in server/cmd/harp-server/internal/dispatchers/grpc/wire.go [59:103]
func grpcServer(ctx context.Context, cfg *config.Configuration, bm manager.Backend) (*grpc.Server, error) {
// Apply container keyring
container.SetKeyring(cfg.Keyring)
// gRPC middlewares
sopts := []grpc.ServerOption{}
// Enable TLS if requested
if cfg.GRPC.UseTLS {
// Client authentication enabled but not required
clientAuth := tls.VerifyClientCertIfGiven
if cfg.GRPC.TLS.ClientAuthenticationRequired {
clientAuth = tls.RequireAndVerifyClientCert
}
// Generate TLS configuration
tlsConfig, err := tlsconfig.Server(&tlsconfig.Options{
KeyFile: cfg.GRPC.TLS.PrivateKeyPath,
CertFile: cfg.GRPC.TLS.CertificatePath,
CAFile: cfg.GRPC.TLS.CACertificatePath,
ClientAuth: clientAuth,
})
if err != nil {
log.For(ctx).Error("Unable to build TLS configuration from settings", zap.Error(err))
return nil, err
}
// Create the TLS credentials
sopts = append(sopts, grpc.Creds(credentials.NewTLS(tlsConfig)))
} else {
log.For(ctx).Info("No transport encryption enabled for gRPC server")
}
// Initialize the server
grpcServer := grpc.NewServer(sopts...)
// Register services
bundlev1.RegisterBundleAPIServer(grpcServer, server.Bundle(bm))
// Reflection
reflection.Register(grpcServer)
// Return result
return grpcServer, nil
}