From 5e8fcf8d20a38b3d25a89489f0a7ffd4d07f4794 Mon Sep 17 00:00:00 2001 From: Denis Mishin Date: Sun, 19 Dec 2021 22:10:24 -0500 Subject: [PATCH] move NewGRPCClientConn to public package (#2826) --- internal/tests/xdserr/cmd/main.go | 4 ++-- .../tests/xdserr/grpc.go => pkg/grpcutil/client.go | 13 ++++--------- 2 files changed, 6 insertions(+), 11 deletions(-) rename internal/tests/xdserr/grpc.go => pkg/grpcutil/client.go (88%) diff --git a/internal/tests/xdserr/cmd/main.go b/internal/tests/xdserr/cmd/main.go index 4bb9e7e9c..a622bd1d7 100644 --- a/internal/tests/xdserr/cmd/main.go +++ b/internal/tests/xdserr/cmd/main.go @@ -25,6 +25,7 @@ import ( "github.com/pomerium/pomerium/internal/tests/xdserr" "github.com/pomerium/pomerium/pkg/grpc/config" "github.com/pomerium/pomerium/pkg/grpc/databroker" + "github.com/pomerium/pomerium/pkg/grpcutil" "github.com/pomerium/pomerium/pkg/protoutil" ) @@ -136,9 +137,8 @@ func grpcConn(ctx context.Context, addr, keyTxt string) (*grpc.ClientConn, error return nil, err } fmt.Println(keyTxt) - return xdserr.NewGRPCClientConn(ctx, &xdserr.Options{ + return grpcutil.NewGRPCClientConn(ctx, &grpcutil.Options{ Address: u, - WithInsecure: u.Scheme == "http", InsecureSkipVerify: true, SignedJWTKey: key, }) diff --git a/internal/tests/xdserr/grpc.go b/pkg/grpcutil/client.go similarity index 88% rename from internal/tests/xdserr/grpc.go rename to pkg/grpcutil/client.go index 03a00a6cb..e9ca4dc30 100644 --- a/internal/tests/xdserr/grpc.go +++ b/pkg/grpcutil/client.go @@ -1,4 +1,4 @@ -package xdserr +package grpcutil import ( "context" @@ -12,7 +12,6 @@ import ( "google.golang.org/grpc/credentials" "github.com/pomerium/pomerium/pkg/cryptutil" - "github.com/pomerium/pomerium/pkg/grpcutil" ) const ( @@ -37,10 +36,6 @@ type Options struct { // ClientDNSRoundRobin enables or disables DNS resolver based load balancing ClientDNSRoundRobin bool - // WithInsecure disables transport security for this ClientConn. - // Note that transport security is required unless WithInsecure is set. - WithInsecure bool - // InsecureSkipVerify skips destination hostname and ca check InsecureSkipVerify bool @@ -68,8 +63,8 @@ func NewGRPCClientConn(ctx context.Context, opts *Options, other ...grpc.DialOpt } streamClientInterceptors := []grpc.StreamClientInterceptor{} if opts.SignedJWTKey != nil { - unaryClientInterceptors = append(unaryClientInterceptors, grpcutil.WithUnarySignedJWT(opts.SignedJWTKey)) - streamClientInterceptors = append(streamClientInterceptors, grpcutil.WithStreamSignedJWT(opts.SignedJWTKey)) + unaryClientInterceptors = append(unaryClientInterceptors, WithUnarySignedJWT(opts.SignedJWTKey)) + streamClientInterceptors = append(streamClientInterceptors, WithStreamSignedJWT(opts.SignedJWTKey)) } dialOptions := []grpc.DialOption{ @@ -81,7 +76,7 @@ func NewGRPCClientConn(ctx context.Context, opts *Options, other ...grpc.DialOpt dialOptions = append(dialOptions, other...) - if opts.WithInsecure { + if opts.Address.Scheme == "http" { dialOptions = append(dialOptions, grpc.WithInsecure()) } else { rootCAs, err := cryptutil.GetCertPool(opts.CA, opts.CAFile)