fixup! dev-environment: grpc

dev-environments/grpc/Makefile

@@ -11,33 +11,56 @@ gateway: ## run gateway configured to access upstream powered with TLS
 clean:
 	$(DOCKER) compose down --volumes --remove-orphans
 	$(DOCKER) compose -f docker-compose.yml down --volumes --remove-orphans
-	$(MAKE) cleancerts -C $(WORKDIR)/gateway-cert -f $(WORKDIR)/Makefile
-	$(MAKE) cleancerts -C $(WORKDIR)/upstream-cert -f $(WORKDIR)/Makefile
+	- rm -rf gateway-cert
+	- rm -rf upstream-cert
+	- rm -rf bin
 
-cleancerts:
-	- rm *.crt *.key *.pem *.csr
-
-ca: 
-	openssl genrsa -out rootCA.key 2048 
+ca:
+	openssl genrsa -out rootCA.key 2048
 	openssl req -batch -new -x509 -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
 
-clientcerts:	
+clientcerts:
 	openssl req -subj '/CN=$(DOMAIN)'  -newkey rsa:4096 -nodes \
 			-sha256 \
 			-days 3650 \
 			-keyout $(DOMAIN).key \
-			-out $(DOMAIN).csr 
+			-out $(DOMAIN).csr
 	chmod +r $(DOMAIN).key
 	openssl x509 -req -in $(DOMAIN).csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out $(DOMAIN).crt -days 500 -sha256
 
-gateway-certs:
+$(WORKDIR)/gateway-cert:
 	mkdir -p gateway-cert
-	$(MAKE) cleancerts -C $(WORKDIR)/gateway-cert -f $(WORKDIR)/Makefile
+
+.PHONY: gateway-certs
+gateway-certs: $(WORKDIR)/gateway-cert
 	$(MAKE) ca -C $(WORKDIR)/gateway-cert -f $(WORKDIR)/Makefile
 	$(MAKE) clientcerts -C $(WORKDIR)/gateway-cert -f $(WORKDIR)/Makefile DOMAIN=gateway.example.com
 
-upstream-certs:
+$(WORKDIR)/upstream-cert:
 	mkdir -p upstream-cert
-	$(MAKE) cleancerts -C $(WORKDIR)/upstream-cert -f $(WORKDIR)/Makefile
+
+.PHONY: upstream-certs
+upstream-certs: $(WORKDIR)/upstream-cert
 	$(MAKE) ca -C $(WORKDIR)/upstream-cert -f $(WORKDIR)/Makefile
 	$(MAKE) clientcerts -C $(WORKDIR)/upstream-cert -f $(WORKDIR)/Makefile DOMAIN=upstream.example.com
+	cat $(WORKDIR)/upstream-cert/upstream.example.com.key $(WORKDIR)/upstream-cert/upstream.example.com.crt >$(WORKDIR)/upstream-cert/upstream.example.com.pem
+
+GRPCURL=$(WORKDIR)/bin/grpcurl
+$(GRPCURL):
+	$(call go-install-tool,$(GRPCURL),github.com/fullstorydev/grpcurl/cmd/[email protected])
+
+.PHONY: grpcurl
+grpcurl: $(GRPCURL) ## Download grpcurl locally if necessary.
+
+# go-install-tool will 'go install' any package $2 and install it to $1.
+define go-install-tool
+@[ -f $(1) ] || { \
+set -e ;\
+TMP_DIR=$$(mktemp -d) ;\
+cd $$TMP_DIR ;\
+go mod init tmp ;\
+echo "Downloading $(2)" ;\
+GOBIN=$(WORKDIR)/bin go install $(2) ;\
+rm -rf $$TMP_DIR ;\
+}
+endef

dev-environments/grpc/README.md

@@ -24,10 +24,25 @@ Running custom apicast image
 make gateway IMAGE_NAME=quay.io/3scale/apicast:latest
 ```
 
+Traffic between the gateway and upstream can be inspected looking at logs from `one.upstream` service
+
+```
+docker compose -p grpc logs -f one.upstream
+```
+
 ## Testing
 
+
+Get `grpcurl`
+
+```sh
+make grpcurl
+```
+
+Run request
+
 ```sh
-curl --resolve gateway.example.com:8443:127.0.0.1 -v --cacert gateway-cert/rootCA.pem "https://gateway.example.com:8443/?user_key=123"
+bin/grpcurl -insecure -authority gateway.example.com 127.0.0.1:8443 main.HelloWorld/Greeting
 ```
 
 ## Clean env

dev-environments/grpc/apicast-config.json

@@ -4,7 +4,8 @@
       "id": "1",
       "backend_version": "1",
       "proxy": {
-        "hosts": ["example.com"],
+        "hosts": ["gateway.example.com"],
+        "credentials_location": "headers",
         "api_backend": "https://one.upstream:443",
         "backend": {
           "endpoint": "http://127.0.0.1:8081",

dev-environments/grpc/docker-compose.yml

@@ -8,8 +8,8 @@ services:
     - two.upstream
     environment:
       APICAST_HTTPS_PORT: 8443
-      APICAST_HTTPS_CERTIFICATE: /var/run/secrets/apicast/example.com.crt
-      APICAST_HTTPS_CERTIFICATE_KEY: /var/run/secrets/apicast/example.com.key
+      APICAST_HTTPS_CERTIFICATE: /var/run/secrets/apicast/gateway.example.com.crt
+      APICAST_HTTPS_CERTIFICATE_KEY: /var/run/secrets/apicast/gateway.example.com.key
       THREESCALE_CONFIG_FILE: /tmp/config.json
       THREESCALE_DEPLOYMENT_ENV: staging
       APICAST_CONFIGURATION_LOADER: lazy
@@ -24,7 +24,7 @@ services:
       - "8090:8090"
     volumes:
       - ./apicast-config.json:/tmp/config.json
-      - ./cert:/var/run/secrets/apicast
+      - ./gateway-cert:/var/run/secrets/apicast
   one.upstream:
     image: alpine/socat:1.7.4.4
     container_name: one.upstream
@@ -33,7 +33,7 @@ services:
       - "443"
     restart: unless-stopped
     volumes:
-      - ./cert/upstream.example.com.pem:/etc/pki/upstream.example.com.pem
+      - ./upstream-cert/upstream.example.com.pem:/etc/pki/upstream.example.com.pem
   two.upstream:
     image: kalmhq/echoserver
     expose: