diff --git a/test/images/agnhost/README.md b/test/images/agnhost/README.md index 459d3213e1d..7776f7e1674 100644 --- a/test/images/agnhost/README.md +++ b/test/images/agnhost/README.md @@ -266,6 +266,8 @@ controlled with the time delay or via http control server. - `--port` (default: `5000`) can be used to override the gRPC port number. - `--http-port` (default: `8080`) can be used to override the http control server port number. - `--service` (default: ``) can be used used to specify which service this endpoint will respond to. +- `--tls-cert-file` File containing an x509 certificate for gRPC TLS. (CA cert, if any, concatenated after server cert). +- `--tls-private-key-file` File containing an x509 private key matching `--tls-cert-file`. Usage: diff --git a/test/images/agnhost/VERSION b/test/images/agnhost/VERSION index 1c593e17dae..6e272ad31f5 100644 --- a/test/images/agnhost/VERSION +++ b/test/images/agnhost/VERSION @@ -1 +1 @@ -2.48 +2.49 diff --git a/test/images/agnhost/grpc-health-checking/grpc-health-checking.go b/test/images/agnhost/grpc-health-checking/grpc-health-checking.go index 0dc8358b1ee..0ec9dd3e8cd 100644 --- a/test/images/agnhost/grpc-health-checking/grpc-health-checking.go +++ b/test/images/agnhost/grpc-health-checking/grpc-health-checking.go @@ -30,6 +30,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials" "google.golang.org/grpc/health/grpc_health_v1" "google.golang.org/grpc/status" ) @@ -49,6 +50,8 @@ var ( delayUnhealthySec int service string forceUnhealthy *bool + certFile string + privKeyFile string ) func init() { @@ -56,6 +59,10 @@ func init() { CmdGrpcHealthChecking.Flags().IntVar(&httpPort, "http-port", 8080, "Port number for the /make-serving and /make-not-serving.") CmdGrpcHealthChecking.Flags().IntVar(&delayUnhealthySec, "delay-unhealthy-sec", -1, "Number of seconds to delay before start reporting NOT_SERVING, negative value indicates never.") CmdGrpcHealthChecking.Flags().StringVar(&service, "service", "", "Service name to register the health check for.") + CmdGrpcHealthChecking.Flags().StringVar(&certFile, "tls-cert-file", "", + "File containing an x509 certificate for gRPC TLS. (CA cert, if any, concatenated after server cert).") + CmdGrpcHealthChecking.Flags().StringVar(&privKeyFile, "tls-private-key-file", "", + "File containing an x509 private key matching --tls-cert-file.") forceUnhealthy = nil } @@ -95,6 +102,13 @@ func NewHealthChecker(started time.Time) *HealthChecker { func main(cmd *cobra.Command, args []string) { started := time.Now() + // Validate flags + // + // if certFile or privKeyFile are not both set, exit with error + if (certFile == "" && privKeyFile != "") || (certFile != "" && privKeyFile == "") { + log.Fatalf("Both --tls-cert-file and --tls-private-key-file must be set") + } + http.HandleFunc("/make-not-serving", func(w http.ResponseWriter, r *http.Request) { log.Printf("Mark as unhealthy") forceUnhealthy = new(bool) @@ -121,17 +135,29 @@ func main(cmd *cobra.Command, args []string) { serverAdr := fmt.Sprintf(":%d", port) listenAddr, err := net.Listen("tcp", serverAdr) + if err != nil { - log.Fatal(fmt.Sprintf("Error while starting the listening service %v", err.Error())) + log.Fatalf("Error while starting the listening service %v", err) + } + + var grpcServer *grpc.Server + + if certFile != "" && privKeyFile != "" { + creds, err := credentials.NewServerTLSFromFile(certFile, privKeyFile) + if err != nil { + log.Fatalf("Failed to generate credentials %v", err) + } + grpcServer = grpc.NewServer(grpc.Creds(creds)) + } else { + grpcServer = grpc.NewServer() } - grpcServer := grpc.NewServer() healthService := NewHealthChecker(started) grpc_health_v1.RegisterHealthServer(grpcServer, healthService) log.Printf("gRPC server starting to listen on %s", serverAdr) if err = grpcServer.Serve(listenAddr); err != nil { - log.Fatal(fmt.Sprintf("Error while starting the gRPC server on the %s listen address %v", listenAddr, err.Error())) + log.Fatalf("Error while starting the gRPC server on the %s listen address %v", listenAddr, err) } select {}