in cmd/server/main.go [64:187]
func setupKMSPlugin() error {
defer mlog.Setup()() // set up log flushing and attempt to flush on exit
flag.Parse()
ctx := withShutdownSignal(context.Background())
logFormat := mlog.FormatText
if *logFormatJSON {
logFormat = mlog.FormatJSON
}
if *logLevel > math.MaxUint8 {
return fmt.Errorf("invalid log level: %d", *logLevel)
}
if err := mlog.ValidateAndSetKlogLevelAndFormatGlobally(ctx, klog.Level(uint8(*logLevel)), logFormat); err != nil {
return fmt.Errorf("invalid --log-level set: %w", err)
}
if *versionInfo {
if err := version.PrintVersion(); err != nil {
return fmt.Errorf("failed to print version: %w", err)
}
return nil
}
// initialize metrics exporter
err := metrics.InitMetricsExporter(*metricsBackend, *metricsAddress)
if err != nil {
return fmt.Errorf("failed to initialize metrics exporter: %w", err)
}
mlog.Always("Starting KeyManagementServiceServer service", "version", version.BuildVersion, "buildDate", version.BuildDate)
pluginConfig := &plugin.Config{
KeyVaultName: *keyvaultName,
KeyName: *keyName,
KeyVersion: *keyVersion,
ManagedHSM: *managedHSM,
ProxyMode: *proxyMode,
ProxyAddress: *proxyAddress,
ProxyPort: *proxyPort,
ConfigFilePath: *configFilePath,
}
azureConfig, err := config.GetAzureConfig(pluginConfig.ConfigFilePath)
if err != nil {
return fmt.Errorf("failed to get azure config: %w", err)
}
kvClient, err := plugin.NewKeyVaultClient(
azureConfig,
pluginConfig.KeyVaultName,
pluginConfig.KeyName,
pluginConfig.KeyVersion,
pluginConfig.ProxyMode,
pluginConfig.ProxyAddress,
pluginConfig.ProxyPort,
pluginConfig.ManagedHSM,
)
if err != nil {
return fmt.Errorf("failed to create key vault client: %w", err)
}
// Initialize and run the GRPC server
proto, addr, err := utils.ParseEndpoint(*listenAddr)
if err != nil {
return fmt.Errorf("failed to parse endpoint: %w", err)
}
if err := os.Remove(addr); err != nil && !os.IsNotExist(err) {
return fmt.Errorf("failed to remove socket file %s: %w", addr, err)
}
listener, err := net.Listen(proto, addr)
if err != nil {
return fmt.Errorf("failed to listen addr: %s, proto: %s: %w", addr, proto, err)
}
opts := []grpc.ServerOption{
grpc.UnaryInterceptor(utils.UnaryServerInterceptor),
}
s := grpc.NewServer(opts...)
// register kms v1 server
kmsV1Server, err := plugin.NewKMSv1Server(kvClient)
if err != nil {
return fmt.Errorf("failed to create server: %w", err)
}
kmsv1.RegisterKeyManagementServiceServer(s, kmsV1Server)
// register kms v2 server
kmsV2Server, err := plugin.NewKMSv2Server(kvClient)
if err != nil {
return fmt.Errorf("failed to create kms V2 server: %w", err)
}
kmsv2.RegisterKeyManagementServiceServer(s, kmsV2Server)
mlog.Always("Listening for connections", "addr", listener.Addr().String())
go func() {
if err := s.Serve(listener); err != nil {
mlog.Fatal(fmt.Errorf("failed to serve kms server: %w", err))
}
}()
// Health check for kms v1 and v2
healthz := &plugin.HealthZ{
KMSv1Server: kmsV1Server,
KMSv2Server: kmsV2Server,
HealthCheckURL: &url.URL{
Host: net.JoinHostPort("", strconv.FormatUint(uint64(*healthzPort), 10)),
Path: *healthzPath,
},
UnixSocketPath: listener.Addr().String(),
RPCTimeout: *healthzTimeout,
}
go healthz.Serve()
<-ctx.Done()
// gracefully stop the grpc server
mlog.Always("terminating the server")
s.GracefulStop()
return nil
}