Auto-Merge pull request #2593 from octo/ff/grpc

Automatically merged due to "Automerge" label

diff --git a/configure.ac b/configure.ac
index e869a6a..db4cae6 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2635,6 +2635,7 @@ AC_ARG_WITH([libgrpc++],
     if test "x$withval" != "xno" && test "x$withval" != "xyes"; then
       with_libgrpcpp_cppflags="-I$withval/include"
       with_libgrpcpp_ldflags="-L$withval/lib"
+      with_libgrpcpp_bin="$withval/bin"
       with_libgrpcpp="yes"
     fi
     if test "x$withval" = "xno"; then
@@ -2714,7 +2715,11 @@ AC_SUBST([BUILD_WITH_LIBGRPCPP_LIBS])
 # }}}
 
 AC_ARG_VAR([GRPC_CPP_PLUGIN], [path to the grpc_cpp_plugin binary])
-AC_PATH_PROG([GRPC_CPP_PLUGIN], [grpc_cpp_plugin])
+if test "x$with_libgrpcpp_bin" = "x"; then
+  AC_PATH_PROG([GRPC_CPP_PLUGIN], [grpc_cpp_plugin])
+else
+  AC_PATH_PROG([GRPC_CPP_PLUGIN], [grpc_cpp_plugin], [], "$with_libgrpcpp_bin:$PATH")
+fi
 AM_CONDITIONAL([HAVE_GRPC_CPP], [test "x$GRPC_CPP_PLUGIN" != "x"])
 
 # --with-libiptc {{{
@@ -6378,8 +6383,18 @@ if test "x$with_libgps" = "xyes"; then
   plugin_gps="yes"
 fi
 
-if test "x$with_libgrpcpp" = "xyes" && test "x$with_libprotobuf" = "xyes" && test "x$have_protoc3" = "xyes" && test "x$GRPC_CPP_PLUGIN" != "x"; then
-  plugin_grpc="yes"
+plugin_grpc="yes"
+if test "x$GRPC_CPP_PLUGIN" = "x"; then
+  plugin_grpc="no (grpc_cpp_plugin not found)"
+fi
+if test "x$have_protoc3" != "xyes"; then
+  plugin_grpc="no (protoc3 not found)"
+fi
+if test "x$with_libprotobuf" != "xyes"; then
+  plugin_grpc="no (libprotobuf not found)"
+fi
+if test "x$with_libgrpcpp" != "xyes"; then
+  plugin_grpc="no (libgrpc++ not found)"
 fi
 
 if test "x$have_getifaddrs" = "xyes"; then

diff --git a/src/collectd.conf.in b/src/collectd.conf.in
index 4efa29e..2b54a6e 100644 (file)
--- a/src/collectd.conf.in
+++ b/src/collectd.conf.in
@@ -643,6 +643,7 @@
 #              SSLCACertificateFile "/path/to/root.pem"
 #              SSLCertificateFile "/path/to/client.pem"
 #              SSLCertificateKeyFile "/path/to/client.key"
+#              VerifyPeer true
 #      </Listen>
 #</Plugin>
 

diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod
index 0e7a604..c8cd7e5 100644 (file)
--- a/src/collectd.conf.pod
+++ b/src/collectd.conf.pod
@@ -3094,6 +3094,13 @@ Whether to enable SSL for incoming connections. Default: false.
 Filenames specifying SSL certificate and key material to be used with SSL
 connections.
 
+=item B<VerifyPeer> B<true>|B<false>
+
+When enabled, a valid client certificate is required to connect to the server.
+When disabled, a client certifiacte is not requested and any unsolicited client
+certificate is accepted.
+Enabled by default.
+
 =back
 
 =back

diff --git a/src/grpc.cc b/src/grpc.cc
index 0f5cfec..314e9b0 100644 (file)
--- a/src/grpc.cc
+++ b/src/grpc.cc
@@ -56,7 +56,8 @@ using collectd::QueryValuesResponse;
 
 using google::protobuf::util::TimeUtil;
 
-typedef google::protobuf::Map<grpc::string, collectd::types::MetadataValue> grpcMetadata;
+typedef google::protobuf::Map<grpc::string, collectd::types::MetadataValue>
+    grpcMetadata;
 
 /*
  * private types
@@ -175,10 +176,11 @@ static grpc::Status marshal_meta_data(meta_data_t *meta,
     switch (md_type) {
     case MD_TYPE_STRING:
       char *md_string;
-      if (meta_data_get_string(meta, key, &md_string) != 0 || md_string == nullptr) {
+      if (meta_data_get_string(meta, key, &md_string) != 0 ||
+          md_string == nullptr) {
         strarray_free(meta_data_keys, meta_data_keys_len);
         return grpc::Status(grpc::StatusCode::INTERNAL,
-                          grpc::string("missing metadata"));
+                            grpc::string("missing metadata"));
       }
       md_value.set_string_value(md_string);
       free(md_string);
@@ -188,7 +190,7 @@ static grpc::Status marshal_meta_data(meta_data_t *meta,
       if (meta_data_get_signed_int(meta, key, &int64_value) != 0) {
         strarray_free(meta_data_keys, meta_data_keys_len);
         return grpc::Status(grpc::StatusCode::INTERNAL,
-                          grpc::string("missing metadata"));
+                            grpc::string("missing metadata"));
       }
       md_value.set_int64_value(int64_value);
       break;
@@ -197,7 +199,7 @@ static grpc::Status marshal_meta_data(meta_data_t *meta,
       if (meta_data_get_unsigned_int(meta, key, &uint64_value) != 0) {
         strarray_free(meta_data_keys, meta_data_keys_len);
         return grpc::Status(grpc::StatusCode::INTERNAL,
-                          grpc::string("missing metadata"));
+                            grpc::string("missing metadata"));
       }
       md_value.set_uint64_value(uint64_value);
       break;
@@ -206,7 +208,7 @@ static grpc::Status marshal_meta_data(meta_data_t *meta,
       if (meta_data_get_double(meta, key, &double_value) != 0) {
         strarray_free(meta_data_keys, meta_data_keys_len);
         return grpc::Status(grpc::StatusCode::INTERNAL,
-                          grpc::string("missing metadata"));
+                            grpc::string("missing metadata"));
       }
       md_value.set_double_value(double_value);
       break;
@@ -215,7 +217,7 @@ static grpc::Status marshal_meta_data(meta_data_t *meta,
       if (meta_data_get_boolean(meta, key, &bool_value) != 0) {
         strarray_free(meta_data_keys, meta_data_keys_len);
         return grpc::Status(grpc::StatusCode::INTERNAL,
-                          grpc::string("missing metadata"));
+                            grpc::string("missing metadata"));
       }
       md_value.set_bool_value(bool_value);
       break;
@@ -241,7 +243,7 @@ static grpc::Status unmarshal_meta_data(const grpcMetadata &rpc_metadata,
     return grpc::Status(grpc::StatusCode::RESOURCE_EXHAUSTED,
                         grpc::string("failed to metadata list"));
   }
-  for (auto kv: rpc_metadata) {
+  for (auto kv : rpc_metadata) {
     auto k = kv.first.c_str();
     auto v = kv.second;
 
@@ -267,8 +269,8 @@ static grpc::Status unmarshal_meta_data(const grpcMetadata &rpc_metadata,
       break;
     default:
       meta_data_destroy(*md_out);
-      return  grpc::Status(grpc::StatusCode::INVALID_ARGUMENT,
-                           grpc::string("Metadata of unknown type"));
+      return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT,
+                          grpc::string("Metadata of unknown type"));
     }
   }
   return grpc::Status::OK;
@@ -482,8 +484,9 @@ private:
         break;
       }
       if (uc_iterator_get_meta(iter, &vl.meta) < 0) {
-        status = grpc::Status(grpc::StatusCode::INTERNAL,
-                              grpc::string("failed to retrieve value metadata"));
+        status =
+            grpc::Status(grpc::StatusCode::INTERNAL,
+                         grpc::string("failed to retrieve value metadata"));
       }
 
       value_lists->push(vl);
@@ -626,7 +629,8 @@ static int c_grpc_config_listen(oconfig_item_t *ci) {
   listener.port = grpc::string(ci->values[1].value.string);
   listener.ssl = nullptr;
 
-  auto ssl_opts = new (grpc::SslServerCredentialsOptions);
+  auto ssl_opts = new grpc::SslServerCredentialsOptions(
+      GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
   grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp = {};
   bool use_ssl = false;
 
@@ -659,6 +663,14 @@ static int c_grpc_config_listen(oconfig_item_t *ci) {
         return -1;
       }
       pkcp.cert_chain = read_file(cert);
+    } else if (!strcasecmp("VerifyPeer", child->key)) {
+      _Bool verify = 0;
+      if (cf_util_get_boolean(child, &verify)) {
+        return -1;
+      }
+      ssl_opts->client_certificate_request =
+          verify ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
+                 : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
     } else {
       WARNING("grpc: Option `%s` not allowed in <%s> block.", child->key,
               ci->key);