syncfeatures: add support for TLS
Until now syncfeatures could only connect to insecure endpoints. This CL
allows it to connect to gRPC endpoints with server-side TLS
authentication.
Bug: twpowertools:62
Change-Id: I1d0fd6bcf2aead47c152f66a10be538f6655ca7c
diff --git a/cmd/syncfeatures/syncfeatures.go b/cmd/syncfeatures/syncfeatures.go
index 2f8ba50..a4f97d8 100644
--- a/cmd/syncfeatures/syncfeatures.go
+++ b/cmd/syncfeatures/syncfeatures.go
@@ -8,14 +8,18 @@
"os"
"google.golang.org/grpc"
+ "google.golang.org/grpc/credentials"
"google.golang.org/grpc/metadata"
+ "github.com/johnsiilver/getcert"
+
pb "gomodules.avm99963.com/twpt-server/api_proto"
)
var (
grpcEndpoint = flag.String("grpcEndpoint", "", "gRPC endpoint address.")
jwt = flag.String("jwt", "", "JWT credentials.")
+ insecure = flag.Bool("insecure", false, "Set if the connection to the gRPC endpoint is insecure.")
)
type Features map[string]Feature
@@ -45,7 +49,18 @@
func main() {
flag.Parse()
- conn, err := grpc.Dial(*grpcEndpoint, grpc.WithInsecure())
+ var err error
+ var conn *grpc.ClientConn
+
+ if *insecure {
+ conn, err = grpc.Dial(*grpcEndpoint, grpc.WithInsecure())
+ } else {
+ tlsCert, _, err2 := getcert.FromTLSServer(*grpcEndpoint, false)
+ if err2 != nil {
+ log.Fatalf("error while retrieving public certificate: %v\n", err2)
+ }
+ conn, err = grpc.Dial(*grpcEndpoint, grpc.WithTransportCredentials(credentials.NewServerTLSFromCert(&tlsCert)))
+ }
if err != nil {
log.Fatalf("error while connecting to gRPC endpoint: %v\n", err)
}