service
accounts are provided, no client side authorization will be done and any
connection will be allowed.`))
} }
type multiString []string type multiString []string
@ -305,6 +313,12 @@ func main() {
if *usealts && *key != "" { if *usealts && *key != "" {
fail(nil, "The -alts and -key arguments are mutually exclusive.") fail(nil, "The -alts and -key arguments are mutually exclusive.")
} }
if *altsHandshakerServiceAddress != "" && !*usealts {
fail(nil, "The -alts-handshaker-service argument must be used with the -alts argument.")
}
if len(altsTargetServiceAccounts) > 0 && !*usealts {
fail(nil, "The -alts-target-service-account argument must be used with the -alts argument.")
}
if (*key == "") != (*cert == "") { if (*key == "") != (*cert == "") {
fail(nil, "The -cert and -key arguments must be used together and both be present.") fail(nil, "The -cert and -key arguments must be used together and both be present.")
} }
@ -427,7 +441,14 @@ func main() {
opts = append(opts, grpc.WithAuthority(*authority)) opts = append(opts, grpc.WithAuthority(*authority))
} }
} else if *usealts { } else if *usealts {
creds = alts.NewClientCreds(alts.DefaultClientOptions()) clientOptions := alts.DefaultClientOptions()
if len(altsTargetServiceAccounts) > 0 {
clientOptions.TargetServiceAccounts = altsTargetServiceAccounts
}
if *altsHandshakerServiceAddress != "" {
clientOptions.HandshakerServiceAddress = *altsHandshakerServiceAddress
}
creds = alts.NewClientCreds(clientOptions)
} else { } else {
// Use TLS // Use TLS
tlsConf, err := grpcurl.ClientTLSConfig(*insecure, *cacert, *cert, *key) tlsConf, err := grpcurl.ClientTLSConfig(*insecure, *cacert, *cert, *key)