Dynamic grpc client credentials (#204)

* Add an aTLS wrapper for grpc credentials * Move grpc dialers to internal and use aTLS grpc credentials Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-06-30 08:57:26 -04:00 · 2022-06-13 11:40:27 +02:00 · 2022-06-13 11:40:27 +02:00 · 1e19e64fbc
commit 1e19e64fbc
parent 6e9428a234
25 changed files with 291 additions and 189 deletions
--- a/cli/internal/proto/client.go
+++ b/cli/internal/proto/client.go
@ -8,10 +8,10 @@ import (
 	"github.com/edgelesssys/constellation/coordinator/pubapi/pubproto"
 	"github.com/edgelesssys/constellation/coordinator/state"
 	"github.com/edgelesssys/constellation/internal/atls"
+	"github.com/edgelesssys/constellation/internal/grpc/atlscredentials"
 	kms "github.com/edgelesssys/constellation/kms/server/setup"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
 )

 // Client wraps a PubAPI client and the connection to it.
@ -26,12 +26,9 @@ type Client struct {
 // called on a client that already has a connection, the old
 // connection is closed.
 func (c *Client) Connect(endpoint string, validators []atls.Validator) error {
-	tlsConfig, err := atls.CreateAttestationClientTLSConfig(nil, validators)
-	if err != nil {
-		return err
-	}
+	creds := atlscredentials.New(nil, validators)

-	conn, err := grpc.Dial(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)))
+	conn, err := grpc.Dial(endpoint, grpc.WithTransportCredentials(creds))
 	if err != nil {
 		return err
 	}