Add gRPC client parameters

Add gRPC client Add gRPC client Update comments Move client to a new grpc directory Move codec to a separate file Format Update comments Format Refactor Change after review Update Node macro Run running_average Update scripts Update examples Run examples with the Rust Oak Loader Delete default from rustfmt Decode GrpcResponse Use Rust Loader in aggregator Remove io Remove additional rust configs Update scripts Reenable tests; Add Node stubs Fix gRPC client connection Work on abitest fix
project-oak · May 18, 2020 · 53d44ec · 53d44ec
1 parent 54e2ab2
commit 53d44ec
Show file tree

Hide file tree

Showing 46 changed files with 755 additions and 286 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/docs/programming-oak.md b/docs/programming-oak.md
@@ -50,12 +50,14 @@ so the Oak SDK knows how to instantiate it:
 ```Rust
 oak::entrypoint!(oak_main => {
     oak::logger::init_default();
-    Node {
+    let node = Node {
         training_set_size: 1000,
         test_set_size: 1000,
         config: None,
         model: NaiveBayes::new(),
-    }
+    };
+    let grpc_channel = oak::grpc::server::init_default();
+    oak::run_event_loop(node, grpc_channel);
 });
 ```
 <!-- prettier-ignore-end -->
@@ -95,7 +97,9 @@ with the automatically generated `Dispatcher`, as described in the next section.
 ```Rust
 oak::entrypoint!(oak_main => {
     oak::logger::init_default();
-    FormatServiceDispatcher::new(Node)
+    let dispatcher = FormatServiceDispatcher::new(Node);
+    let grpc_channel = oak::grpc::server::init_default();
+    oak::run_event_loop(dispatcher, grpc_channel);
 }
 ```
 <!-- prettier-ignore-end -->
@@ -119,12 +123,13 @@ method from the Rust standard library:
 [embedmd]:# (../examples/abitest/module_0/rust/src/lib.rs Rust /^#.*no_mangle.*/ /^}/)
 ```Rust
 #[no_mangle]
-pub extern "C" fn frontend_oak_main(in_handle: u64) {
+pub extern "C" fn frontend_oak_main(_: u64) {
     let _ = std::panic::catch_unwind(|| {
         oak::set_panic_hook();
         let node = FrontendNode::new();
         let dispatcher = OakAbiTestServiceDispatcher::new(node);
-        oak::run_event_loop(dispatcher, in_handle);
+        let grpc_channel = oak::grpc::server::init_default();
+        oak::run_event_loop(dispatcher, grpc_channel);
     });
 }
 ```
@@ -217,6 +222,14 @@ node_configs {
     module_bytes: "<bytes>"
   }
 }
+node_configs {
+  name: "grpc-server"
+  grpc_server_config {
+    address: "[::]:8080"
+    grpc_tls_private_key: "<bytes>"
+    grpc_tls_certificate: "<bytes>"
+  }
+}
 node_configs {
   name: "log"
   log_config {}

diff --git a/examples/abitest/client/abitest.cc b/examples/abitest/client/abitest.cc
@@ -31,8 +31,10 @@
 #include "oak/server/storage/memory_provider.h"
 #include "oak/server/storage/storage_service.h"
 
-ABSL_FLAG(std::string, address, "127.0.0.1:8080", "Address of the Oak application to connect to");
+ABSL_FLAG(std::string, address, "localhost:8080", "Address of the Oak application to connect to");
 ABSL_FLAG(std::string, ca_cert, "", "Path to the PEM-encoded CA root certificate");
+ABSL_FLAG(std::string, private_key, "", "Path to the private key");
+ABSL_FLAG(std::string, cert_chain, "", "Path to the PEM-encoded certificate chain");
 ABSL_FLAG(int, storage_port, 7867,
           "Port on which the test Storage Server listens; set to zero to disable.");
 ABSL_FLAG(int, grpc_test_port, 7878,
@@ -139,11 +141,11 @@ void run_storage_server(int storage_port, grpc::Server** storage_server) {
   LOG(INFO) << "Storage server done";
 }
 
-void run_grpc_test_server(int grpc_test_port, grpc::Server** grpc_test_server) {
+void run_grpc_test_server(int grpc_test_port, grpc::Server** grpc_test_server,
+                          std::shared_ptr<grpc::ServerCredentials> credentials) {
   LOG(INFO) << "Creating test gRPC service on :" << grpc_test_port;
   grpc::ServerBuilder builder;
   std::string server_address = absl::StrCat("[::]:", grpc_test_port);
-  std::shared_ptr<grpc::ServerCredentials> credentials = grpc::InsecureServerCredentials();
   builder.AddListeningPort(server_address, credentials);
 
   oak::test::GrpcTestServer grpc_test_service;
@@ -158,9 +160,30 @@ void run_grpc_test_server(int grpc_test_port, grpc::Server** grpc_test_server) {
 
 }  // namespace
 
+std::shared_ptr<grpc::ServerCredentials> create_grpc_credentials(std::string ca_cert) {
+  std::string private_key_path = absl::GetFlag(FLAGS_private_key);
+  std::string cert_chain_path = absl::GetFlag(FLAGS_cert_chain);
+  if (private_key_path.empty()) {
+    OAK_LOG(FATAL) << "No private key file specified.";
+  }
+  if (cert_chain_path.empty()) {
+    OAK_LOG(FATAL) << "No certificate chain file specified.";
+  }
+  std::string private_key = oak::utils::read_file(private_key_path);
+  std::string cert_chain = oak::utils::read_file(cert_chain_path);
+
+  grpc::SslServerCredentialsOptions::PemKeyCertPair key_cert_pair = {private_key, cert_chain};
+  grpc::SslServerCredentialsOptions options;
+  options.pem_root_certs = ca_cert;
+  options.pem_key_cert_pairs.push_back(key_cert_pair);
+  return grpc::SslServerCredentials(options);
+}
+
 int main(int argc, char** argv) {
   absl::ParseCommandLine(argc, argv);
 
+  std::string ca_cert = oak::ApplicationClient::LoadRootCert(absl::GetFlag(FLAGS_ca_cert));
+
   int storage_port = absl::GetFlag(FLAGS_storage_port);
   std::unique_ptr<std::thread> storage_thread;
   grpc::Server* storage_server;
@@ -172,17 +195,18 @@ int main(int argc, char** argv) {
   int grpc_test_port = absl::GetFlag(FLAGS_grpc_test_port);
   std::unique_ptr<std::thread> grpc_test_thread;
   grpc::Server* grpc_test_server;
+
   if (grpc_test_port > 0) {
-    grpc_test_thread =
-        absl::make_unique<std::thread>(run_grpc_test_server, grpc_test_port, &grpc_test_server);
+    std::shared_ptr<grpc::ServerCredentials> grpc_credentials = create_grpc_credentials(ca_cert);
+    grpc_test_thread = absl::make_unique<std::thread>(run_grpc_test_server, grpc_test_port,
+                                                      &grpc_test_server, grpc_credentials);
   }
 
   const std::string& include = absl::GetFlag(FLAGS_test_include);
   const std::string& exclude = absl::GetFlag(FLAGS_test_exclude);
 
   // Connect to the Oak Application.
   std::string address = absl::GetFlag(FLAGS_address);
-  std::string ca_cert = oak::ApplicationClient::LoadRootCert(absl::GetFlag(FLAGS_ca_cert));
   LOG(INFO) << "Connecting to Oak Application: " << address;
 
   auto stub =

diff --git a/examples/abitest/config/config.textproto b/examples/abitest/config/config.textproto
@@ -26,17 +26,27 @@ node_configs {
     address: "test.invalid:9999"
   }
 }
+node_configs {
+  name: "grpc-server"
+  grpc_server_config {
+    address: "[::]:8080"
+    grpc_tls_private_key: "<bytes>"
+    grpc_tls_certificate: "<bytes>"
+  }
+}
 node_configs {
   name: "grpc-client"
   grpc_client_config {
     uri: "https://localhost:7878"
+    root_tls_certificate: "<bytes>"
     address: "localhost:7878"
   }
 }
 node_configs {
   name: "absent-grpc-client"
   grpc_client_config {
-    uri: "https://localhost:9999"
+    uri: "https://test.invalid:9999"
+    root_tls_certificate: "<bytes>"
     address: "test.invalid:9999"
   }
 }