Google Git
Sign in
gbmc / gPowerD / 32e41b93f7010dc56632c009af3b88613b93baf9^! / .
commit32e41b93f7010dc56632c009af3b88613b93baf9[log] [tgz]
authorJohn Broadbent <jebr@google.com>Thu Mar 27 10:47:19 2025 -0700
committerCopybara-Service <copybara-worker@google.com>Thu Mar 27 10:47:48 2025 -0700
tree277dcbc6981026717248d34b2eeef48371aa332c
parent6556e069e892d4c96cd38d5b48f9c1229da2e4c6 [diff]
gpowerd: Add a flag to enable insecure grpc

This will be used when gpowerd runs in MANUAL development setups.

PiperOrigin-RevId: 741208025
Change-Id: I6ac41a6a1375b25896aa0e8580325a24e4309d72

diff --git a/bmc/gpowerd.cc b/bmc/gpowerd.cc
index 76d0a30..5554f37 100644
--- a/bmc/gpowerd.cc
+++ b/bmc/gpowerd.cc

@@ -26,6 +26,7 @@
 #include "grpcpp/server_builder.h"
 
 #include "grpcpp/security/authorization_policy_provider.h"
+#include "grpcpp/security/server_credentials.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 
@@ -73,15 +74,26 @@
                                              std::move(action_context_manager));
     ServerBuilder builder;
 
-    ASSIGN_OR_RETURN(std::shared_ptr<grpc::ServerCredentials>
-                     creds, auth::GetCredsInfo());
+    std::shared_ptr<grpc::ServerCredentials> creds = nullptr;
+    #ifdef INSECURE_MODE_FLAG
+       creds =  grpc::InsecureServerCredentials(); // NOLINT if the image is
+       //  build in insecure mode, build the grpc server with
+       //  insecure credentials
+       LOG(WARNING) << "Using insecure credentials";
+    #else
+      ASSIGN_OR_RETURN(creds, auth::GetCredsInfo());
+      LOG(INFO) << "Using secure credentials";
+    #endif  // INSECURE_MODE_FLAG
+
     LOG(INFO) << "Credentials loaded";
 
     ASSIGN_OR_RETURN(std::shared_ptr<AuthorizationPolicyProviderInterface>
                      policy, auth::GetAuthPolicy());
     LOG(INFO) << "authorization policy loaded";
 
-    builder.experimental().SetAuthorizationPolicyProvider(policy);
+    #ifndef INSECURE_MODE_FLAG
+      builder.experimental().SetAuthorizationPolicyProvider(policy);
+    #endif   // INSECURE_MODE_FLAG
 
     LOG(INFO) << "using address " << address;
     builder.AddListeningPort(address, creds);

diff --git a/meson.build b/meson.build
index 83cc4cc..8a5aedf 100644
--- a/meson.build
+++ b/meson.build

@@ -18,6 +18,11 @@
   conf_data.set('LOAS3_AUTH_FLAG', 1)
 endif
 
+conf_data.set('INSECURE_MODE_FLAG', 0)
+if get_option('insecure_mode').enabled()
+  conf_data.set('INSECURE_MODE_FLAG', 1)
+endif
+
 conf_data.set('version', '1.1.1')
 configure_file(input : 'gpowerd_build_config.h.in',
                output : 'gpowerd_build_config.h',

diff --git a/meson_options.txt b/meson_options.txt
index bd2a7c2..51611f3 100644
--- a/meson_options.txt
+++ b/meson_options.txt

@@ -14,3 +14,5 @@
   description: 'This option sets what configs to use for the platform.',
   value: 'MUST_BE_OVERRIDDEN_IN_RECIPE'
 )
+
+option('insecure_mode', type: 'feature', value: 'disabled', description: 'Build tests')