github.com/cs3org/reva/v2@v2.27.7/pkg/rgrpc/todo/pool/connection.go (about) 1 // Copyright 2018-2021 CERN 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 // In applying this license, CERN does not waive the privileges and immunities 16 // granted to it by virtue of its status as an Intergovernmental Organization 17 // or submit itself to any jurisdiction. 18 19 package pool 20 21 import ( 22 "crypto/tls" 23 "os" 24 "strconv" 25 26 rtrace "github.com/cs3org/reva/v2/pkg/trace" 27 "github.com/pkg/errors" 28 "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" 29 "google.golang.org/grpc" 30 "google.golang.org/grpc/credentials" 31 "google.golang.org/grpc/credentials/insecure" 32 ) 33 34 var ( 35 _defaultMaxCallRecvMsgSize = 10240000 36 ) 37 38 // NewConn creates a new connection to a grpc server 39 // with open census tracing support. 40 // TODO(labkode): make grpc tls configurable. 41 func NewConn(target string, opts ...Option) (*grpc.ClientConn, error) { 42 43 options := ClientOptions{} 44 if err := options.init(); err != nil { 45 return nil, err 46 } 47 48 // then overwrite with supplied options 49 for _, opt := range opts { 50 opt(&options) 51 } 52 53 var cred credentials.TransportCredentials 54 switch options.tlsMode { 55 case TLSOff: 56 cred = insecure.NewCredentials() 57 case TLSInsecure: 58 tlsConfig := tls.Config{ 59 InsecureSkipVerify: true, //nolint:gosec 60 } 61 cred = credentials.NewTLS(&tlsConfig) 62 case TLSOn: 63 if options.caCert != "" { 64 var err error 65 if cred, err = credentials.NewClientTLSFromFile(options.caCert, ""); err != nil { 66 return nil, err 67 } 68 } else { 69 // Use system's cert pool 70 cred = credentials.NewTLS(&tls.Config{}) 71 } 72 } 73 74 // NOTE: We need to configure some grpc options in a central place. 75 // If many services configure the (e.g.) gateway client differently, one will be pick randomly. This leads to inconsistencies when using the single binary. 76 // To avoid inconsistencies and race conditions we get the configuration here. 77 // Please do NOT follow the pattern of calling `os.Getenv` in the wild without consulting docu team first. 78 maxRcvMsgSize := _defaultMaxCallRecvMsgSize 79 if e := os.Getenv("OCIS_GRPC_MAX_RECEIVED_MESSAGE_SIZE"); e != "" { 80 s, err := strconv.Atoi(e) 81 if err != nil || s <= 0 { 82 return nil, errors.Wrap(err, "grpc max message size is not a valid int") 83 } 84 maxRcvMsgSize = s 85 } 86 87 conn, err := grpc.NewClient( 88 target, 89 grpc.WithTransportCredentials(cred), 90 grpc.WithDefaultCallOptions( 91 grpc.MaxCallRecvMsgSize(maxRcvMsgSize), 92 ), 93 grpc.WithDefaultServiceConfig(`{ 94 "loadBalancingPolicy":"round_robin" 95 }`), 96 /* we may want to retry more often than the default transparent retry, see https://grpc.io/docs/guides/retry/#retry-configuration 97 grpc.WithDefaultServiceConfig(`{ 98 "loadBalancingPolicy":"round_robin" 99 "methodConfig": [ 100 { 101 "name": [ 102 { "service": "grpc.examples.echo.Echo" } 103 ], 104 "retryPolicy": { 105 "maxAttempts": 3, 106 "initialBackoff": "0.1s", 107 "maxBackoff": "1s", 108 "backoffMultiplier": 2, 109 "retryableStatusCodes": ["UNAVAILABLE", "CANCELLED", "RESOURCE_EXHAUSTED", "DEADLINE_EXCEEDED"] 110 } 111 } 112 ] 113 }`), 114 */ 115 grpc.WithStatsHandler(otelgrpc.NewClientHandler( 116 otelgrpc.WithTracerProvider( 117 options.tracerProvider, 118 ), 119 otelgrpc.WithPropagators( 120 rtrace.Propagator, 121 ), 122 )), 123 ) 124 if err != nil { 125 return nil, err 126 } 127 128 return conn, nil 129 }