From 1e33edeefd8c15ee7b2f8ef0195963abb3cacdc9 Mon Sep 17 00:00:00 2001
From: Siddhanta Rath <siddhanta.rath@gojek.com>
Date: Mon, 18 Dec 2023 20:57:37 +0530
Subject: [PATCH 1/3] feat: enable tls on grpc server

---
 .env.sample              |  1 +
 .env.test                |  1 +
 config/server.go         | 14 +++++++++++---
 services/grpc/service.go | 25 ++++++++++++++++++++++++-
 4 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/.env.sample b/.env.sample
index 004016e0..f36ab4c8 100644
--- a/.env.sample
+++ b/.env.sample
@@ -10,6 +10,7 @@ SERVER_WEBSOCKET_WRITE_WAIT_INTERVAL_MS=5000
 SERVER_WEBSOCKET_PINGER_SIZE=1
 
 SERVER_GRPC_PORT=8081
+SERVER_GRPC_TLS_ENABLED=false
 
 WORKER_BUFFER_CHANNEL_SIZE=5
 WORKER_BUFFER_FLUSH_TIMEOUT_MS=5000
diff --git a/.env.test b/.env.test
index 4d6aad85..1136269e 100644
--- a/.env.test
+++ b/.env.test
@@ -11,6 +11,7 @@ SERVER_WEBSOCKET_WRITE_WAIT_INTERVAL_MS=1000
 SERVER_WEBSOCKET_PINGER_SIZE=1
 
 SERVER_GRPC_PORT=8081
+SERVER_GRPC_TLS_ENABLED=false
 
 WORKER_BUFFER_CHANNEL_SIZE=5
 WORKER_BUFFER_FLUSH_TIMEOUT_MS=5000
diff --git a/config/server.go b/config/server.go
index ace3fdd5..f0ece0e5 100644
--- a/config/server.go
+++ b/config/server.go
@@ -31,7 +31,10 @@ type serverWs struct {
 }
 
 type serverGRPC struct {
-	Port string
+	Port         string
+	TLSEnabled   bool
+	TLSCertPath  string
+	TLSPublicKey string
 }
 
 func serverConfigLoader() {
@@ -71,9 +74,14 @@ func serverWsConfigLoader() {
 }
 
 func serverGRPCConfigLoader() {
-
 	viper.SetDefault("SERVER_GRPC_PORT", "8081")
+	viper.SetDefault("SERVER_GRPC_TLS_ENABLED", false)
+	viper.SetDefault("SERVER_GRPC_TLS_CERT_PATH", "cert/server.crt")
+	viper.SetDefault("SERVER_GRPC_TLS_PUBLIC_KEY", "cert/server.key")
 	ServerGRPC = serverGRPC{
-		Port: util.MustGetString("SERVER_GRPC_PORT"),
+		Port:         util.MustGetString("SERVER_GRPC_PORT"),
+		TLSEnabled:   util.MustGetBool("SERVER_GRPC_TLS_ENABLED"),
+		TLSCertPath:  util.MustGetString("SERVER_GRPC_TLS_CERT_PATH"),
+		TLSPublicKey: util.MustGetString("SERVER_GRPC_TLS_PUBLIC_KEY"),
 	}
 }
diff --git a/services/grpc/service.go b/services/grpc/service.go
index 3b4a018b..fc7abfd9 100644
--- a/services/grpc/service.go
+++ b/services/grpc/service.go
@@ -2,7 +2,9 @@ package grpc
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
+	"google.golang.org/grpc/credentials"
 	"net"
 
 	pbgrpc "buf.build/gen/go/gotocompany/proton/grpc/go/gotocompany/raccoon/v1beta1/raccoonv1beta1grpc"
@@ -17,7 +19,7 @@ type Service struct {
 }
 
 func NewGRPCService(c collection.Collector) *Service {
-	server := grpc.NewServer()
+	server := newGRPCServer()
 	pbgrpc.RegisterEventServiceServer(server, &Handler{C: c})
 	return &Service{
 		s:         server,
@@ -41,3 +43,24 @@ func (s *Service) Shutdown(context.Context) error {
 	s.s.GracefulStop()
 	return nil
 }
+
+func newGRPCServer() *grpc.Server {
+	if config.ServerGRPC.TLSEnabled {
+		return grpc.NewServer(grpc.Creds(loadTLSCredentials()))
+	}
+	return grpc.NewServer()
+}
+
+func loadTLSCredentials() credentials.TransportCredentials {
+	serverCert, err := tls.LoadX509KeyPair(config.ServerGRPC.TLSCertPath, config.ServerGRPC.TLSPublicKey)
+	if err != nil {
+		panic("failed to load TLS credentials to start grpc server with TLS")
+	}
+
+	config := &tls.Config{
+		Certificates: []tls.Certificate{serverCert},
+		ClientAuth:   tls.NoClientCert,
+	}
+
+	return credentials.NewTLS(config)
+}

From 9184d0e5cf6562c258d585efa9490d045ab3bc6f Mon Sep 17 00:00:00 2001
From: Siddhanta Rath <siddhanta.rath@gojek.com>
Date: Mon, 18 Dec 2023 23:56:39 +0530
Subject: [PATCH 2/3] feat: add new non TLS grpc server for healthcheck

---
 config/server.go                |  3 ++
 services/grpc/service.go        | 19 ----------
 services/grpc/serviceWithTLS.go | 62 +++++++++++++++++++++++++++++++++
 services/services.go            | 12 +++++++
 4 files changed, 77 insertions(+), 19 deletions(-)
 create mode 100644 services/grpc/serviceWithTLS.go

diff --git a/config/server.go b/config/server.go
index f0ece0e5..61b3076b 100644
--- a/config/server.go
+++ b/config/server.go
@@ -32,6 +32,7 @@ type serverWs struct {
 
 type serverGRPC struct {
 	Port         string
+	TLSPort      string
 	TLSEnabled   bool
 	TLSCertPath  string
 	TLSPublicKey string
@@ -75,11 +76,13 @@ func serverWsConfigLoader() {
 
 func serverGRPCConfigLoader() {
 	viper.SetDefault("SERVER_GRPC_PORT", "8081")
+	viper.SetDefault("SERVER_GRPC_TLS_PORT", "8443")
 	viper.SetDefault("SERVER_GRPC_TLS_ENABLED", false)
 	viper.SetDefault("SERVER_GRPC_TLS_CERT_PATH", "cert/server.crt")
 	viper.SetDefault("SERVER_GRPC_TLS_PUBLIC_KEY", "cert/server.key")
 	ServerGRPC = serverGRPC{
 		Port:         util.MustGetString("SERVER_GRPC_PORT"),
+		TLSPort:      util.MustGetString("SERVER_GRPC_TLS_PORT"),
 		TLSEnabled:   util.MustGetBool("SERVER_GRPC_TLS_ENABLED"),
 		TLSCertPath:  util.MustGetString("SERVER_GRPC_TLS_CERT_PATH"),
 		TLSPublicKey: util.MustGetString("SERVER_GRPC_TLS_PUBLIC_KEY"),
diff --git a/services/grpc/service.go b/services/grpc/service.go
index fc7abfd9..615878ab 100644
--- a/services/grpc/service.go
+++ b/services/grpc/service.go
@@ -2,9 +2,7 @@ package grpc
 
 import (
 	"context"
-	"crypto/tls"
 	"fmt"
-	"google.golang.org/grpc/credentials"
 	"net"
 
 	pbgrpc "buf.build/gen/go/gotocompany/proton/grpc/go/gotocompany/raccoon/v1beta1/raccoonv1beta1grpc"
@@ -45,22 +43,5 @@ func (s *Service) Shutdown(context.Context) error {
 }
 
 func newGRPCServer() *grpc.Server {
-	if config.ServerGRPC.TLSEnabled {
-		return grpc.NewServer(grpc.Creds(loadTLSCredentials()))
-	}
 	return grpc.NewServer()
 }
-
-func loadTLSCredentials() credentials.TransportCredentials {
-	serverCert, err := tls.LoadX509KeyPair(config.ServerGRPC.TLSCertPath, config.ServerGRPC.TLSPublicKey)
-	if err != nil {
-		panic("failed to load TLS credentials to start grpc server with TLS")
-	}
-
-	config := &tls.Config{
-		Certificates: []tls.Certificate{serverCert},
-		ClientAuth:   tls.NoClientCert,
-	}
-
-	return credentials.NewTLS(config)
-}
diff --git a/services/grpc/serviceWithTLS.go b/services/grpc/serviceWithTLS.go
new file mode 100644
index 00000000..dfafbb2b
--- /dev/null
+++ b/services/grpc/serviceWithTLS.go
@@ -0,0 +1,62 @@
+package grpc
+
+import (
+	pbgrpc "buf.build/gen/go/gotocompany/proton/grpc/go/gotocompany/raccoon/v1beta1/raccoonv1beta1grpc"
+	"context"
+	"crypto/tls"
+	"fmt"
+	"github.com/goto/raccoon/collection"
+	"github.com/goto/raccoon/config"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+	"net"
+)
+
+type ServiceWithTLS struct {
+	Collector collection.Collector
+	s         *grpc.Server
+}
+
+func NewGRPCServiceWithTLS(c collection.Collector) *Service {
+	server := newGRPCServerWithTLS()
+	pbgrpc.RegisterEventServiceServer(server, &Handler{C: c})
+	return &Service{
+		s:         server,
+		Collector: c,
+	}
+}
+
+func (s *ServiceWithTLS) Init(context.Context) error {
+	lis, err := net.Listen("tcp", fmt.Sprintf(":%s", config.ServerGRPC.TLSPort))
+	if err != nil {
+		return err
+	}
+	return s.s.Serve(lis)
+}
+
+func (*ServiceWithTLS) Name() string {
+	return "GRPC WITH TLS"
+}
+
+func (s *ServiceWithTLS) Shutdown(context.Context) error {
+	s.s.GracefulStop()
+	return nil
+}
+
+func newGRPCServerWithTLS() *grpc.Server {
+	return grpc.NewServer(grpc.Creds(loadTLSCredentials()))
+}
+
+func loadTLSCredentials() credentials.TransportCredentials {
+	serverCert, err := tls.LoadX509KeyPair(config.ServerGRPC.TLSCertPath, config.ServerGRPC.TLSPublicKey)
+	if err != nil {
+		panic("failed to load TLS credentials to start grpc server with TLS")
+	}
+
+	config := &tls.Config{
+		Certificates: []tls.Certificate{serverCert},
+		ClientAuth:   tls.NoClientCert,
+	}
+
+	return credentials.NewTLS(config)
+}
diff --git a/services/services.go b/services/services.go
index 8c482b4b..c65bed12 100644
--- a/services/services.go
+++ b/services/services.go
@@ -2,6 +2,7 @@ package services
 
 import (
 	"context"
+	"github.com/goto/raccoon/config"
 	"net/http"
 
 	"github.com/goto/raccoon/collection"
@@ -45,6 +46,17 @@ func (s *Services) Shutdown(ctx context.Context) {
 
 func Create(b chan collection.CollectRequest) Services {
 	c := collection.NewChannelCollector(b)
+	if config.ServerGRPC.TLSEnabled {
+		return Services{
+			b: []bootstrapper{
+				//running non TLS service to do health check on the probe
+				grpc.NewGRPCService(c),
+				grpc.NewGRPCServiceWithTLS(c),
+				pprof.NewPprofService(),
+				rest.NewRestService(c),
+			},
+		}
+	}
 	return Services{
 		b: []bootstrapper{
 			grpc.NewGRPCService(c),

From a32d2a1842b7949e341d567ba37dd245ad893d1c Mon Sep 17 00:00:00 2001
From: Siddhanta Rath <siddhanta.rath@gojek.com>
Date: Tue, 19 Dec 2023 15:05:29 +0530
Subject: [PATCH 3/3] Revert "feat: add new non TLS grpc server for
 healthcheck"

This reverts commit 9184d0e5cf6562c258d585efa9490d045ab3bc6f.
---
 config/server.go                |  3 --
 services/grpc/service.go        | 19 ++++++++++
 services/grpc/serviceWithTLS.go | 62 ---------------------------------
 services/services.go            | 12 -------
 4 files changed, 19 insertions(+), 77 deletions(-)
 delete mode 100644 services/grpc/serviceWithTLS.go

diff --git a/config/server.go b/config/server.go
index 61b3076b..f0ece0e5 100644
--- a/config/server.go
+++ b/config/server.go
@@ -32,7 +32,6 @@ type serverWs struct {
 
 type serverGRPC struct {
 	Port         string
-	TLSPort      string
 	TLSEnabled   bool
 	TLSCertPath  string
 	TLSPublicKey string
@@ -76,13 +75,11 @@ func serverWsConfigLoader() {
 
 func serverGRPCConfigLoader() {
 	viper.SetDefault("SERVER_GRPC_PORT", "8081")
-	viper.SetDefault("SERVER_GRPC_TLS_PORT", "8443")
 	viper.SetDefault("SERVER_GRPC_TLS_ENABLED", false)
 	viper.SetDefault("SERVER_GRPC_TLS_CERT_PATH", "cert/server.crt")
 	viper.SetDefault("SERVER_GRPC_TLS_PUBLIC_KEY", "cert/server.key")
 	ServerGRPC = serverGRPC{
 		Port:         util.MustGetString("SERVER_GRPC_PORT"),
-		TLSPort:      util.MustGetString("SERVER_GRPC_TLS_PORT"),
 		TLSEnabled:   util.MustGetBool("SERVER_GRPC_TLS_ENABLED"),
 		TLSCertPath:  util.MustGetString("SERVER_GRPC_TLS_CERT_PATH"),
 		TLSPublicKey: util.MustGetString("SERVER_GRPC_TLS_PUBLIC_KEY"),
diff --git a/services/grpc/service.go b/services/grpc/service.go
index 615878ab..fc7abfd9 100644
--- a/services/grpc/service.go
+++ b/services/grpc/service.go
@@ -2,7 +2,9 @@ package grpc
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
+	"google.golang.org/grpc/credentials"
 	"net"
 
 	pbgrpc "buf.build/gen/go/gotocompany/proton/grpc/go/gotocompany/raccoon/v1beta1/raccoonv1beta1grpc"
@@ -43,5 +45,22 @@ func (s *Service) Shutdown(context.Context) error {
 }
 
 func newGRPCServer() *grpc.Server {
+	if config.ServerGRPC.TLSEnabled {
+		return grpc.NewServer(grpc.Creds(loadTLSCredentials()))
+	}
 	return grpc.NewServer()
 }
+
+func loadTLSCredentials() credentials.TransportCredentials {
+	serverCert, err := tls.LoadX509KeyPair(config.ServerGRPC.TLSCertPath, config.ServerGRPC.TLSPublicKey)
+	if err != nil {
+		panic("failed to load TLS credentials to start grpc server with TLS")
+	}
+
+	config := &tls.Config{
+		Certificates: []tls.Certificate{serverCert},
+		ClientAuth:   tls.NoClientCert,
+	}
+
+	return credentials.NewTLS(config)
+}
diff --git a/services/grpc/serviceWithTLS.go b/services/grpc/serviceWithTLS.go
deleted file mode 100644
index dfafbb2b..00000000
--- a/services/grpc/serviceWithTLS.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package grpc
-
-import (
-	pbgrpc "buf.build/gen/go/gotocompany/proton/grpc/go/gotocompany/raccoon/v1beta1/raccoonv1beta1grpc"
-	"context"
-	"crypto/tls"
-	"fmt"
-	"github.com/goto/raccoon/collection"
-	"github.com/goto/raccoon/config"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
-	"net"
-)
-
-type ServiceWithTLS struct {
-	Collector collection.Collector
-	s         *grpc.Server
-}
-
-func NewGRPCServiceWithTLS(c collection.Collector) *Service {
-	server := newGRPCServerWithTLS()
-	pbgrpc.RegisterEventServiceServer(server, &Handler{C: c})
-	return &Service{
-		s:         server,
-		Collector: c,
-	}
-}
-
-func (s *ServiceWithTLS) Init(context.Context) error {
-	lis, err := net.Listen("tcp", fmt.Sprintf(":%s", config.ServerGRPC.TLSPort))
-	if err != nil {
-		return err
-	}
-	return s.s.Serve(lis)
-}
-
-func (*ServiceWithTLS) Name() string {
-	return "GRPC WITH TLS"
-}
-
-func (s *ServiceWithTLS) Shutdown(context.Context) error {
-	s.s.GracefulStop()
-	return nil
-}
-
-func newGRPCServerWithTLS() *grpc.Server {
-	return grpc.NewServer(grpc.Creds(loadTLSCredentials()))
-}
-
-func loadTLSCredentials() credentials.TransportCredentials {
-	serverCert, err := tls.LoadX509KeyPair(config.ServerGRPC.TLSCertPath, config.ServerGRPC.TLSPublicKey)
-	if err != nil {
-		panic("failed to load TLS credentials to start grpc server with TLS")
-	}
-
-	config := &tls.Config{
-		Certificates: []tls.Certificate{serverCert},
-		ClientAuth:   tls.NoClientCert,
-	}
-
-	return credentials.NewTLS(config)
-}
diff --git a/services/services.go b/services/services.go
index c65bed12..8c482b4b 100644
--- a/services/services.go
+++ b/services/services.go
@@ -2,7 +2,6 @@ package services
 
 import (
 	"context"
-	"github.com/goto/raccoon/config"
 	"net/http"
 
 	"github.com/goto/raccoon/collection"
@@ -46,17 +45,6 @@ func (s *Services) Shutdown(ctx context.Context) {
 
 func Create(b chan collection.CollectRequest) Services {
 	c := collection.NewChannelCollector(b)
-	if config.ServerGRPC.TLSEnabled {
-		return Services{
-			b: []bootstrapper{
-				//running non TLS service to do health check on the probe
-				grpc.NewGRPCService(c),
-				grpc.NewGRPCServiceWithTLS(c),
-				pprof.NewPprofService(),
-				rest.NewRestService(c),
-			},
-		}
-	}
 	return Services{
 		b: []bootstrapper{
 			grpc.NewGRPCService(c),