堆栈内存溢出
  简体   繁体   English

使用 TLS 从 Go 客户端进行 gRPC 调用 - GCP Cloud Function

[英]Make gRPC call from Go client with TLS - GCP Cloud Function

 原文  2022-04-14 19:32:48       ssl/ google-cloud-functions/ grpc-go

问题描述

I'm working on a few different GCP Cloud Functions that need to communicate with my backend using gRPC.我正在处理一些需要使用 gRPC 与我的后端通信的不同 GCP Cloud Functions。 The backend services are encrypted behind TLS, and only accessible through it (the APIs can't be called without TLS).后端服务在 TLS 后面加密,并且只能通过它访问(没有 TLS 就无法调用 API)。 The server is working perfectly fine as expected, I have a UI that is also calling the same APIs, and those work perfectly fine so the server is properly set up.服务器按预期工作得非常好,我有一个 UI 也调用相同的 API,并且这些 API 工作得非常好,因此服务器已正确设置。

Given this setup, I'm struggling to figure out how I can call my backend APIs through gRPC from my GCP Cloud Functions.鉴于此设置,我正在努力弄清楚如何从我的 GCP Cloud Functions 通过 gRPC 调用我的后端 API。 I know i can call grpc.Dial("some_endpoint", grpc.WithTransportCredentials(<credentials>)) , however I don't know how to get credentials to pass to the grpc.WithTransportCredentials method.我知道我可以调用grpc.Dial("some_endpoint", grpc.WithTransportCredentials(<credentials>)) ,但是我不知道如何获取传递给grpc.WithTransportCredentials方法的credentials

I'm not sure what other information you may need, but whatever it may be, I will be happy to provide.我不确定您可能还需要什么其他信息,但无论是什么信息,我都很乐意提供。

1 个解决方案

解决方案1
 0  2022-04-15 09:35:31

You can refer to this gRPC authentication mechanisms guide that provides examples on supported auth mechanisms such as SSL/TLS integration, ALTS and Token-based authentication with Google.您可以参考此gRPC 身份验证机制指南,其中提供了有关受支持的身份验证机制的示例,例如 SSL/TLS 集成、ALTS 和 Google 的基于令牌的身份验证。

Sample implementation:实施示例:

  1. No encryption or authentication没有加密或身份验证
  • Client客户

 conn, _:= grpc.Dial("localhost:50051", grpc.WithTransportCredentials(insecure.NewCredentials())) // error handling omitted client:= pb.NewGreeterClient(conn) //...

  • Server服务器

 s:= grpc.NewServer() lis, _:=.net.Listen("tcp", "localhost:50051") // error handling omitted s.Serve(lis)

  1. With server authentication SSL/TLS使用服务器身份验证 SSL/TLS
  • Client客户

 creds, _:= credentials.NewClientTLSFromFile(certFile, "") conn, _:= grpc.Dial("localhost:50051", grpc.WithTransportCredentials(creds)) // error handling omitted client:= pb.NewGreeterClient(conn) //...

  • Server服务器

 creds, _:= credentials.NewServerTLSFromFile(certFile, keyFile) s:= grpc.NewServer(grpc.Creds(creds)) lis, _:=.net.Listen("tcp", "localhost:50051") // error handling omitted s.Serve(lis)

  1. Authenticate using Google service account使用 Google 服务帐户进行身份验证

 pool, _:= x509.SystemCertPool() // error handling omitted creds:= credentials.NewClientTLSFromCert(pool, "") perRPC, _:= oauth.NewServiceAccountFromFile("service-account.json", scope) conn, _:= grpc.Dial( "greeter.googleapis.com", grpc.WithTransportCredentials(creds), grpc.WithPerRPCCredentials(perRPC), ) // error handling omitted client:= pb.NewGreeterClient(conn) //...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 保护从 gcp 云函数到 Cloud run Api 的 api 调用 - Protect api call from gcp cloud function to Cloud run Api gRPC、Go & Cloud Run - 如何优雅地处理客户端授权? - gRPC, Go & Cloud Run - How to elegantly handle client authorisation? 如何从 GCP Cloud Function 中的 maven 资源文件夹中读取文件? - How to read a file from maven resources folder in GCP Cloud Function? 从 GCP python 云 function 返回错误状态(不是“正常”或“崩溃”) - Returning error status from GCP python cloud function (not 'ok' or 'crash') GCP Cloud Function 未安装来自 Secret Manager 的最新机密 - GCP Cloud Function not mounting latest secret from Secret Manager apache 光束与 gcp 云 function - apache beam with gcp cloud function GCP Cloud Function 如何从 ServiceNow 执行或触发它? - How does GCP Cloud Function can execute or trigger it from ServiceNow? GCP 部署云 function 失败 - GCP deploy cloud function failed GO GRPC function 存根定义问题 - GO GRPC function stub definition issue 致电 Gen-2 GCP Function - Call a Gen-2 GCP Function
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM