a Nodejs version of GRPCurl ??
57 views
Skip to first unread message
books
Sep 25, 2018, 9:49:56 AM9/25/18
to grp...@googlegroups.com
prefer nodejs flexibility of programming without compilation of code,
need to talk to a GRPC Server written in Go, met some problems with
this createSsl call,
https://grpc.io/grpc/node/grpc.credentials.html#.createSsl__anchor
with grpcurl I can debug with the GRPC Server (written in Go), using
these cacert, cert, key, and insecure the grpcurl is able to talk with
this GRPC Server written in Go, but with nodejs grpc.credentials
either createSsl or createInsecure call it's confused, always saying
bad cert,
I am thinking
1) if anyone seen a Nodejs version of GRPCurl, I may learn some code from there,
https://github.com/fullstorydev/grpcurl
2) what's the terminology mapping? between Go code uses
cacert/cert/key to the Nodejs uses root_cert, private_key,
cert_chain ?
<static> createSsl( [root_certs] [, private_key] [, cert_chain])
Create an SSL Credentials object. If using a client-side certificate,
both the second and third arguments must be passed. Additional peer
verification options can be passed in the fourth argument as described
below.
Parameters:
Name Type Argument Description
root_certs Buffer <optional>
The root certificate data
private_key Buffer <optional>
The client certificate private key, if applicable
cert_chain Buffer <optional>
The client certificate cert chain, if applicable
verify_options.checkServerIdentity function
Optional callback receiving the expected hostname and peer certificate
for additional verification. The callback should return an Error if
verification fails and otherwise return undefined.
3) the nodejs code is calling npm package `@grpc/proto-loader` to load
*.proto but GRPCurl support protoset binary version of protobuf
definition as plaintext *.proto as well, wonder if Nodejs GRPC has
similar binary protoset support?
https://github.com/grpc/grpc/blob/v1.15.0/examples/node/dynamic_codegen/route_guide/route_guide_client.js
$ grpcurl --help
-cacert string
File containing trusted root certificates for verifying the server.
Ignored if -insecure is specified.
-cert string
File containing client certificate (public key), to present to the
server. Not valid with -plaintext option. Must also
provide -key option.
-key string
File containing client private key, to present to the server. Not valid
with -plaintext option. Must also provide -cert option.
-insecure
Skip server certificate and domain verification. (NOT SECURE!). Not
valid with -plaintext option.
-protoset value
The name of a file containing an encoded FileDescriptorSet. This file's
contents will be used to determine the RPC schema
instead of querying
for it from the remote server via the GRPC reflection
API. When set: the
'list' action lists the services found in the given
descriptors (vs.
those exposed by the remote server), and the
'describe' action describes
symbols found in the given descriptors. May specify
more than one via
multiple -protoset flags. It is an error to use both
-protoset and
-proto flags.
need to talk to a GRPC Server written in Go, met some problems with
this createSsl call,
https://grpc.io/grpc/node/grpc.credentials.html#.createSsl__anchor
with grpcurl I can debug with the GRPC Server (written in Go), using
these cacert, cert, key, and insecure the grpcurl is able to talk with
this GRPC Server written in Go, but with nodejs grpc.credentials
either createSsl or createInsecure call it's confused, always saying
bad cert,
I am thinking
1) if anyone seen a Nodejs version of GRPCurl, I may learn some code from there,
https://github.com/fullstorydev/grpcurl
2) what's the terminology mapping? between Go code uses
cacert/cert/key to the Nodejs uses root_cert, private_key,
cert_chain ?
<static> createSsl( [root_certs] [, private_key] [, cert_chain])
Create an SSL Credentials object. If using a client-side certificate,
both the second and third arguments must be passed. Additional peer
verification options can be passed in the fourth argument as described
below.
Parameters:
Name Type Argument Description
root_certs Buffer <optional>
The root certificate data
private_key Buffer <optional>
The client certificate private key, if applicable
cert_chain Buffer <optional>
The client certificate cert chain, if applicable
verify_options.checkServerIdentity function
Optional callback receiving the expected hostname and peer certificate
for additional verification. The callback should return an Error if
verification fails and otherwise return undefined.
3) the nodejs code is calling npm package `@grpc/proto-loader` to load
*.proto but GRPCurl support protoset binary version of protobuf
definition as plaintext *.proto as well, wonder if Nodejs GRPC has
similar binary protoset support?
https://github.com/grpc/grpc/blob/v1.15.0/examples/node/dynamic_codegen/route_guide/route_guide_client.js
$ grpcurl --help
-cacert string
File containing trusted root certificates for verifying the server.
Ignored if -insecure is specified.
-cert string
File containing client certificate (public key), to present to the
server. Not valid with -plaintext option. Must also
provide -key option.
-key string
File containing client private key, to present to the server. Not valid
with -plaintext option. Must also provide -cert option.
-insecure
Skip server certificate and domain verification. (NOT SECURE!). Not
valid with -plaintext option.
-protoset value
The name of a file containing an encoded FileDescriptorSet. This file's
contents will be used to determine the RPC schema
instead of querying
for it from the remote server via the GRPC reflection
API. When set: the
'list' action lists the services found in the given
descriptors (vs.
those exposed by the remote server), and the
'describe' action describes
symbols found in the given descriptors. May specify
more than one via
multiple -protoset flags. It is an error to use both
-protoset and
-proto flags.
Josh Humphries
Sep 25, 2018, 10:15:15 AM9/25/18
to den...@gmail.com, grpc.io
On Tue, Sep 25, 2018 at 9:49 AM books <den...@gmail.com> wrote:
prefer nodejs flexibility of programming without compilation of code,
need to talk to a GRPC Server written in Go, met some problems with
this createSsl call,
https://grpc.io/grpc/node/grpc.credentials.html#.createSsl__anchor
with grpcurl I can debug with the GRPC Server (written in Go), using
these cacert, cert, key, and insecure the grpcurl is able to talk with
this GRPC Server written in Go, but with nodejs grpc.credentials
either createSsl or createInsecure call it's confused, always saying
bad cert,
I am thinking
1) if anyone seen a Nodejs version of GRPCurl, I may learn some code from there,
https://github.com/fullstorydev/grpcurl
I don't know of a Node.js version of gRPCurl, but I do know of some other dynamic gRPC stuff written in Node.js. @konsumer on GitHub has done a lot of stuff with this. A quick scan of those repos reveals this: https://github.com/konsumer/grpc-dynamic-gateway
It's not gRPCurl, but it does use dynamic gRPC, so you might glean what you need from the source for it.
2) what's the terminology mapping? between Go code uses
cacert/cert/key to the Nodejs uses root_cert, private_key,
cert_chain ?
root_cert == cacert
This is one or more certificates for trusted "root certificate authorities"
cert == cert_chain
This is the full certificate that the server presents, including its public key as well as the full chain of trust (e.g. certificate issuer/authority signatures)
key == private_key
This is the private key that corresponds to the public key in the server's certificate
--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CAJctwx4kO-fxRGRNjap%3D23vCmvfqO5DBF25G8qKhbfRjbQHjZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
books
Sep 25, 2018, 11:57:25 AM9/25/18
to jh...@bluegosling.com, grp...@googlegroups.com
On Tue, Sep 25, 2018 at 7:15 AM Josh Humphries <jh...@bluegosling.com> wrote:
>> 1) if anyone seen a Nodejs version of GRPCurl, I may learn some code from there,
>> https://github.com/fullstorydev/grpcurl
>
> I don't know of a Node.js version of gRPCurl, but I do know of some other dynamic gRPC stuff written in Node.js. @konsumer on GitHub has done a lot of stuff with this. A quick scan of those repos reveals this: https://github.com/konsumer/grpc-dynamic-gateway
> It's not gRPCurl, but it does use dynamic gRPC, so you might glean what you need from the source for it.
Thanks for the great information about grpc-dynamic-gateway project,
>> 1) if anyone seen a Nodejs version of GRPCurl, I may learn some code from there,
>> https://github.com/fullstorydev/grpcurl
>
> I don't know of a Node.js version of gRPCurl, but I do know of some other dynamic gRPC stuff written in Node.js. @konsumer on GitHub has done a lot of stuff with this. A quick scan of those repos reveals this: https://github.com/konsumer/grpc-dynamic-gateway
> It's not gRPCurl, but it does use dynamic gRPC, so you might glean what you need from the source for it.
while it seems lack support of multiple proto_path
filed an issue there
https://github.com/konsumer/grpc-dynamic-gateway/issues/15 also
ask here if anyone in the mailing list has an answer
the protoc compilation support `--proto_path=` to be specified
multiple times, but this project seems not? because in a real large
project, there are multiple proto definition files in a complex
hierarchy ...
```console
$ protoc --help
Usage: protoc [OPTION] PROTO_FILES
Parse PROTO_FILES and generate output based on the options given:
-IPATH, --proto_path=PATH Specify the directory in which to search for
imports. May be specified multiple times;
directories will be searched in order. If not
given, the current working directory is used.
-oFILE, Writes a FileDescriptorSet (a protocol buffer,
--descriptor_set_out=FILE defined in descriptor.proto) containing all of
the input files to FILE.
```
I read the code seems requiring the `include` to be one string only?
https://github.com/konsumer/grpc-dynamic-gateway/blob/master/index.js#L37
While, I've tried to touch the code a bit if I can make it working,
but the `grpc.load({ file: p, root: include })` call seems
undocumented? there are a lot of Nodejs GRPC API is definitely lack of
Documentation , while, do you know if it support multiple include
proto path?
https://grpc.io/grpc/node/grpc.html#.load__anchor
Another possibility is I see protoc can compile the complex hierarchy
`*.proto` into a single protoset binary file, and it's well supported
by tools like `grpcurl` Are you aware if nodejs-grpc has similar
protoset-files support?
https://github.com/fullstorydev/grpcurl#protoset-files
I've google searched grpc + nodejs + protoset support seems nothing
>
>>
>> 2) what's the terminology mapping? between Go code uses
>> cacert/cert/key to the Nodejs uses root_cert, private_key,
>> cert_chain ?
>
>
> root_cert == cacert
> This is one or more certificates for trusted "root certificate authorities"
>
> cert == cert_chain
> This is the full certificate that the server presents, including its public key as well as the full chain of trust (e.g. certificate issuer/authority signatures)
>
> key == private_key
> This is the private key that corresponds to the public key in the server's certificate
, But ...
>
>>
>>
>> <static> createSsl( [root_certs] [, private_key] [, cert_chain])
>> Create an SSL Credentials object. If using a client-side certificate,
>> both the second and third arguments must be passed. Additional peer
>> verification options can be passed in the fourth argument as described
>> below.
>>
>> Parameters:
>> Name Type Argument Description
>> root_certs Buffer <optional>
>> The root certificate data
>>
>> private_key Buffer <optional>
>> The client certificate private key, if applicable
>>
>> cert_chain Buffer <optional>
>> The client certificate cert chain, if applicable
>>
>> verify_options.checkServerIdentity function
>> Optional callback receiving the expected hostname and peer certificate
>> for additional verification. The callback should return an Error if
>> verification fails and otherwise return undefined.
inherited project gives me ca.pem client.pem client-key.pem and also
*.csr files, I've tried load each of them, always got a Connect
Failed...
// these 3 pem files can get working with grpcurl ...
const client = new api.Api(
'<server:port>',
grpc.credentials.createSsl(
fs.readFileSync('./testdata/tls/ca.pem'),
// ca, key, cert,
fs.readFileSync('./testdata/tls/client-key.pem'),
fs.readFileSync('./testdata/tls/client.pem'),
{ checkServerIdentity: function(){} },
// I've tried set the 4th parameter as an object with empty
verify_options.checkServerIdentity function to return undefined, but
not helpful
));
console.log(client.SomeGRPCAPICall({}, (err, obj) => {
console.log(new Date, 'ERROR:', err, obj);
}));
All got result:
ClientUnaryCall {
_events: {},
_eventsCount: 0,
_maxListeners: undefined,
call:
InterceptingCall {
next_call: InterceptingCall { next_call: null, requester: [Object] },
requester: undefined } }
2018-09-25T15:48:34.796Z 'ERROR:' { Error: 14 UNAVAILABLE: Connect Failed ...
Reply all
Reply to author
Forward
0 new messages