func grpcServer()

in server/cmd/harp-server/internal/dispatchers/grpc/wire.go [59:103]


func grpcServer(ctx context.Context, cfg *config.Configuration, bm manager.Backend) (*grpc.Server, error) {
	// Apply container keyring
	container.SetKeyring(cfg.Keyring)

	// gRPC middlewares
	sopts := []grpc.ServerOption{}

	// Enable TLS if requested
	if cfg.GRPC.UseTLS {
		// Client authentication enabled but not required
		clientAuth := tls.VerifyClientCertIfGiven
		if cfg.GRPC.TLS.ClientAuthenticationRequired {
			clientAuth = tls.RequireAndVerifyClientCert
		}

		// Generate TLS configuration
		tlsConfig, err := tlsconfig.Server(&tlsconfig.Options{
			KeyFile:    cfg.GRPC.TLS.PrivateKeyPath,
			CertFile:   cfg.GRPC.TLS.CertificatePath,
			CAFile:     cfg.GRPC.TLS.CACertificatePath,
			ClientAuth: clientAuth,
		})
		if err != nil {
			log.For(ctx).Error("Unable to build TLS configuration from settings", zap.Error(err))
			return nil, err
		}

		// Create the TLS credentials
		sopts = append(sopts, grpc.Creds(credentials.NewTLS(tlsConfig)))
	} else {
		log.For(ctx).Info("No transport encryption enabled for gRPC server")
	}

	// Initialize the server
	grpcServer := grpc.NewServer(sopts...)

	// Register services
	bundlev1.RegisterBundleAPIServer(grpcServer, server.Bundle(bm))

	// Reflection
	reflection.Register(grpcServer)

	// Return result
	return grpcServer, nil
}