Up-to-date Golang gRPC example using latest tyk version

armujahid · August 29, 2022, 7:21am

I am trying to run golang gRPC example (to check id extractor caching) custom-plugin-examples/plugins/grpc_go-auth-pre_headerinject_authhook at master · TykTechnologies/custom-plugin-examples · GitHub

bundle.zip is generated using these steps (this only contains manifest.json since file_list is empty):

docker run -it --rm -v $(pwd):/app --entrypoint /bin/bash tykio/tyk-gateway:v4.0.5
cd /app
/opt/tyk-gateway/tyk bundle build

Next I tried to run gRPC server using

go mod init tyk-plugin
go mod tidy

But it is throwing this error

❯ go mod tidy
go: finding module for package github.com/TykTechnologies/tyk-protobuf/bindings/go
go: finding module for package google.golang.org/grpc
go: finding module for package golang.org/x/net/context
go: found golang.org/x/net/context in golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
go: found google.golang.org/grpc in google.golang.org/grpc v1.49.0
go: finding module for package github.com/TykTechnologies/tyk-protobuf/bindings/go
tyk-plugin imports
        github.com/TykTechnologies/tyk-protobuf/bindings/go: module github.com/TykTechnologies/tyk-protobuf@latest found (v0.0.0-20220714214409-d0cb35aefc54), but does not contain package github.com/TykTechnologies/tyk-protobuf/bindings/go

Also I noticed that GitHub - TykTechnologies/tyk-protobuf: Protocol Buffer definitions for Tyk gRPC middlewares. is deprecated.

An up-to-date golang gRPC authentication plugin example should be added/updated in custom-plugins repo. Do we have any other repo/example that I can run?

Related:
https://community.tyk.io/t/how-to-cache-the-authentication-using-auth-check-middleware-with-goplugin

Ubong · August 30, 2022, 2:02pm

Hi @armujahid,

Wonder if you’ve seen this? GitHub - TykTechnologies/tyk-grpc-go-basicauth-jwt: Custom BasicAuth with JWT to Upstream

Meanwhile, will get back to you on the other things soon.

armujahid · August 31, 2022, 7:15am

I have seem this example. This works and gRPC server is started at port 9111 but I am unable to use this with latest version of tyk v4.0.5 probably because of incompatible coprocess bindings. I am using this api def

{
    "name": "Tyk Test Keyless API",
    "api_id": "keyless",
    "org_id": "default",
    "definition": {
        "location": "header",
        "key": "version"
    },
    "use_keyless": false,
    "enable_coprocess_auth": true,
    "coprocess_options": {
        "enable_coprocess": true,
        "coprocess_grpc_server": "tcp://host.docker.internal:9111"
    },
    "version_data": {
        "not_versioned": true,
        "versions": {
            "Default": {
                "name": "Default"
            }
        }
    },
    "driver": "otto",
    "custom_middleware": {
        "pre": [],
        "post": [],
        "post_key_auth": [],
        "auth_check": {
          "name": "Login",
          "path": "",
          "require_session": false
        },
        "response": [],
        "driver": "grpc",
        "id_extractor": {
          "extract_from": "header",
          "extract_with": "value",
          "extractor_config": {
            "header_name": "Authorization"
          }
        }
    },
    "proxy": {
        "listen_path": "/keyless-test/",
        "target_url": "http://httpbin.org",
        "strip_listen_path": true
    }
}

In tyk logs this message is logged:

tyk_1    | time="Aug 31 07:03:59" level=error msg="Driver 'grpc' isn't loaded" prefix=coprocess

In api reponse this message is returned if I do

curl -s 'http://localhost:8081/keyless-test/get' -H "Authorization: Basic $(echo -n foo:bar | base64)"

{
    "error": "Access to this API has been disallowed"
}

Also this example doesn’t have manifest file which can be used to generate bundle.zip (Probably this is required as per docs)

Ubong · August 31, 2022, 1:25pm

Hi @armujahid,

This works fine for me on GW v4.0.5

Sorry, your API def isn’t quite right.
Particularly, this part should be in your tyk.conf, not the API def:

 "coprocess_options": {
    "enable_coprocess": true,
    "coprocess_grpc_server": "tcp://host.docker.internal:9111"
  }

And "driver": "otto" shouldn’t be the definition. The driver in the custom middleware section is the right one and is sufficient.

Can you import and use the API definition in the repo?

This example doesn’t need to be bundled. Running the gRPC server is sufficient.

This is how I got it running in my setup.

go get -u github.com/TykTechnologies/tyk-grpc-go-basicauth-jwt
go install tyk-grpc-go-basicauth-jwt
go run main.go 

INFO[0000] starting grpc middleware on :9111

I ran into this error when running the above commands

go: github.com/Sirupsen/[email protected]: parsing go.mod:
        module declares its path as: github.com/sirupsen/logrus
                but was required as: github.com/Sirupsen/logrus
go: github.com/Sirupsen/[email protected]: parsing go.mod:
        module declares its path as: github.com/sirupsen/logrus
                but was required as: github.com/Sirupsen/logrus

And fixed it by adding the below to my go.mod

replace (
github.com/Sirupsen/logrus v1.9.0 => github.com/sirupsen/logrus v1.9.0
github.com/sirupsen/logrus v1.9.0 => github.com/Sirupsen/logrus v1.9.0
)

The call to the API as well as the ID_extractor works fine.

armujahid · September 1, 2022, 7:25am

Thanks. I can confirm that existing gRPC server works with latest tyk v4.0.5 after setting coprocess_options in tyk.conf and using example api definition file. But I think something is wrong with go.mod. I get this error if I run go mod vendor (after resolution of Sirupsen/logrus with replace statements that you mentioned).

go1.15.15 mod vendor
go: finding module for package github.com/hashicorp/terraform/flatmap
github.com/TykTechnologies/tyk-grpc-go-basicauth-jwt imports
        github.com/TykTechnologies/tyk-protobuf/bindings/go imports
        github.com/TykTechnologies/tyk/apidef imports
        github.com/TykTechnologies/tyk/log imports
        github.com/hashicorp/terraform/flatmap: module github.com/hashicorp/terraform@latest found (v1.2.8), but does not contain package github.com/hashicorp/terraform/flatmap

I want to use 3rd party packages that’s why tidy and vendor command should work with go v1.15.15 (supported by tyk).

armujahid · September 5, 2022, 5:49am

Update:
Following golang Dockerfile is working for my gRPC plugin (that is also using mongo-driver 3rd party library)

FROM golang:1.15-alpine

WORKDIR /app

COPY go.mod ./
COPY go.sum ./
RUN go mod download

COPY *.go ./

RUN go build -o /main

EXPOSE 9111

CMD [ "/main" ]

armujahid · September 5, 2022, 8:34am

I have created this grpc plugin that is using mongodb GitHub - armujahid/tyk-grpc-go-mongo-accesstoken: TYK gRPC auth plugin that verifies access token validity in mongo. This example is containerized and can be forked to create/deploy grpc plugin (without or without mongo) on k8s

Let me know if I can add this in custom-plugins repo.

armujahid · December 9, 2022, 11:40am

GitHub - armujahid/tyk-grpc-go-mongo-accesstoken: TYK gRPC auth plugin that verifies access token validity in mongo has been updated

Tested with Tyk v4.3.0
updated to Go v1.16
coprocess from tyk repo (GitHub - TykTechnologies/tyk-protobuf: Protocol Buffer definitions for Tyk gRPC middlewares. is deprecated)

My PR in custom-plugins: