Merge pull request #218 from demml/feat/grpc-tls

Feat/grpc tls

Author: thorrester

Cargo.lock

@@ -9,7 +9,7 @@ default-members = [
 ]
 
 [workspace.package]
-version = "0.18.0"
+version = "0.19.0"
 authors = [
       "Thorrester <support@demmlai.com>",
       "russellkemmit <support@demmlai.com>",
@@ -20,25 +20,25 @@ repository = "https://github.com/demml/scouter"
 
 
 [workspace.dependencies]
-scouter-auth = { path = "crates/scouter_auth", version = "0.18.0" }
-scouter-client = { path = "crates/scouter_client", version = "0.18.0" }
-scouter-dispatch = { path = "crates/scouter_dispatch", version = "0.18.0" }
-scouter-drift = { path = "crates/scouter_drift", version = "0.18.0", default-features = false }
-scouter-evaluate = { path = "crates/scouter_evaluate", version = "0.18.0" }
-scouter-events = { path = "crates/scouter_events", version = "0.18.0", default-features = false }
-scouter-http = { path = "crates/scouter_http", version = "0.18.0" }
-scouter-observability = { path = "crates/scouter_observability", version = "0.18.0" }
-scouter-profile = { path = "crates/scouter_profile", version = "0.18.0" }
-scouter-server = { path = "crates/scouter_server", version = "0.18.0" }
-scouter-semver = { path = "crates/scouter_semver", version = "0.18.0" }
-scouter-settings = { path = "crates/scouter_settings", version = "0.18.0" }
-scouter-dataframe = { path = "crates/scouter_dataframe", version = "0.18.0" }
-scouter-macro = { path = "crates/scouter_macro", version = "0.18.0" }
-scouter-state = { path = "crates/scouter_state", version = "0.18.0" }
-scouter-sql = { path = "crates/scouter_sql", version = "0.18.0" }
-scouter-tonic = { path = "crates/scouter_tonic", version = "0.18.0" }
-scouter-tracing = { path = "crates/scouter_tracing", version = "0.18.0" }
-scouter-types = { path = "crates/scouter_types", version = "0.18.0" }
+scouter-auth = { path = "crates/scouter_auth", version = "0.19.0" }
+scouter-client = { path = "crates/scouter_client", version = "0.19.0" }
+scouter-dispatch = { path = "crates/scouter_dispatch", version = "0.19.0" }
+scouter-drift = { path = "crates/scouter_drift", version = "0.19.0", default-features = false }
+scouter-evaluate = { path = "crates/scouter_evaluate", version = "0.19.0" }
+scouter-events = { path = "crates/scouter_events", version = "0.19.0", default-features = false }
+scouter-http = { path = "crates/scouter_http", version = "0.19.0" }
+scouter-observability = { path = "crates/scouter_observability", version = "0.19.0" }
+scouter-profile = { path = "crates/scouter_profile", version = "0.19.0" }
+scouter-server = { path = "crates/scouter_server", version = "0.19.0" }
+scouter-semver = { path = "crates/scouter_semver", version = "0.19.0" }
+scouter-settings = { path = "crates/scouter_settings", version = "0.19.0" }
+scouter-dataframe = { path = "crates/scouter_dataframe", version = "0.19.0" }
+scouter-macro = { path = "crates/scouter_macro", version = "0.19.0" }
+scouter-state = { path = "crates/scouter_state", version = "0.19.0" }
+scouter-sql = { path = "crates/scouter_sql", version = "0.19.0" }
+scouter-tonic = { path = "crates/scouter_tonic", version = "0.19.0" }
+scouter-tracing = { path = "crates/scouter_tracing", version = "0.19.0" }
+scouter-types = { path = "crates/scouter_types", version = "0.19.0" }
 scouter-mocks = { path = "crates/scouter_mocks" }
 test-utils = { path = "crates/test_utils" }
 

Cargo.toml

@@ -198,6 +198,11 @@ impl ScouterTestServer {
                         Some(format!("http://127.0.0.1:{grpc_port}")),
                         Some("guest".to_string()),
                         Some("guest".to_string()),
+                        None,
+                        None,
+                        None,
+                        None,
+                        None,
                     );
 
                     // Use the health check method

crates/scouter_mocks/src/mock.rs

@@ -15,6 +15,21 @@ pub struct GrpcConfig {
     #[pyo3(get, set)]
     pub password: String,
 
+    #[pyo3(get, set)]
+    pub timeout_secs: Option<u64>,
+
+    #[pyo3(get, set)]
+    pub connect_timeout_secs: Option<u64>,
+
+    #[pyo3(get, set)]
+    pub keep_alive_interval_secs: Option<u64>,
+
+    #[pyo3(get, set)]
+    pub keep_alive_timeout_secs: Option<u64>,
+
+    #[pyo3(get, set)]
+    pub keep_alive_while_idle: Option<bool>,
+
     #[pyo3(get)]
     pub transport_type: TransportType,
 }
@@ -26,11 +41,22 @@ impl GrpcConfig {
         server_uri=None,
         username=None,
         password=None,
+        timeout_secs=None,
+        connect_timeout_secs=None,
+        keep_alive_interval_secs=None,
+        keep_alive_timeout_secs=None,
+        keep_alive_while_idle=None,
     ))]
+    #[allow(clippy::too_many_arguments)]
     pub fn new(
         server_uri: Option<String>,
         username: Option<String>,
         password: Option<String>,
+        timeout_secs: Option<u64>,
+        connect_timeout_secs: Option<u64>,
+        keep_alive_interval_secs: Option<u64>,
+        keep_alive_timeout_secs: Option<u64>,
+        keep_alive_while_idle: Option<bool>,
     ) -> Self {
         let server_uri = server_uri.unwrap_or_else(|| {
             std::env::var("SCOUTER_GRPC_URI")
@@ -49,6 +75,11 @@ impl GrpcConfig {
             server_uri,
             username,
             password,
+            timeout_secs,
+            connect_timeout_secs,
+            keep_alive_interval_secs,
+            keep_alive_timeout_secs,
+            keep_alive_while_idle,
             transport_type: TransportType::Grpc,
         }
     }
@@ -60,6 +91,6 @@ impl GrpcConfig {
 
 impl Default for GrpcConfig {
     fn default() -> Self {
-        Self::new(None, None, None)
+        Self::new(None, None, None, None, None, None, None, None)
     }
 }

crates/scouter_settings/src/grpc.rs

@@ -26,7 +26,7 @@ prost-types = { workspace = true }
 
 [features]
 default = []
-client = ["tonic/channel"]
+client = ["tonic/channel", "tonic/tls-aws-lc", "tonic/tls-native-roots"]
 server = ["tonic/server"]
 all = ["client", "server"]
 

crates/scouter_tonic/Cargo.toml

@@ -5,6 +5,7 @@ use crate::{
 };
 use scouter_settings::grpc::GrpcConfig;
 use std::sync::{Arc, RwLock};
+use std::time::Duration;
 use tonic::metadata::MetadataValue;
 use tonic::transport::Channel;
 use tonic::Request;
@@ -17,30 +18,60 @@ pub const AUTHORIZATION: &str = "authorization";
 
 #[derive(Clone, Debug)]
 pub struct GrpcClient {
+    channel: Channel,
     message_client: MessageServiceClient<Channel>,
     auth_client: AuthServiceClient<Channel>,
     auth_token: Arc<RwLock<String>>,
     config: GrpcConfig,
 }
 
-impl GrpcClient {
-    pub async fn new(config: GrpcConfig) -> Result<Self, ClientError> {
-        let channel = Channel::from_shared(config.server_uri.clone())
-            .map_err(|e| {
-                error!("Failed to create gRPC channel: {}", e);
-                ClientError::GrpcError(e.to_string())
-            })?
+async fn build_channel(config: &GrpcConfig) -> Result<Channel, ClientError> {
+    let mut endpoint = Channel::from_shared(config.server_uri.clone())
+        .map_err(|e| ClientError::GrpcError(format!("Invalid URI: {}", e)))?;
+
+    if let Some(secs) = config.timeout_secs {
+        endpoint = endpoint.timeout(Duration::from_secs(secs));
+    }
+    if let Some(secs) = config.connect_timeout_secs {
+        endpoint = endpoint.connect_timeout(Duration::from_secs(secs));
+    }
+    if let Some(secs) = config.keep_alive_interval_secs {
+        endpoint = endpoint.http2_keep_alive_interval(Duration::from_secs(secs));
+    }
+    if let Some(secs) = config.keep_alive_timeout_secs {
+        endpoint = endpoint.keep_alive_timeout(Duration::from_secs(secs));
+    }
+    if let Some(enabled) = config.keep_alive_while_idle {
+        endpoint = endpoint.keep_alive_while_idle(enabled);
+    }
+
+    if config.server_uri.starts_with("https://") {
+        endpoint
+            .tls_config(tonic::transport::ClientTlsConfig::new().with_native_roots())
+            .map_err(|e| ClientError::GrpcError(format!("TLS config failed: {}", e)))?
+            .connect()
+            .await
+            .map_err(|e| ClientError::GrpcError(format!("Failed to connect (TLS): {}", e)))
+    } else {
+        endpoint
             .connect()
             .await
-            .map_err(|e| {
-                error!("Failed to connect to gRPC server: {}", e);
-                ClientError::GrpcError(e.to_string())
-            })?;
+            .map_err(|e| ClientError::GrpcError(format!("Failed to connect: {}", e)))
+    }
+}
+
+impl GrpcClient {
+    pub async fn new(config: GrpcConfig) -> Result<Self, ClientError> {
+        let channel = build_channel(&config).await.map_err(|e| {
+            error!("Failed to connect to gRPC server: {}", e);
+            e
+        })?;
 
         let message_client = MessageServiceClient::new(channel.clone());
-        let auth_client = AuthServiceClient::new(channel);
+        let auth_client = AuthServiceClient::new(channel.clone());
 
         let mut grpc_client = Self {
+            channel,
             message_client,
             auth_client,
             auth_token: Arc::new(RwLock::new(String::new())),
@@ -206,13 +237,7 @@ impl GrpcClient {
     }
 
     pub async fn health_check(&self) -> Result<bool, ClientError> {
-        let channel = Channel::from_shared(self.config.server_uri.clone())
-            .map_err(|e| ClientError::GrpcError(format!("Invalid URI: {}", e)))?
-            .connect()
-            .await
-            .map_err(|e| ClientError::GrpcError(format!("Connection failed: {}", e)))?;
-
-        let mut health_client = HealthClient::new(channel);
+        let mut health_client = HealthClient::new(self.channel.clone());
 
         // Check health of MessageService
         let request = HealthCheckRequest {

crates/scouter_tonic/src/client.rs

@@ -7,7 +7,7 @@ classifiers = [
     "Programming Language :: Python :: Implementation :: PyPy",
 ]
 license = "MIT"
-version = "0.18.0"
+version = "0.19.0"
 description = ""
 authors = [
     {name = "Thorrester", email = "<support@demmlai.com>"},

py-scouter/pyproject.toml

@@ -12876,18 +12876,29 @@ class GrpcConfig:
     server_uri: str
     username: str
     password: str
+    timeout_secs: Optional[int]
+    connect_timeout_secs: Optional[int]
+    keep_alive_interval_secs: Optional[int]
+    keep_alive_timeout_secs: Optional[int]
+    keep_alive_while_idle: Optional[bool]
 
     def __init__(
         self,
         server_uri: Optional[str] = None,
         username: Optional[str] = None,
         password: Optional[str] = None,
+        timeout_secs: Optional[int] = None,
+        connect_timeout_secs: Optional[int] = None,
+        keep_alive_interval_secs: Optional[int] = None,
+        keep_alive_timeout_secs: Optional[int] = None,
+        keep_alive_while_idle: Optional[bool] = None,
     ) -> None:
         """gRPC configuration to use with the GrpcProducer.
 
         Args:
             server_uri:
                 URL of the gRPC server to publish messages to.
+                Use ``http://`` for plaintext or ``https://`` for TLS.
                 If not provided, the value of the SCOUTER_GRPC_URI environment variable is used.
 
             username:
@@ -12897,6 +12908,26 @@ class GrpcConfig:
             password:
                 Password for basic authentication.
                 If not provided, the value of the SCOUTER_PASSWORD environment variable is used.
+
+            timeout_secs:
+                Maximum time in seconds to wait for a response before the request is cancelled.
+                If not provided, requests will wait indefinitely.
+
+            connect_timeout_secs:
+                Maximum time in seconds to wait for the initial connection to be established.
+                If not provided, connection attempts will wait indefinitely.
+
+            keep_alive_interval_secs:
+                Interval in seconds between HTTP/2 keepalive pings sent to the server.
+                Recommended for long-lived connections behind load balancers or NAT.
+
+            keep_alive_timeout_secs:
+                Time in seconds to wait for a keepalive ping response before closing the connection.
+                Only applies when ``keep_alive_interval_secs`` is set.
+
+            keep_alive_while_idle:
+                If ``True``, keepalive pings are sent even when there are no active streams.
+                Only applies when ``keep_alive_interval_secs`` is set.
         """
 
     def __str__(self): ...

py-scouter/python/scouter/_scouter.pyi

@@ -552,18 +552,29 @@ class GrpcConfig:
     server_uri: str
     username: str
     password: str
+    timeout_secs: Optional[int]
+    connect_timeout_secs: Optional[int]
+    keep_alive_interval_secs: Optional[int]
+    keep_alive_timeout_secs: Optional[int]
+    keep_alive_while_idle: Optional[bool]
 
     def __init__(
         self,
         server_uri: Optional[str] = None,
         username: Optional[str] = None,
         password: Optional[str] = None,
+        timeout_secs: Optional[int] = None,
+        connect_timeout_secs: Optional[int] = None,
+        keep_alive_interval_secs: Optional[int] = None,
+        keep_alive_timeout_secs: Optional[int] = None,
+        keep_alive_while_idle: Optional[bool] = None,
     ) -> None:
         """gRPC configuration to use with the GrpcProducer.
 
         Args:
             server_uri:
                 URL of the gRPC server to publish messages to.
+                Use ``http://`` for plaintext or ``https://`` for TLS.
                 If not provided, the value of the SCOUTER_GRPC_URI environment variable is used.
 
             username:
@@ -573,6 +584,26 @@ class GrpcConfig:
             password:
                 Password for basic authentication.
                 If not provided, the value of the SCOUTER_PASSWORD environment variable is used.
+
+            timeout_secs:
+                Maximum time in seconds to wait for a response before the request is cancelled.
+                If not provided, requests will wait indefinitely.
+
+            connect_timeout_secs:
+                Maximum time in seconds to wait for the initial connection to be established.
+                If not provided, connection attempts will wait indefinitely.
+
+            keep_alive_interval_secs:
+                Interval in seconds between HTTP/2 keepalive pings sent to the server.
+                Recommended for long-lived connections behind load balancers or NAT.
+
+            keep_alive_timeout_secs:
+                Time in seconds to wait for a keepalive ping response before closing the connection.
+                Only applies when ``keep_alive_interval_secs`` is set.
+
+            keep_alive_while_idle:
+                If ``True``, keepalive pings are sent even when there are no active streams.
+                Only applies when ``keep_alive_interval_secs`` is set.
         """
 
     def __str__(self): ...