Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove TLS from gRPC samples #196

Merged
merged 8 commits into from
Nov 30, 2020
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 5 additions & 7 deletions grpc-example/grpc-example-java/build.sbt
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,7 @@ version in ThisBuild := "1.0-SNAPSHOT"
// the Java version that will be used for cross-compiled libraries
scalaVersion in ThisBuild := "2.12.12"

lagomServiceEnableSsl in ThisBuild := true
val `hello-impl-HTTPS-port` = 11000

val `hello-impl-HTTP-port` = 11000
val playGrpcRuntime = "com.lightbend.play" %% "play-grpc-runtime" % BuildInfo.playGrpcVersion
val lagomGrpcTestkit = "com.lightbend.play" %% "lagom-javadsl-grpc-testkit" % BuildInfo.playGrpcVersion % Test
// TODO remove after upgrade Akka gRPC
Expand Down Expand Up @@ -44,7 +42,7 @@ lazy val `hello-impl` = (project in file("hello-impl"))

// WORKAROUND: Lagom still can't register a service under the gRPC name so we hard-code
// the port and the use the value to add the entry on the Service Registry
lagomServiceHttpsPort := `hello-impl-HTTPS-port`,
octonato marked this conversation as resolved.
Show resolved Hide resolved
lagomServiceHttpPort := `hello-impl-HTTP-port`,

libraryDependencies ++= Seq(
lagomJavadslTestKit,
Expand Down Expand Up @@ -75,6 +73,7 @@ lazy val `hello-proxy-impl` = (project in file("hello-proxy-impl"))
libraryDependencies ++= Seq(
lagomJavadslTestKit,
lagomLogback,
playGrpcRuntime,
akkaHttp
)
)
Expand All @@ -91,9 +90,8 @@ lagomKafkaEnabled in ThisBuild := false

// This adds an entry on the LagomDevMode Service Registry. With this information on
// the Service Registry a client using Service Discovery to Lookup("helloworld.GreeterService")
// will get "https://localhost:11000" and then be able to send a request.
// See declaration and usages of `hello-impl-HTTPS-port`.
lagomUnmanagedServices in ThisBuild := Map("helloworld.GreeterService" -> s"https://localhost:${`hello-impl-HTTPS-port`}")
// will get "http://localhost:11000" and then be able to send a request.
lagomUnmanagedServices in ThisBuild := Map("helloworld.GreeterService" -> s"http://127.0.0.1:${`hello-impl-HTTP-port`}")


def common = Seq(
Expand Down
62 changes: 25 additions & 37 deletions grpc-example/grpc-example-java/docs/src/main/paradox/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,29 +16,26 @@ cd grpc-example/grpc-example-java

## Running the example

Using gRPC in Lagom requires adding a Java Agent to the runtime. In order to handle this setting we provide a script that will
download the ALPN Java Agent and start an interactive `sbt` console properly set up. Use the `ssl-lagom`
script:
You can run it like any Lagom application.

In Maven,

```bash
./ssl-lagom
mvn lagom:runAll
```

The first time you run the script it will take some time to resolve and download some dependencies. Once
ready you'll be at the `sbt` console. Use the `runAll` command to start the Lagom gRPC Example:
In sbt,

```bash
sbt:lagom-java-grpc-example> runAll
sbt runAll
```

The `runAll` command starts Lagom in development mode. Once all the services are started you will see Lagom's start message:

```
```bash
...
[info] Service hello-proxy-impl listening for HTTP on 127.0.0.1:54328
[info] Service hello-proxy-impl listening for HTTPS on 127.0.0.1:65108
[info] Service hello-impl listening for HTTP on 127.0.0.1:65499
[info] Service hello-impl listening for HTTPS on 127.0.0.1:11000
[INFO] Service hello-impl listening for HTTP on 127.0.0.1:11000
[INFO] Service hello-proxy-impl listening for HTTP on 127.0.0.1:54328
[info] (Services started, press enter to stop and go back to the console...)
```

Expand All @@ -56,15 +53,15 @@ Hi Steve! (gRPC)

This application is built with two Lagom services (`hello` and `hello-proxy`) exposing the following endpoints:

```
```bash
GET /proxy/rest-hello/:id # served by hello-proxy-service (HTTP-JSON)
GET /proxy/grpc-hello/:id # served by hello-proxy-service (HTTP-JSON)
GET /api/hello/:id # served by hello-service (HTTP-JSON)
```

And also:

```
```bash
/helloworld.GreetingsService/sayHello # served by hello-service (gRPC)
```

Expand All @@ -82,7 +79,7 @@ curl http://localhost:9000/proxy/rest-hello/Alice

The following happens:

```
```bash
curl --(http)--> service gateway --(http)--> hello-proxy-service --(http)--> hello-service
```

Expand All @@ -94,40 +91,31 @@ curl http://localhost:9000/proxy/grpc-hello/Alice

The following happens

```
```bash
curl --(http)--> service gateway --(http)--> hello-proxy-service --(gRPC/https)--> hello-service
octonato marked this conversation as resolved.
Show resolved Hide resolved
```

## Testing the gRPC endpoints

The gRPC endpoints are not accessible via the Lagom Service Gateway so it's only possible to consume them from
another Lagom service or pointing a client directly to the `https - HTTP/2` port of the Lagom Service. Earlier we
another Lagom service or pointing a client directly to the `HTTP/2` port of the Lagom Service. Earlier we
saw that Lagom informs of the following bindings:

```
```bash
...
[info] Service hello-proxy-impl listening for HTTP on 127.0.0.1:54328
[info] Service hello-proxy-impl listening for HTTPS on 127.0.0.1:65108
[info] Service hello-impl listening for HTTP on 127.0.0.1:65499
[info] Service hello-impl listening for HTTPS on 127.0.0.1:11000
[INFO] Service hello-impl listening for HTTP on 127.0.0.1:11000
[INFO] Service hello-proxy-impl listening for HTTP on 127.0.0.1:54328
[info] (Services started, press enter to stop and go back to the console...)
```

You can test the gRPC endpoint using [grpcc](https://github.com/njpatel/grpcc). Because Lagom uses self-signed
certificates, you will have to export and trust the CA certificate:

```bash
keytool -export -alias sslconfig-selfsigned -keystore target/dev-mode/selfsigned.keystore -storepass "" -file trustedCA.crt
openssl x509 -in trustedCA.crt -out trustedCA.pem -inform DER -outform PEM
```

Once the CA certificate is extracted we can use `grpcc` to test the application:
You can test the gRPC endpoint using [gRPCurl](https://github.com/fullstorydev/grpcurl).
Note that for simplicity, this sample is disabling TLS, therefore it's possbile to call the `HTTP/2` endpoint without using https.

```bash
$ grpcc --proto hello-impl/src/main/protobuf/helloworld.proto \
--address localhost:11000 \
--eval 'client.sayHello({name:"Katherine"}, printReply)' \
--root_cert ./trustedCA.pem
$ grpcurl --proto hello-impl/src/main/protobuf/helloworld.proto \
-d '{"name": "Katherine" }' \
-plaintext 127.0.0.1:11000 \
helloworld.GreeterService.SayHello
{
"message": "Hi Katherine! (gRPC)"
}
Expand All @@ -136,8 +124,8 @@ $ grpcc --proto hello-impl/src/main/protobuf/helloworld.proto \
The command above:

1. Uses the gRPC description on `hello-impl/src/main/protobuf/helloworld.proto`
2. Connects to the `hello-impl` service using `https` at `localhost:11000` (trusting the CA used to build the `localhost:11000` certificate)
3. Sends a gRPC call `client.sayHello({name:"Katherine"},...)` (`grpcc` requires registering a callback, in this case `printReply` to send the response to the `stdout`).
1. Connects to the `hello-impl` service at `127.0.0.1:11000` using plaintext over `http`.
1. Sends a gRPC call `helloworld.GreeterService.SayHello` with `{"name": "Katherine" }` payload.

## References

Expand Down
3 changes: 1 addition & 2 deletions grpc-example/grpc-example-java/hello-impl/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -104,9 +104,8 @@
<artifactId>lagom-maven-plugin</artifactId>
<configuration>
<lagomService>true</lagomService>
<serviceHttpsPort>${hello-impl.https.port}</serviceHttpsPort>
<serviceHttpPort>${hello-impl.http.port}</serviceHttpPort>
<serviceAddress>127.0.0.1</serviceAddress>
<serviceEnableSsl>true</serviceEnableSsl>
</configuration>
</plugin>

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<configuration>

<conversionRule conversionWord="coloredLevel" converterClass="com.lightbend.lagom.internal.logback.ColoredLevel" />

<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%date{"HH:mm:ss.SSS"} %coloredLevel %logger [%mdc] - %msg%n</pattern>
</encoder>
</appender>

<!-- Set logging for all Play library classes to INFO -->
<logger name="play" level="INFO" />
<!-- Set logging for all Akka library classes to INFO -->
<logger name="akka" level="INFO" />
<!-- Set logging for all Lagom library classes to INFO -->
<logger name="com.lightbend.lagom" level="INFO" />

<logger name="io.grpc" level="INFO"/>
<logger name="io.perfmark.PerfMark" level="INFO"/>

<root level="debug">
<appender-ref ref="STDOUT" />
</root>
</configuration>
1 change: 0 additions & 1 deletion grpc-example/grpc-example-java/hello-proxy-impl/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,6 @@
<artifactId>lagom-maven-plugin</artifactId>
<configuration>
<lagomService>true</lagomService>
<serviceEnableSsl>true</serviceEnableSsl>
</configuration>
</plugin>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ akka.grpc.client {
service-discovery {
mechanism = "lagom-dev-mode"
service-name = "helloworld.GreeterService"
port-name = "https"
port-name = "http"
}
override-authority = "localhost"
deadline = 5s
connection-attempts = 5
use-tls = false
}

}
ignasi35 marked this conversation as resolved.
Show resolved Hide resolved

Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<configuration>

<conversionRule conversionWord="coloredLevel" converterClass="com.lightbend.lagom.internal.logback.ColoredLevel" />

<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%date{"HH:mm:ss.SSS"} %coloredLevel %logger [%mdc] - %msg%n</pattern>
</encoder>
</appender>

<!-- Set logging for all Play library classes to INFO -->
<logger name="play" level="INFO" />
<!-- Set logging for all Akka library classes to INFO -->
<logger name="akka" level="INFO" />
<!-- Set logging for all Lagom library classes to INFO -->
<logger name="com.lightbend.lagom" level="INFO" />

<logger name="io.grpc" level="INFO"/>
<logger name="io.perfmark.PerfMark" level="INFO"/>

<root level="debug">
<appender-ref ref="STDOUT" />
</root>
</configuration>
4 changes: 2 additions & 2 deletions grpc-example/grpc-example-java/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
<kafkaEnabled>false</kafkaEnabled>
<cassandraEnabled>false</cassandraEnabled>
<unmanagedServices>
<helloworld.GreeterService>https://127.0.0.1:${hello-impl.https.port}</helloworld.GreeterService>
<helloworld.GreeterService>http://127.0.0.1:${hello-impl.http.port}</helloworld.GreeterService>
</unmanagedServices>
</configuration>
</plugin>
Expand Down Expand Up @@ -82,6 +82,6 @@
<akka.grpc.version>1.0.2</akka.grpc.version>
<play.grpc.version>0.9.1</play.grpc.version>

<hello-impl.https.port>11000</hello-impl.https.port>
<hello-impl.http.port>11000</hello-impl.http.port>
</properties>
</project>
23 changes: 0 additions & 23 deletions grpc-example/grpc-example-java/ssl-lagom

This file was deleted.

25 changes: 9 additions & 16 deletions grpc-example/grpc-example-scala/build.sbt
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ val lagomGrpcTestkit = "com.lightbend.play" %% "lagom-scaladsl-grpc-testkit" % B
// TODO remove after upgrade Akka gRPC
val akkaHttp = "com.typesafe.akka" %% "akka-http2-support" % "10.1.12"

lagomServiceEnableSsl in ThisBuild := true
val `hello-impl-HTTPS-port` = 11000
val `hello-impl-HTTP-port` = 11000

def dockerSettings = Seq(
dockerUpdateLatest := true,
Expand All @@ -24,13 +23,6 @@ def dockerSettings = Seq(
dockerRepository := sys.props.get("docker.registry")
)

// ALL SETTINGS HERE ARE TEMPORARY WORKAROUNDS FOR KNOWN ISSUES OR WIP
def workaroundSettings: Seq[sbt.Setting[_]] = Seq(
// Lagom still can't register a service under the gRPC name so we hard-code
// the port and use the value to add the entry on the Service Registry
lagomServiceHttpsPort := `hello-impl-HTTPS-port`
)
octonato marked this conversation as resolved.
Show resolved Hide resolved

lazy val `lagom-scala-grpc-example` = (project in file("."))
.aggregate(`hello-api`, `hello-impl`, `hello-proxy-api`, `hello-proxy-impl`)

Expand All @@ -51,9 +43,11 @@ lazy val `hello-impl` = (project in file("hello-impl"))
AkkaGrpc.Client // the client is only used in tests. See https://github.com/akka/akka-grpc/issues/410
),
akkaGrpcExtraGenerators in Compile += PlayScalaServerCodeGenerator,
).settings(
workaroundSettings:_*
).settings(

// WORKAROUND: Lagom still can't register a service under the gRPC name so we hard-code
// the port and the use the value to add the entry on the Service Registry
lagomServiceHttpPort := `hello-impl-HTTP-port`,

libraryDependencies ++= Seq(
lagomScaladslTestKit,
macwire,
Expand Down Expand Up @@ -81,6 +75,7 @@ lazy val `hello-proxy-impl` = (project in file("hello-proxy-impl"))
libraryDependencies ++= Seq(
lagomScaladslAkkaDiscovery,
lagomScaladslTestKit,
playGrpcRuntime,
akkaHttp,
macwire,
scalaTest
Expand All @@ -101,13 +96,11 @@ lagomKafkaEnabled in ThisBuild := false

// This adds an entry on the LagomDevMode Service Registry. With this information on
// the Service Registry a client using Service Discovery to Lookup("helloworld.GreeterService")
// will get "https://localhost:11000" and then be able to send a request.
// See declaration and usages of `hello-impl-HTTPS-port`.
lagomUnmanagedServices in ThisBuild := Map("helloworld.GreeterService" -> s"https://localhost:${`hello-impl-HTTPS-port`}")
// will get "http://127.0.0.1:11000" and then be able to send a request.
lagomUnmanagedServices in ThisBuild := Map("helloworld.GreeterService" -> s"http://127.0.0.1:${`hello-impl-HTTP-port`}")

//----------------------------------


// Documentation for this project:
// sbt "project docs" "~ paradox"
// open docs/target/paradox/site/main/index.html
Expand Down
Loading