feat: support ssl on zrpc, simplify the config (#1175)

2025-02-02 16:28:39 +08:00 · 2021-10-30 23:15:39 +08:00 · 2021-10-30 23:15:39 +08:00 · c1a8ccda11
commit c1a8ccda11
parent 9df6786b09
4 changed files with 18 additions and 30 deletions
--- a/zrpc/client.go
+++ b/zrpc/client.go
@ -18,10 +18,8 @@ var (
 	WithRetry = internal.WithRetry
 	// WithUnaryClientInterceptor is an alias of internal.WithUnaryClientInterceptor.
 	WithUnaryClientInterceptor = internal.WithUnaryClientInterceptor
-	// WithInsecure is an alias of internal.WithInsecure.
-	WithInsecure = internal.WithInsecure
-	// WithTlsClientFromUnilateralism is an alias of internal.WithTlsClientFromUnilateralism
-	WithTlsClientFromUnilateralism = internal.WithTlsClientFromUnilateralism
+	// WithTlsClientFromUnilateral is an alias of internal.WithTlsClientFromUnilateral
+	WithTlsClientFromUnilateral = internal.WithTlsClientFromUnilateral
 	// WithTlsClientFromMutual is an alias of internal.WithTlsClientFromMutual
 	WithTlsClientFromMutual = internal.WithTlsClientFromMutual
 )
@ -64,9 +62,6 @@ func NewClient(c RpcClientConf, options ...ClientOption) (Client, error) {
 		opts = append(opts, WithRetry())
 	}
 	opts = append(opts, options...)
-	if !c.HasSslVerify() {
-		opts = append(opts, WithInsecure())
-	}

 	var target string
 	var err error
--- a/zrpc/config.go
+++ b/zrpc/config.go
@ -30,7 +30,6 @@ type (
 		Token     string          `json:",optional"`
 		Retry     bool            `json:",optional"` // grpc auto retry
 		Timeout   int64           `json:",default=2000"`
-		InsecureVerify bool            `json:",default=false"`
 	}
 )

@ -73,8 +72,3 @@ func (sc RpcServerConf) Validate() error {
 func (cc RpcClientConf) HasCredential() bool {
 	return len(cc.App) > 0 && len(cc.Token) > 0
 }
-
-//HasTls checks if there is a SSL in config.
-func (cc RpcClientConf) HasSslVerify() bool {
-	return cc.InsecureVerify
-}
--- a/zrpc/config_test.go
+++ b/zrpc/config_test.go
@ -14,11 +14,6 @@ func TestRpcClientConf(t *testing.T) {
 	assert.True(t, conf.HasCredential())
 	conf = NewEtcdClientConf([]string{"localhost:1234", "localhost:5678"}, "key", "foo", "bar")
 	assert.True(t, conf.HasCredential())
-	// ssl on
-	conf = NewDirectClientConf([]string{"localhost:1234", "localhost:5678"}, "foo", "bar")
-	assert.False(t, conf.HasSslVerify())
-	conf.InsecureVerify = true
-	assert.True(t, conf.HasSslVerify())
 }

 func TestRpcServerConf(t *testing.T) {
--- a/zrpc/internal/client.go
+++ b/zrpc/internal/client.go
@ -36,6 +36,7 @@ type (
 	// A ClientOptions is a client options.
 	ClientOptions struct {
 		Timeout     time.Duration
+		Secure      bool
 		Retry       bool
 		DialOptions []grpc.DialOption
 	}
@ -69,7 +70,12 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption {
 		opt(&cliOpts)
 	}

-	options := []grpc.DialOption{
+	var options []grpc.DialOption
+	if !cliOpts.Secure {
+		options = append([]grpc.DialOption(nil), grpc.WithInsecure())
+	}
+
+	options = append(options,
 		grpc.WithBlock(),
 		WithUnaryClientInterceptors(
 			clientinterceptors.UnaryTracingInterceptor,
@ -82,7 +88,7 @@ func (c *client) buildDialOptions(opts ...ClientOption) []grpc.DialOption {
 		WithStreamClientInterceptors(
 			clientinterceptors.StreamTracingInterceptor,
 		),
-	}
+	)

 	return append(options, cliOpts.DialOptions...)
 }
@ -116,13 +122,6 @@ func WithDialOption(opt grpc.DialOption) ClientOption {
 	}
 }

-// WithInsecure returns a func to customize a ClientOptions with secure option.
-func WithInsecure() ClientOption {
-	return func(options *ClientOptions) {
-		options.DialOptions = append(options.DialOptions, grpc.WithInsecure())
-	}
-}
-
 // WithTimeout returns a func to customize a ClientOptions with given timeout.
 func WithTimeout(timeout time.Duration) ClientOption {
 	return func(options *ClientOptions) {
@ -144,13 +143,15 @@ func WithUnaryClientInterceptor(interceptor grpc.UnaryClientInterceptor) ClientO
 	}
 }

-// WithTlsClientFromUnilateralism return a func to customize a ClientOptions Verify with Unilateralism authentication.
-func WithTlsClientFromUnilateralism(crt, domainName string) ClientOption {
+// WithTlsClientFromUnilateral return a func to customize a ClientOptions Verify with Unilateralism authentication.
+func WithTlsClientFromUnilateral(crt, domainName string) ClientOption {
 	return func(options *ClientOptions) {
 		c, err := credentials.NewClientTLSFromFile(crt, domainName)
 		if err != nil {
 			log.Fatalf("credentials.NewClientTLSFromFile err: %v", err)
 		}
+
+		options.Secure = true
 		options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(c))
 	}
 }
@ -162,6 +163,7 @@ func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
 		if err != nil {
 			log.Fatalf("tls.LoadX509KeyPair err: %v", err)
 		}
+
 		certPool := x509.NewCertPool()
 		ca, err := ioutil.ReadFile(caFile)
 		if err != nil {
@ -177,6 +179,8 @@ func WithTlsClientFromMutual(crtFile, keyFile, caFile string) ClientOption {
 			RootCAs:      certPool,
 		}

-		options.DialOptions = append(options.DialOptions, grpc.WithTransportCredentials(credentials.NewTLS(config)))
+		options.Secure = true
+		options.DialOptions = append(options.DialOptions,
+			grpc.WithTransportCredentials(credentials.NewTLS(config)))
 	}
 }