From 7a5c05495b217b09db2671e86f1d936a0f543d92 Mon Sep 17 00:00:00 2001 From: Tomasz Pytel Date: Tue, 13 Apr 2021 20:28:22 -0300 Subject: [PATCH] added secure connection option (#48) --- README.md | 1 + src/agent/protocol/grpc/clients/HeartbeatClient.ts | 8 +++++--- src/agent/protocol/grpc/clients/TraceReportClient.ts | 2 +- src/config/AgentConfig.ts | 2 ++ 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a78aac3..1ff9800 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ Environment Variable | Description | Default | `SW_AGENT_NAME` | The name of the service | `your-nodejs-service` | | `SW_AGENT_INSTANCE` | The name of the service instance | Randomly generated | | `SW_AGENT_COLLECTOR_BACKEND_SERVICES` | The backend OAP server address | `127.0.0.1:11800` | +| `SW_AGENT_SECURE` | Whether to use secure connection to backend OAP server | `false` | | `SW_AGENT_AUTHENTICATION` | The authentication token to verify that the agent is trusted by the backend OAP, as for how to configure the backend, refer to [the yaml](https://github.com/apache/skywalking/blob/4f0f39ffccdc9b41049903cc540b8904f7c9728e/oap-server/server-bootstrap/src/main/resources/application.yml#L155-L158). | not set | | `SW_AGENT_LOGGING_LEVEL` | The logging level, could be one of `error`, `warn`, `info`, `debug` | `info` | | `SW_AGENT_DISABLE_PLUGINS` | Comma-delimited list of plugins to disable in the plugins directory (e.g. "mysql", "express"). | `` | diff --git a/src/agent/protocol/grpc/clients/HeartbeatClient.ts b/src/agent/protocol/grpc/clients/HeartbeatClient.ts index 660d620..55d00d9 100755 --- a/src/agent/protocol/grpc/clients/HeartbeatClient.ts +++ b/src/agent/protocol/grpc/clients/HeartbeatClient.ts @@ -37,9 +37,11 @@ export default class HeartbeatClient implements Client { private heartbeatTimer?: NodeJS.Timeout; constructor() { - this.managementServiceClient = new ManagementServiceClient(config.collectorAddress, grpc.credentials.createInsecure(), { - interceptors: [AuthInterceptor], - }); + this.managementServiceClient = new ManagementServiceClient( + config.collectorAddress, + config.secure ? grpc.credentials.createSsl() : grpc.credentials.createInsecure(), + { interceptors: [AuthInterceptor] }, + ); } get isConnected(): boolean { diff --git a/src/agent/protocol/grpc/clients/TraceReportClient.ts b/src/agent/protocol/grpc/clients/TraceReportClient.ts index fcc7fd8..79b19bc 100755 --- a/src/agent/protocol/grpc/clients/TraceReportClient.ts +++ b/src/agent/protocol/grpc/clients/TraceReportClient.ts @@ -40,7 +40,7 @@ export default class TraceReportClient implements Client { this.buffer = new Buffer(); this.reporterClient = new TraceSegmentReportServiceClient( config.collectorAddress, - grpc.credentials.createInsecure(), + config.secure ? grpc.credentials.createSsl() : grpc.credentials.createInsecure(), { interceptors: [AuthInterceptor] }, ); emitter.on('segment-finished', (segment) => { diff --git a/src/config/AgentConfig.ts b/src/config/AgentConfig.ts index c92afea..eb74b0d 100644 --- a/src/config/AgentConfig.ts +++ b/src/config/AgentConfig.ts @@ -23,6 +23,7 @@ export type AgentConfig = { serviceName?: string; serviceInstance?: string; collectorAddress?: string; + secure?: boolean; authorization?: string; maxBufferSize?: number; disablePlugins?: string; @@ -62,6 +63,7 @@ export default { return os.hostname(); })(), collectorAddress: process.env.SW_AGENT_COLLECTOR_BACKEND_SERVICES || '127.0.0.1:11800', + secure: process.env.SW_AGENT_SECURE?.toLocaleLowerCase() === 'true', authorization: process.env.SW_AGENT_AUTHENTICATION, maxBufferSize: Number.isSafeInteger(process.env.SW_AGENT_MAX_BUFFER_SIZE) ? Number.parseInt(process.env.SW_AGENT_MAX_BUFFER_SIZE as string, 10) : 1000,