@ -380,12 +380,16 @@ func getClientConn(address, tlsCertPath, macaroonPath string) (*grpc.ClientConn,
// TLS cannot be disabled, we'll always have a cert file to read.
// TLS cannot be disabled, we'll always have a cert file to read.
creds , err := credentials . NewClientTLSFromFile ( tlsCertPath , "" )
creds , err := credentials . NewClientTLSFromFile ( tlsCertPath , "" )
if err != nil {
if err != nil {
fatal ( err )
return nil , err
}
}
// Macaroons are not yet enabled by default.
// Macaroons are not yet enabled by default.
if macaroonPath != "" {
if macaroonPath != "" {
opts = append ( opts , readMacaroon ( macaroonPath ) )
macOption , err := readMacaroon ( macaroonPath )
if err != nil {
return nil , err
}
opts = append ( opts , macOption )
}
}
opts = append ( opts , grpc . WithTransportCredentials ( creds ) )
opts = append ( opts , grpc . WithTransportCredentials ( creds ) )
@ -401,16 +405,16 @@ func getClientConn(address, tlsCertPath, macaroonPath string) (*grpc.ClientConn,
// readMacaroon tries to read the macaroon file at the specified path and create
// readMacaroon tries to read the macaroon file at the specified path and create
// gRPC dial options from it.
// gRPC dial options from it.
func readMacaroon ( macPath string ) grpc . DialOption {
func readMacaroon ( macPath string ) ( grpc . DialOption , error ) {
// Load the specified macaroon file.
// Load the specified macaroon file.
macBytes , err := ioutil . ReadFile ( macPath )
macBytes , err := ioutil . ReadFile ( macPath )
if err != nil {
if err != nil {
fatal ( fmt . Errorf ( "unable to read macaroon path : %v" , err ) )
return nil , fmt . Errorf ( "unable to read macaroon path : %v" , err )
}
}
mac := & macaroon . Macaroon { }
mac := & macaroon . Macaroon { }
if err = mac . UnmarshalBinary ( macBytes ) ; err != nil {
if err = mac . UnmarshalBinary ( macBytes ) ; err != nil {
fatal ( fmt . Errorf ( "unable to decode macaroon: %v" , err ) )
return nil , fmt . Errorf ( "unable to decode macaroon: %v" , err )
}
}
macConstraints := [ ] macaroons . Constraint {
macConstraints := [ ] macaroons . Constraint {
@ -430,10 +434,10 @@ func readMacaroon(macPath string) grpc.DialOption {
// Apply constraints to the macaroon.
// Apply constraints to the macaroon.
constrainedMac , err := macaroons . AddConstraints ( mac , macConstraints ... )
constrainedMac , err := macaroons . AddConstraints ( mac , macConstraints ... )
if err != nil {
if err != nil {
fatal ( err )
return nil , err
}
}
// Now we append the macaroon credentials to the dial options.
// Now we append the macaroon credentials to the dial options.
cred := macaroons . NewMacaroonCredential ( constrainedMac )
cred := macaroons . NewMacaroonCredential ( constrainedMac )
return grpc . WithPerRPCCredentials ( cred )
return grpc . WithPerRPCCredentials ( cred ) , nil
}
}