> but make some functions accessible to specific people How are those authorized people identified? Authorization requires user authentication and it is best done with mTLS.
> and encrypt the traffic for specific RPCs. All traffic can be encrypted even when you don't want to enforce user authorization for other RPCs. I don't see a requirement for plaintext communication for certain RPCs. On Saturday, July 30, 2022 at 7:16:01 AM UTC-7 Philipp T wrote: > Hey thanks for your reply. > > Off the top of my head I could think of the following use-case. > > I have a service running on a pie which I use to control my lights. The > service has 3 functions, IsLightActive(), TunLightOn() and TurnLightOff. I > should be the only person who can call TurnLightOn() and TurnLightOff() and > the traffic should be encrypted (because lets say I dont want people to > know what the proto message looks like). On the other hand, anyone should > be able to call IsLightOn() regardless of who they are and there is no need > to encrypt the traffic. > > Basically I want to use a single service, but make some functions > accessible to specific people and encrypt the traffic for specific RPCs. > > Thanks :) > > On Wednesday, 27 July 2022 at 20:21:25 UTC+2 sanjay...@google.com wrote: > >> > on how this works in C++ (how do you actually read this file so that >> the gRPC service applies the configurations), >> >> Check this out >> https://github.com/grpc/proposal/blob/master/A2-service-configs-in-dns.md >> >> > *a single service where different PRCs have varying authentication >> requirements,* >> >> Do you really mean authentication requirements or authorization >> requirements? Can you give a concrete use-case? Authentication is at >> connection level and then you can use gRPC Authorization API ( >> https://github.com/grpc/proposal/blob/master/A43-grpc-authorization-api.md >> ) >> >> On Saturday, July 23, 2022 at 12:59:54 PM UTC+5:30 Philipp T wrote: >> >>> Hello, Im pretty new to gRPC but I was wondering if the following is >>> possible >>> >>> I have a proto file which contains a single service with two RPCs which >>> looks as follows: >>> >>> *service MyService {* >>> * // This function requires credentials* >>> * rpc YouNeedCreds(Empty) returns (Empty) {}* >>> >>> * // This function should be callable by anyone without credentials* >>> * rpc NoCredentialsNeeded(Empty) returns (Empty) {}* >>> *}* >>> >>> *My question is, is it possible, using C++ to have a single service >>> where different PRCs have varying authentication requirements, without >>> having to deploy to something like google cloud (I just want to run it >>> between 2 computers on the same network)? * >>> >>> I have seen references to using .yaml files to configure services (like >>> this one >>> <https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#rules_and_selectors>), >>> >>> but I have not found any examples on how this works in C++ (how do you >>> actually read this file so that the gRPC service applies the >>> configurations), and I don't intend on deploying this on google cloud. I >>> just want to run this on my local network and use the device IP to connect >>> to the service. >>> >>> At the moment I create the server by creating using >>> grpc::SslSecureCredentials and passing them to the .AddListeningPort method >>> provided by the grpc::ServerBuilder. >>> >>> Hopefully this is somewhat helpful, thanks in advanced for. >>> >> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/bbce2d78-aa67-4fb1-aa71-7e9dfea6dc05n%40googlegroups.com.
