-
Notifications
You must be signed in to change notification settings - Fork 73
Server: Authentication
Gruf comes packaged in with a Basic Authentication interceptor. It takes in an array of supported username and password pairs (or password-only credentials).
In Server:
Gruf.configure do |c|
c.interceptors.use(
Gruf::Interceptors::Authentication::Basic,
credentials: [{
username: 'my-username-here',
password: 'my-password-here',
},{
username: 'another-username',
password: 'another-password',
},{
password: 'a-password-only'
}]
)
endIn Client:
require 'gruf'
id = args[:id].to_i.presence || 1
options = {
username: ENV.fetch('DEMO_THING_SERVICE_USERNAME'),
password: ENV.fetch('DEMO_THING_SERVICE_PASSWORD')
}
begin
client = ::Gruf::Client.new(service: ::Demo::ThingService, options: options)
response = client.call(:GetMyThing, id: id)
puts response.message.inspect
rescue Gruf::Client::Error => e
puts e.error.inspect
endSupporting an array of credentials allow for unique credentials per service, or for easy credential rotation with zero downtime.
We don't recommend using TLS for gRPC, but instead using something like linkerd for TLS encryption between services. If you need it, however, this library supports TLS.
For the client, you'll need to point to the public certificate:
::Gruf::Client.new(
service: Demo::ThingService,
options: {
ssl_certificate: 'x509 public certificate here',
# OR
ssl_certificate_file: '/path/to/my.crt'
}
)If you want to run a server you'll need both the CRT and the key file if you want to do credentialed auth:
Gruf.configure do |c|
c.use_ssl = true
c.ssl_crt_file = "#{Rails.root}/config/ssl/#{Rails.env}.crt"
c.ssl_key_file = "#{Rails.root}/config/ssl/#{Rails.env}.key"
endThe authentication setup for gruf is just an interceptor, so implementing an alternative authentication method is as simple as creating a new interceptor for it.
Next: Server: Interceptors