From 89aede1fb3020b5bd3e45d39984c12c5dc4e3ba9 Mon Sep 17 00:00:00 2001 From: Pavel Karpy Date: Thu, 20 May 2021 18:51:28 +0300 Subject: [PATCH] [#286] client: Add TLS options Add `WithTLSConfig` option to client. If it is not nil then client will try to open secured connection. Signed-off-by: Pavel Karpy --- pkg/client/opts.go | 10 +++++++++- rpc/client/connect.go | 12 +++++++++++- rpc/client/options.go | 15 +++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/pkg/client/opts.go b/pkg/client/opts.go index 9825d49..6c04f8d 100644 --- a/pkg/client/opts.go +++ b/pkg/client/opts.go @@ -2,6 +2,7 @@ package client import ( "crypto/ecdsa" + "crypto/tls" "time" "github.com/nspcc-dev/neofs-api-go/pkg" @@ -110,7 +111,7 @@ func v2MetaHeaderFromOpts(options *callOptions) *v2session.RequestMetaHeader { func defaultClientOptions() *clientOptions { return &clientOptions{ - rawOpts: make([]client.Option, 0, 3), + rawOpts: make([]client.Option, 0, 4), } } @@ -133,6 +134,13 @@ func WithDialTimeout(dur time.Duration) Option { } } +// WithTLSConfig returns option to set connection's TLS config to the remote node. +func WithTLSConfig(cfg *tls.Config) Option { + return func(opts *clientOptions) { + opts.rawOpts = append(opts.rawOpts, client.WithTLSCfg(cfg)) + } +} + // WithDefaultPrivateKey returns option to set default private key // used for the work. func WithDefaultPrivateKey(key *ecdsa.PrivateKey) Option { diff --git a/rpc/client/connect.go b/rpc/client/connect.go index f9cd940..9df1ddf 100644 --- a/rpc/client/connect.go +++ b/rpc/client/connect.go @@ -6,6 +6,7 @@ import ( "github.com/nspcc-dev/neofs-api-go/rpc/grpc" grpcstd "google.golang.org/grpc" + "google.golang.org/grpc/credentials" ) func (c *Client) createGRPCClient() (err error) { @@ -33,8 +34,17 @@ func (c *Client) openGRPCConn() error { var err error + var credOpt grpcstd.DialOption + + if c.tlsCfg != nil { + creds := credentials.NewTLS(c.tlsCfg) + credOpt = grpcstd.WithTransportCredentials(creds) + } else { + credOpt = grpcstd.WithInsecure() + } + dialCtx, cancel := context.WithTimeout(context.Background(), c.dialTimeout) - c.conn, err = grpcstd.DialContext(dialCtx, c.addr, grpcstd.WithInsecure()) + c.conn, err = grpcstd.DialContext(dialCtx, c.addr, credOpt) cancel() return err diff --git a/rpc/client/options.go b/rpc/client/options.go index 9f2a226..0dcabfb 100644 --- a/rpc/client/options.go +++ b/rpc/client/options.go @@ -1,6 +1,7 @@ package client import ( + "crypto/tls" "time" "google.golang.org/grpc" @@ -14,6 +15,8 @@ type cfg struct { dialTimeout time.Duration + tlsCfg *tls.Config + conn *grpc.ClientConn } @@ -49,6 +52,18 @@ func WithDialTimeout(v time.Duration) Option { } } +// WithTLSCfg returns option to specify +// TLS configuration. +// +// Ignored if WithGRPCConn is provided. +func WithTLSCfg(v *tls.Config) Option { + return func(c *cfg) { + if v != nil { + c.tlsCfg = v + } + } +} + // WithGRPCConn returns option to specify // gRPC virtual connection. func WithGRPCConn(v *grpc.ClientConn) Option {