enhancement: Switch to gRPC channel builder to support Unix domain so…

…ckets (#98) Support for creating UDS connections has been added in the upstream project if `Grpc.newChannelBuilder` is used instead of `ManagedChannelBuilder`. Signed-off-by: Charith Ellawala <[email protected]>
cerbos · Jun 26, 2024 · 197ed6b · 197ed6b
1 parent 9b93c93
commit 197ed6b
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 17 deletions.
diff --git a/src/main/java/dev/cerbos/sdk/CerbosClientBuilder.java b/src/main/java/dev/cerbos/sdk/CerbosClientBuilder.java
@@ -5,14 +5,9 @@
 
 package dev.cerbos.sdk;
 
-import io.grpc.ManagedChannel;
-import io.grpc.ManagedChannelBuilder;
-import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
-import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder;
-import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
+import io.grpc.*;
 import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 
-import javax.net.ssl.SSLException;
 import java.io.InputStream;
 import java.time.Duration;
 
@@ -78,35 +73,30 @@ private ManagedChannel buildChannel() throws InvalidClientConfigurationException
 
     ManagedChannelBuilder<?> channelBuilder = null;
     if (plaintext) {
-      channelBuilder = ManagedChannelBuilder.forTarget(target).usePlaintext();
+      channelBuilder = Grpc.newChannelBuilder(target, InsecureChannelCredentials.create());
     } else {
-      SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
+      TlsChannelCredentials.Builder tlsCredentials = TlsChannelCredentials.newBuilder();
       if (insecure) {
-        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+        tlsCredentials.trustManager(InsecureTrustManagerFactory.INSTANCE.getTrustManagers());
       }
 
       if (caCertificate != null) {
         try {
-          sslContextBuilder.trustManager(caCertificate);
+          tlsCredentials.trustManager(caCertificate);
         } catch (Exception e) {
           throw new InvalidClientConfigurationException("Failed to set CA trust root", e);
         }
       }
 
       if (tlsCertificate != null && tlsKey != null) {
         try {
-          sslContextBuilder.keyManager(tlsCertificate, tlsKey);
+          tlsCredentials.keyManager(tlsCertificate, tlsKey);
         } catch (Exception e) {
           throw new InvalidClientConfigurationException("Failed to set TLS credentials", e);
         }
       }
 
-      try {
-        channelBuilder =
-            NettyChannelBuilder.forTarget(target).sslContext(sslContextBuilder.build());
-      } catch (SSLException e) {
-        throw new InvalidClientConfigurationException("Failed to build SSL context", e);
-      }
+        channelBuilder = Grpc.newChannelBuilder(target, tlsCredentials.build());
     }
 
     if (!isEmptyString(authority)) {

diff --git a/src/test/java/dev/cerbos/sdk/CerbosBlockingClientTest.java b/src/test/java/dev/cerbos/sdk/CerbosBlockingClientTest.java
@@ -20,6 +20,7 @@
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
 class CerbosBlockingClientTest extends CerbosClientTests {
     private static final Logger LOG = LoggerFactory.getLogger(CerbosBlockingClientTest.class);
+
     @Container
     private static final CerbosContainer cerbosContainer =
             new CerbosContainer("dev")
@@ -28,6 +29,7 @@ class CerbosBlockingClientTest extends CerbosClientTests {
                     .withCommand("server", "--config=/config/config.yaml")
                     .withLogConsumer(new Slf4jLogConsumer(LOG));
 
+
     @BeforeAll
     public void initClient() throws CerbosClientBuilder.InvalidClientConfigurationException {
         String target = cerbosContainer.getTarget();