Skip to content

feat: tls connectivity for grpc syncs #398

Closed
Kavindu-Dodan wants to merge 4 commits intoopen-feature:mainfrom
Kavindu-Dodan:feature/grpc-tls
Closed

feat: tls connectivity for grpc syncs #398
Kavindu-Dodan wants to merge 4 commits intoopen-feature:mainfrom
Kavindu-Dodan:feature/grpc-tls

Conversation

@Kavindu-Dodan
Copy link
Copy Markdown
Contributor

@Kavindu-Dodan Kavindu-Dodan commented Feb 9, 2023
edited
Loading

This PR

Note - based on open pr #297

Introduce TLS connectivity for GRPC sync provider.

TLS can be enabled using schema grpcs://. For example,

./flagd start --uri grpcs://localhost:8090

Further, a self-sign certificate can be provided for TLS connectivity using startup arguments -g, --grpc-cert-path string. For example,

./flagd start --uri grpcs://localhost:8090 -g <CA_CERT>

Additional

  • Refactoring to isolate grpc connection handling
  • Unit tests to cover connection retry attempts

How to test

Start mock server impl - https://github.com/Kavindu-Dodan/flagd-grpc-sync-server & then run flagd with grpc tls

@Kavindu-Dodan Kavindu-Dodan force-pushed the feature/grpc-tls branch 3 times, most recently from 63f3b50 to 62eff66 Compare February 10, 2023 18:00
@codecov
Copy link
Copy Markdown

codecov Bot commented Feb 10, 2023
edited
Loading

Codecov Report

Merging #398 (ace6e23) into main (5a6a5d5) will increase coverage by 2.71%.
The diff coverage is 73.84%.

@@            Coverage Diff             @@
##             main     #398      +/-   ##
==========================================
+ Coverage   63.92%   66.64%   +2.71%     
==========================================
  Files          11       11              
  Lines        1325     1364      +39     
==========================================
+ Hits          847      909      +62     
+ Misses        428      400      -28     
- Partials       50       55       +5
Impacted Files Coverage Δ
pkg/sync/grpc/grpc_sync.go 74.66% <73.84%> (+29.62%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@Kavindu-Dodan Kavindu-Dodan force-pushed the feature/grpc-tls branch 2 times, most recently from f17fa4a to 033b8f7 Compare February 10, 2023 20:49
@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Feb 13, 2023
Merged
@Kavindu-Dodan Kavindu-Dodan force-pushed the feature/grpc-tls branch 4 times, most recently from 11e012d to 34787d2 Compare February 14, 2023 22:25
@Kavindu-Dodan Kavindu-Dodan marked this pull request as ready for review February 14, 2023 22:38
Kavindu-Dodan added a commit that referenced this pull request Feb 15, 2023
@Kavindu-Dodan @james-milligan @skyerus
feat: introduce grpc sync for flagd (#297)
33413f2 
## This PR

Attempts to resolve #249 by introducing grpc sync provider to flagd.

OFEP [approved] -
https://github.com/open-feature/ofep/blob/main/OFEP-flagd-grpc-sync.md

### How to test/run ?

Flagd acts as the grpc client, hence you need at least a minimal mock
server. For this, you can utilize this [1] server implementation.

Startup arguments of flagd now support grpc target uri. This can be
provided with `grpc://` , for example,

`./flagd start --uri grpc://localhost:8090`

### Technical highlights

- GRPC protobuf definitions are available in buf [2] and are backed by
the schema repository (https://github.com/open-feature/schemas)
- Initial connection must be successful (i.e- grpc server/target must be
accepting connections)
- Subsequent server connection losses will not result in a runtime
failure and connection re-establishment attempts will be performed

### What is not included (follow up improvements)

- Connection security: This version does not enforce connection
security. This will be addressed with follow-up improvements (ex:- TLS
enabled connections). Hence, strongly recommends not using this version
in production scenarios (fixed by #398)
- Server implementations: This sync provider was designed to be open and
connects to any server implementation. Hence there is no default server
implementation. You may create your own server implementation based on
grpc schemas.


[1] - https://github.com/Kavindu-Dodan/flagd-grpc-sync-server
[2] - https://buf.build/open-feature/flagd

---------

Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
Signed-off-by: Kavindu Dodanduwa <Kavindu-Dodan@users.noreply.github.com>
Co-authored-by: James Milligan <75740990+james-milligan@users.noreply.github.com>
Co-authored-by: Skye Gill <gill.skye95@gmail.com>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feature/grpc-tls branch 2 times, most recently from 0bd19c3 to f39c27a Compare February 15, 2023 16:33
toddbaert
toddbaert reviewed Feb 15, 2023
View reviewed changes
Comment thread cmd/start.go Outdated
toddbaert
toddbaert reviewed Feb 15, 2023
View reviewed changes
Comment thread cmd/start.go Outdated
toddbaert
toddbaert approved these changes Feb 15, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@toddbaert toddbaert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few minor comments, but it looks good to me. Tests also seem good, uncovered lines look to be mostly unrecoverable error conditions and coverage is good otherwise.

@Kavindu-Dodan Kavindu-Dodan force-pushed the feature/grpc-tls branch 3 times, most recently from 7124482 to 63ae33e Compare February 21, 2023 15:17
@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Feb 21, 2023
Closed
toddbaert
toddbaert reviewed Feb 22, 2023
View reviewed changes
Comment thread pkg/sync/grpc/grpc_sync.go Outdated
@Kavindu-Dodan
introduce tls connectivity
9a9e895 
Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
@Kavindu-Dodan
review changes
8ed2ef5 
Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
@Kavindu-Dodan
review improvements
8c3eb74 
Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
skyerus
skyerus reviewed Feb 27, 2023
View reviewed changes
Comment thread pkg/sync/grpc/grpc_sync.go
Comment thread pkg/sync/grpc/grpc_sync.go
Comment thread pkg/sync/grpc/grpc_sync.go
Comment thread pkg/sync/grpc/grpc_sync.go
james-milligan
james-milligan reviewed Feb 27, 2023
View reviewed changes
Comment thread cmd/start.go Outdated
@Kavindu-Dodan
review changes
ace6e23 
Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
@Kavindu-Dodan
Copy link
Copy Markdown
Contributor Author

Kavindu-Dodan commented Feb 27, 2023

Closing as diverged too much from main 😞

Will work on a fresh PR when time permits.

@Kavindu-Dodan Kavindu-Dodan deleted the feature/grpc-tls branch March 9, 2023 22:12
raphael-wigoutschnigg-dt pushed a commit to open-feature-forking/flagd that referenced this pull request Mar 11, 2025
@boyvinall
docs: flipt grpc example (open-feature#398)
1e2c54d 
Signed-off-by: Matt Vinall <boyvinall@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@toddbaert toddbaert toddbaert approved these changes

@james-milligan james-milligan james-milligan left review comments

@AlexsJones AlexsJones Awaiting requested review from AlexsJones

@beeme1mr beeme1mr Awaiting requested review from beeme1mr

+1 more reviewer

@skyerus skyerus skyerus left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Kavindu-Dodan @toddbaert @skyerus @james-milligan