I'm new to gRPC and authetication in general, so bear with me. I was able to set up a dummy example with a client sending a request to a server with async communication (the client sends the request and is not intestered in the response, the server just needs to receive the request and perform the remote procedure call to finish some computation).
To date, this is done using insecure channels, now I want to enable the authentification between the client and server. How can I perform this in Python? The docs seems clear about the code but I am not able to understand the overall concepts and what/how/why I should generate those files. Later on I would like also to deploy the dummy example to two different containers, one for the client, and one for the server, and see if they can communicate with authetification also.
Client:
import grpc
import helloworld_pb2
with open('roots.pem', 'rb') as f:
creds = grpc.ssl_channel_credentials(f.read())
channel = grpc.secure_channel('myservice.example.com:443', creds)
stub = helloworld_pb2.GreeterStub(channel)
Server:
import grpc
import helloworld_pb2
from concurrent import futures
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
with open('key.pem', 'rb') as f:
private_key = f.read()
with open('chain.pem', 'rb') as f:
certificate_chain = f.read()
server_credentials = grpc.ssl_server_credentials( ( (private_key, certificate_chain), ) )
# Adding GreeterServicer to server omitted
server.add_secure_port('myservice.example.com:443', server_credentials)
server.start()
# Server sleep omitted
For instance: what are the key.pem, chain.pem and roots.pem files? How can I generate them and why are they necessary?
