1/* 2 * 3 * Copyright 2018 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19// This binary can only run on Google Cloud Platform (GCP). 20package main 21 22import ( 23 "context" 24 "flag" 25 "net" 26 "strings" 27 28 grpc "google.golang.org/grpc" 29 "google.golang.org/grpc/credentials/alts" 30 "google.golang.org/grpc/grpclog" 31 "google.golang.org/grpc/interop" 32 testpb "google.golang.org/grpc/interop/grpc_testing" 33 "google.golang.org/grpc/tap" 34) 35 36const ( 37 udsAddrPrefix = "unix:" 38) 39 40var ( 41 hsAddr = flag.String("alts_handshaker_service_address", "", "ALTS handshaker gRPC service address") 42 serverAddr = flag.String("server_address", ":8080", "The address on which the server is listening. Only two types of addresses are supported, 'host:port' and 'unix:/path'.") 43) 44 45func main() { 46 flag.Parse() 47 48 // If the server address starts with `unix:`, then we have a UDS address. 49 network := "tcp" 50 address := *serverAddr 51 if strings.HasPrefix(address, udsAddrPrefix) { 52 network = "unix" 53 address = strings.TrimPrefix(address, udsAddrPrefix) 54 } 55 lis, err := net.Listen(network, address) 56 if err != nil { 57 grpclog.Fatalf("gRPC Server: failed to start the server at %v: %v", address, err) 58 } 59 opts := alts.DefaultServerOptions() 60 if *hsAddr != "" { 61 opts.HandshakerServiceAddress = *hsAddr 62 } 63 altsTC := alts.NewServerCreds(opts) 64 grpcServer := grpc.NewServer(grpc.Creds(altsTC), grpc.InTapHandle(authz)) 65 testpb.RegisterTestServiceServer(grpcServer, interop.NewTestServer()) 66 grpcServer.Serve(lis) 67} 68 69// authz shows how to access client information at the server side to perform 70// application-layer authorization checks. 71func authz(ctx context.Context, info *tap.Info) (context.Context, error) { 72 authInfo, err := alts.AuthInfoFromContext(ctx) 73 if err != nil { 74 return nil, err 75 } 76 // Access all alts.AuthInfo data: 77 grpclog.Infof("authInfo.ApplicationProtocol() = %v", authInfo.ApplicationProtocol()) 78 grpclog.Infof("authInfo.RecordProtocol() = %v", authInfo.RecordProtocol()) 79 grpclog.Infof("authInfo.SecurityLevel() = %v", authInfo.SecurityLevel()) 80 grpclog.Infof("authInfo.PeerServiceAccount() = %v", authInfo.PeerServiceAccount()) 81 grpclog.Infof("authInfo.LocalServiceAccount() = %v", authInfo.LocalServiceAccount()) 82 grpclog.Infof("authInfo.PeerRPCVersions() = %v", authInfo.PeerRPCVersions()) 83 grpclog.Infof("info.FullMethodName = %v", info.FullMethodName) 84 return ctx, nil 85} 86