1/*
2 *
3 * Copyright 2018 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 *     http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19// This binary can only run on Google Cloud Platform (GCP).
20package main
21
22import (
23	"context"
24	"flag"
25	"net"
26	"strings"
27
28	"google.golang.org/grpc"
29	"google.golang.org/grpc/credentials/alts"
30	"google.golang.org/grpc/grpclog"
31	"google.golang.org/grpc/interop"
32	testpb "google.golang.org/grpc/interop/grpc_testing"
33	"google.golang.org/grpc/tap"
34)
35
36const (
37	udsAddrPrefix = "unix:"
38)
39
40var (
41	hsAddr     = flag.String("alts_handshaker_service_address", "", "ALTS handshaker gRPC service address")
42	serverAddr = flag.String("server_address", ":8080", "The address on which the server is listening. Only two types of addresses are supported, 'host:port' and 'unix:/path'.")
43
44	logger = grpclog.Component("interop")
45)
46
47func main() {
48	flag.Parse()
49
50	// If the server address starts with `unix:`, then we have a UDS address.
51	network := "tcp"
52	address := *serverAddr
53	if strings.HasPrefix(address, udsAddrPrefix) {
54		network = "unix"
55		address = strings.TrimPrefix(address, udsAddrPrefix)
56	}
57	lis, err := net.Listen(network, address)
58	if err != nil {
59		logger.Fatalf("gRPC Server: failed to start the server at %v: %v", address, err)
60	}
61	opts := alts.DefaultServerOptions()
62	if *hsAddr != "" {
63		opts.HandshakerServiceAddress = *hsAddr
64	}
65	altsTC := alts.NewServerCreds(opts)
66	grpcServer := grpc.NewServer(grpc.Creds(altsTC), grpc.InTapHandle(authz))
67	testpb.RegisterTestServiceServer(grpcServer, interop.NewTestServer())
68	grpcServer.Serve(lis)
69}
70
71// authz shows how to access client information at the server side to perform
72// application-layer authorization checks.
73func authz(ctx context.Context, info *tap.Info) (context.Context, error) {
74	authInfo, err := alts.AuthInfoFromContext(ctx)
75	if err != nil {
76		return nil, err
77	}
78	// Access all alts.AuthInfo data:
79	logger.Infof("authInfo.ApplicationProtocol() = %v", authInfo.ApplicationProtocol())
80	logger.Infof("authInfo.RecordProtocol() = %v", authInfo.RecordProtocol())
81	logger.Infof("authInfo.SecurityLevel() = %v", authInfo.SecurityLevel())
82	logger.Infof("authInfo.PeerServiceAccount() = %v", authInfo.PeerServiceAccount())
83	logger.Infof("authInfo.LocalServiceAccount() = %v", authInfo.LocalServiceAccount())
84	logger.Infof("authInfo.PeerRPCVersions() = %v", authInfo.PeerRPCVersions())
85	logger.Infof("info.FullMethodName = %v", info.FullMethodName)
86	return ctx, nil
87}
88