X-Git-Url: https://git.verplant.org/?a=blobdiff_plain;f=src%2Fgrpc.cc;h=ae3dab25d6445249831d76291a0316c5aa1c7b3e;hb=3fae5596643f1e361eb18c3d65448f8bc02fdd80;hp=4e10783d6d3984849835af987daa5eae5e8e4dc6;hpb=976ae6b3f443b3a5a71237b7c1b43e74fa4947cf;p=collectd.git diff --git a/src/grpc.cc b/src/grpc.cc index 4e10783d..ae3dab25 100644 --- a/src/grpc.cc +++ b/src/grpc.cc @@ -27,6 +27,8 @@ #include #include +#include +#include #include #include "collectd.grpc.pb.h" @@ -34,7 +36,6 @@ extern "C" { #include #include -#include #include "collectd.h" #include "common.h" @@ -60,6 +61,8 @@ using google::protobuf::util::TimeUtil; struct Listener { grpc::string addr; grpc::string port; + + grpc::SslServerCredentialsOptions *ssl; }; static std::vector listeners; static grpc::string default_addr("0.0.0.0:50051"); @@ -86,6 +89,25 @@ static bool ident_matches(const value_list_t *vl, const value_list_t *matcher) return true; } /* ident_matches */ +static grpc::string read_file(const char *filename) +{ + std::ifstream f; + grpc::string s, content; + + f.open(filename); + if (!f.is_open()) { + ERROR("grpc: Failed to open '%s'", filename); + return ""; + } + + while (std::getline(f, s)) { + content += s; + content.push_back('\n'); + } + f.close(); + return content; +} /* read_file */ + /* * proto conversion */ @@ -265,35 +287,44 @@ static grpc::Status Process(grpc::ServerContext *ctx, grpc::string("failed to query values: cannot create iterator")); } + status = grpc::Status::OK; while (uc_iterator_next(iter, &name) == 0) { value_list_t res; - if (parse_identifier_vl(name, &res) != 0) - return grpc::Status(grpc::StatusCode::INTERNAL, + if (parse_identifier_vl(name, &res) != 0) { + status = grpc::Status(grpc::StatusCode::INTERNAL, grpc::string("failed to parse identifier")); + break; + } if (!ident_matches(&res, &matcher)) continue; - if (uc_iterator_get_time(iter, &res.time) < 0) - return grpc::Status(grpc::StatusCode::INTERNAL, + if (uc_iterator_get_time(iter, &res.time) < 0) { + status = grpc::Status(grpc::StatusCode::INTERNAL, grpc::string("failed to retrieve value timestamp")); - if (uc_iterator_get_interval(iter, &res.interval) < 0) - return grpc::Status(grpc::StatusCode::INTERNAL, + break; + } + if (uc_iterator_get_interval(iter, &res.interval) < 0) { + status = grpc::Status(grpc::StatusCode::INTERNAL, grpc::string("failed to retrieve value interval")); - if (uc_iterator_get_values(iter, &res.values, &res.values_len) < 0) - return grpc::Status(grpc::StatusCode::INTERNAL, + break; + } + if (uc_iterator_get_values(iter, &res.values, &res.values_len) < 0) { + status = grpc::Status(grpc::StatusCode::INTERNAL, grpc::string("failed to retrieve values")); + break; + } auto vl = reply->add_values(); status = marshal_value_list(&res, vl); free(res.values); if (!status.ok()) - return status; + break; } uc_iterator_destroy(iter); - return grpc::Status::OK; + return status; } /* Process(): QueryValues */ class Call @@ -390,7 +421,6 @@ class CollectdServer final public: void Start() { - // TODO: make configurable auto auth = grpc::InsecureServerCredentials(); grpc::ServerBuilder builder; @@ -402,8 +432,16 @@ public: else { for (auto l : listeners) { grpc::string addr = l.addr + ":" + l.port; - builder.AddListeningPort(addr, auth); - INFO("grpc: Listening on %s", addr.c_str()); + + auto use_ssl = grpc::string(""); + auto a = auth; + if (l.ssl != nullptr) { + use_ssl = grpc::string(" (SSL enabled)"); + a = grpc::SslServerCredentials(*l.ssl); + } + + builder.AddListeningPort(addr, a); + INFO("grpc: Listening on %s%s", addr.c_str(), use_ssl.c_str()); } } @@ -478,14 +516,62 @@ extern "C" { auto listener = Listener(); listener.addr = grpc::string(ci->values[0].value.string); listener.port = grpc::string(ci->values[1].value.string); - listeners.push_back(listener); + listener.ssl = nullptr; + + auto ssl_opts = new(grpc::SslServerCredentialsOptions); + grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp = {}; + bool use_ssl = false; for (int i = 0; i < ci->children_num; i++) { oconfig_item_t *child = ci->children + i; - WARNING("grpc: Option `%s` not allowed in <%s> block.", - child->key, ci->key); + + if (!strcasecmp("EnableSSL", child->key)) { + if (cf_util_get_boolean(child, &use_ssl)) { + ERROR("grpc: Option `%s` expects a boolean value", + child->key); + return -1; + } + } + else if (!strcasecmp("SSLRootCerts", child->key)) { + char *certs = NULL; + if (cf_util_get_string(child, &certs)) { + ERROR("grpc: Option `%s` expects a string value", + child->key); + return -1; + } + ssl_opts->pem_root_certs = read_file(certs); + } + else if (!strcasecmp("SSLServerKey", child->key)) { + char *key = NULL; + if (cf_util_get_string(child, &key)) { + ERROR("grpc: Option `%s` expects a string value", + child->key); + return -1; + } + pkcp.private_key = read_file(key); + } + else if (!strcasecmp("SSLServerCert", child->key)) { + char *cert = NULL; + if (cf_util_get_string(child, &cert)) { + ERROR("grpc: Option `%s` expects a string value", + child->key); + return -1; + } + pkcp.cert_chain = read_file(cert); + } + else { + WARNING("grpc: Option `%s` not allowed in <%s> block.", + child->key, ci->key); + } } + ssl_opts->pem_key_cert_pairs.push_back(pkcp); + if (use_ssl) + listener.ssl = ssl_opts; + else + delete(ssl_opts); + + listeners.push_back(listener); return 0; } /* c_grpc_config_listen() */