From 197ed6b5df4e4a1cb792ab84407e102d8b0d0c9f Mon Sep 17 00:00:00 2001 From: Charith Ellawala Date: Wed, 26 Jun 2024 17:13:42 +0100 Subject: [PATCH] enhancement: Switch to gRPC channel builder to support Unix domain sockets (#98) Support for creating UDS connections has been added in the upstream project if `Grpc.newChannelBuilder` is used instead of `ManagedChannelBuilder`. Signed-off-by: Charith Ellawala --- .../dev/cerbos/sdk/CerbosClientBuilder.java | 24 ++++++------------- .../cerbos/sdk/CerbosBlockingClientTest.java | 2 ++ 2 files changed, 9 insertions(+), 17 deletions(-) diff --git a/src/main/java/dev/cerbos/sdk/CerbosClientBuilder.java b/src/main/java/dev/cerbos/sdk/CerbosClientBuilder.java index 6dfdb0c..0198474 100644 --- a/src/main/java/dev/cerbos/sdk/CerbosClientBuilder.java +++ b/src/main/java/dev/cerbos/sdk/CerbosClientBuilder.java @@ -5,14 +5,9 @@ package dev.cerbos.sdk; -import io.grpc.ManagedChannel; -import io.grpc.ManagedChannelBuilder; -import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts; -import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder; -import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder; +import io.grpc.*; import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory; -import javax.net.ssl.SSLException; import java.io.InputStream; import java.time.Duration; @@ -78,16 +73,16 @@ private ManagedChannel buildChannel() throws InvalidClientConfigurationException ManagedChannelBuilder channelBuilder = null; if (plaintext) { - channelBuilder = ManagedChannelBuilder.forTarget(target).usePlaintext(); + channelBuilder = Grpc.newChannelBuilder(target, InsecureChannelCredentials.create()); } else { - SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); + TlsChannelCredentials.Builder tlsCredentials = TlsChannelCredentials.newBuilder(); if (insecure) { - sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE); + tlsCredentials.trustManager(InsecureTrustManagerFactory.INSTANCE.getTrustManagers()); } if (caCertificate != null) { try { - sslContextBuilder.trustManager(caCertificate); + tlsCredentials.trustManager(caCertificate); } catch (Exception e) { throw new InvalidClientConfigurationException("Failed to set CA trust root", e); } @@ -95,18 +90,13 @@ private ManagedChannel buildChannel() throws InvalidClientConfigurationException if (tlsCertificate != null && tlsKey != null) { try { - sslContextBuilder.keyManager(tlsCertificate, tlsKey); + tlsCredentials.keyManager(tlsCertificate, tlsKey); } catch (Exception e) { throw new InvalidClientConfigurationException("Failed to set TLS credentials", e); } } - try { - channelBuilder = - NettyChannelBuilder.forTarget(target).sslContext(sslContextBuilder.build()); - } catch (SSLException e) { - throw new InvalidClientConfigurationException("Failed to build SSL context", e); - } + channelBuilder = Grpc.newChannelBuilder(target, tlsCredentials.build()); } if (!isEmptyString(authority)) { diff --git a/src/test/java/dev/cerbos/sdk/CerbosBlockingClientTest.java b/src/test/java/dev/cerbos/sdk/CerbosBlockingClientTest.java index 635a97c..61aecda 100644 --- a/src/test/java/dev/cerbos/sdk/CerbosBlockingClientTest.java +++ b/src/test/java/dev/cerbos/sdk/CerbosBlockingClientTest.java @@ -20,6 +20,7 @@ @TestInstance(TestInstance.Lifecycle.PER_CLASS) class CerbosBlockingClientTest extends CerbosClientTests { private static final Logger LOG = LoggerFactory.getLogger(CerbosBlockingClientTest.class); + @Container private static final CerbosContainer cerbosContainer = new CerbosContainer("dev") @@ -28,6 +29,7 @@ class CerbosBlockingClientTest extends CerbosClientTests { .withCommand("server", "--config=/config/config.yaml") .withLogConsumer(new Slf4jLogConsumer(LOG)); + @BeforeAll public void initClient() throws CerbosClientBuilder.InvalidClientConfigurationException { String target = cerbosContainer.getTarget();