Don't register HTTP/JSON handlers (#1677)

* Don't register HTTP/JSON handlers

* Use grpcurl in quota setup scripts

* Update quota README to use grpcurl

* Changelog

* Remove grpc gateway generated files

* Remove grpc-gateway dependency

Author: gdbelvin

.travis.yml

@@ -116,7 +116,7 @@ jobs:
       script: ./integration/integration_test.sh && HAMMER_OPTS="--operations=150" ./integration/maphammer.sh 3
     - name: "integration (etcd)"
       env: GOFLAGS='-race' ETCD_DIR="${GOPATH}/bin" GO_TEST_TIMEOUT=20m
-      install: go install go.etcd.io/etcd go.etcd.io/etcd/etcdctl
+      install: go install go.etcd.io/etcd go.etcd.io/etcd/etcdctl github.com/fullstorydev/grpcurl/cmd/grpcurl
       script: ./integration/integration_test.sh && HAMMER_OPTS="--operations=50" ./integration/maphammer.sh 3
     - name: "integration (batched_queue)"
       env: GOFLAGS='-race --tags=batched_queue' GO_TEST_TIMEOUT=20m

CHANGELOG.md

@@ -4,6 +4,12 @@
 
 Not yet released; provisionally v1.4.0 (may change).
 
+### HTTP APIs
+
+The HTTP/JSON APIs have been removed in favor of a pure gRPC intereface.
+[grpcurl](https://github.com/fullstorydev/grpcurl) is the recommended way
+of interacting with the gRPC API from the commandline.
+
 ### Server Binaries
 
 The `trillian_log_server`, `trillian_log_signer` and `trillian_map_server`

cmd/internal/serverutil/main.go

@@ -30,7 +30,6 @@ import (
 	"github.com/google/trillian/server/interceptor"
 	"github.com/google/trillian/util"
 	"github.com/google/trillian/util/clock"
-	"github.com/grpc-ecosystem/grpc-gateway/runtime"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -55,8 +54,8 @@ const (
 
 // Main encapsulates the data and logic to start a Trillian server (Log or Map).
 type Main struct {
-	// Endpoints for RPC and HTTP/REST servers.
-	// HTTP/REST is optional, if empty it'll not be bound.
+	// Endpoints for RPC and HTTP servers.
+	// HTTP is optional, if empty it'll not be bound.
 	RPCEndpoint, HTTPEndpoint string
 
 	// TLS Certificate and Key files for the server.
@@ -69,8 +68,6 @@ type Main struct {
 	StatsPrefix string
 	QuotaDryRun bool
 
-	// RegisterHandlerFn is called to register REST-proxy handlers.
-	RegisterHandlerFn func(context.Context, *runtime.ServeMux, string, []grpc.DialOption) error
 	// RegisterServerFn is called to register RPC servers.
 	RegisterServerFn func(*grpc.Server, extension.Registry) error
 
@@ -130,16 +127,6 @@ func (m *Main) Run(ctx context.Context) error {
 	reflection.Register(srv)
 
 	if endpoint := m.HTTPEndpoint; endpoint != "" {
-		gatewayMux := runtime.NewServeMux()
-		opts := []grpc.DialOption{grpc.WithInsecure()}
-		if err := m.RegisterHandlerFn(ctx, gatewayMux, m.RPCEndpoint, opts); err != nil {
-			return err
-		}
-		if err := trillian.RegisterTrillianAdminHandlerFromEndpoint(ctx, gatewayMux, m.RPCEndpoint, opts); err != nil {
-			return err
-		}
-
-		http.Handle("/", gatewayMux)
 		http.Handle("/metrics", promhttp.Handler())
 		http.HandleFunc("/healthz", m.healthz)
 

cmd/trillian_log_server/main.go

@@ -43,7 +43,6 @@ import (
 	"github.com/google/trillian/storage"
 	"github.com/google/trillian/util/clock"
 	etcdutil "github.com/google/trillian/util/etcd"
-	"github.com/grpc-ecosystem/grpc-gateway/runtime"
 	"google.golang.org/grpc"
 
 	// Register key ProtoHandlers
@@ -64,7 +63,7 @@ import (
 
 var (
 	rpcEndpoint     = flag.String("rpc_endpoint", "localhost:8090", "Endpoint for RPC requests (host:port)")
-	httpEndpoint    = flag.String("http_endpoint", "localhost:8091", "Endpoint for HTTP metrics and REST requests on (host:port, empty means disabled)")
+	httpEndpoint    = flag.String("http_endpoint", "localhost:8091", "Endpoint for HTTP metrics (host:port, empty means disabled)")
 	healthzTimeout  = flag.Duration("healthz_timeout", time.Second*5, "Timeout used during healthz checks")
 	tlsCertFile     = flag.String("tls_cert_file", "", "Path to the TLS server certificate. If unset, the server will use unsecured connections.")
 	tlsKeyFile      = flag.String("tls_key_file", "", "Path to the TLS server key. If unset, the server will use unsecured connections.")
@@ -164,15 +163,6 @@ func main() {
 		QuotaDryRun:  *quotaDryRun,
 		DBClose:      sp.Close,
 		Registry:     registry,
-		RegisterHandlerFn: func(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) error {
-			if err := trillian.RegisterTrillianLogHandlerFromEndpoint(ctx, mux, endpoint, opts); err != nil {
-				return err
-			}
-			if *quota.System == etcd.QuotaManagerName {
-				return quotapb.RegisterQuotaHandlerFromEndpoint(ctx, mux, endpoint, opts)
-			}
-			return nil
-		},
 		RegisterServerFn: func(s *grpc.Server, registry extension.Registry) error {
 			logServer := server.NewTrillianLogRPCServer(registry, clock.System)
 			if err := logServer.IsHealthy(); err != nil {

cmd/trillian_log_signer/main.go

@@ -41,7 +41,6 @@ import (
 	"github.com/google/trillian/util/election2"
 	etcdelect "github.com/google/trillian/util/election2/etcd"
 	etcdutil "github.com/google/trillian/util/etcd"
-	"github.com/grpc-ecosystem/grpc-gateway/runtime"
 	"google.golang.org/grpc"
 
 	tpb "github.com/google/trillian"
@@ -194,10 +193,6 @@ func main() {
 		StatsPrefix:  "logsigner",
 		DBClose:      sp.Close,
 		Registry:     registry,
-		RegisterHandlerFn: func(_ context.Context, _ *runtime.ServeMux, _ string, _ []grpc.DialOption) error {
-			// No HTTP APIs are being exported.
-			return nil
-		},
 		RegisterServerFn: func(s *grpc.Server, _ extension.Registry) error {
 			tpb.RegisterTrillianLogSequencerServer(s, &struct{}{})
 			return nil

cmd/trillian_map_server/main.go

@@ -40,7 +40,6 @@ import (
 	"github.com/google/trillian/server"
 	"github.com/google/trillian/storage"
 	etcdutil "github.com/google/trillian/util/etcd"
-	"github.com/grpc-ecosystem/grpc-gateway/runtime"
 	"google.golang.org/grpc"
 
 	// Register key ProtoHandlers
@@ -62,7 +61,7 @@ import (
 
 var (
 	rpcEndpoint    = flag.String("rpc_endpoint", "localhost:8090", "Endpoint for RPC requests (host:port)")
-	httpEndpoint   = flag.String("http_endpoint", "localhost:8091", "Endpoint for HTTP metrics and REST requests on (host:port, empty means disabled)")
+	httpEndpoint   = flag.String("http_endpoint", "localhost:8091", "Endpoint for HTTP metrics (host:port, empty means disabled)")
 	healthzTimeout = flag.Duration("healthz_timeout", time.Second*5, "Timeout used during healthz checks")
 	tlsCertFile    = flag.String("tls_cert_file", "", "Path to the TLS server certificate. If unset, the server will use unsecured connections.")
 	tlsKeyFile     = flag.String("tls_key_file", "", "Path to the TLS server key. If unset, the server will use unsecured connections.")
@@ -154,15 +153,6 @@ func main() {
 		QuotaDryRun:  *quotaDryRun,
 		DBClose:      sp.Close,
 		Registry:     registry,
-		RegisterHandlerFn: func(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) error {
-			if err := trillian.RegisterTrillianMapHandlerFromEndpoint(ctx, mux, endpoint, opts); err != nil {
-				return err
-			}
-			if *quota.System == etcd.QuotaManagerName {
-				return quotapb.RegisterQuotaHandlerFromEndpoint(ctx, mux, endpoint, opts)
-			}
-			return nil
-		},
 		RegisterServerFn: func(s *grpc.Server, registry extension.Registry) error {
 			mapServer := server.NewTrillianMapServer(registry,
 				server.TrillianMapServerOptions{

gen.go

@@ -17,7 +17,6 @@ package trillian
 //go:generate protoc -I=. -I=$GOPATH/src -I=$GOPATH/src/github.com/googleapis/googleapis --go_out=plugins=grpc,paths=source_relative:. trillian_log_api.proto trillian_log_sequencer_api.proto trillian_map_api.proto trillian_admin_api.proto trillian.proto --doc_out=markdown,api.md:./docs/
 //go:generate protoc -I=. --go_out=paths=source_relative:. crypto/sigpb/sigpb.proto
 //go:generate protoc -I=. --go_out=paths=source_relative:. crypto/keyspb/keyspb.proto
-//go:generate protoc -I=. -I=$GOPATH/src -I=$GOPATH/src/github.com/googleapis/googleapis --grpc-gateway_out=logtostderr=true,paths=source_relative:. trillian_log_api.proto trillian_map_api.proto trillian_admin_api.proto trillian.proto
 
 //go:generate mockgen -package tmock -destination testonly/tmock/mock_log_server.go  github.com/google/trillian TrillianLogServer
 //go:generate mockgen -package tmock -destination testonly/tmock/mock_map_server.go  github.com/google/trillian TrillianMapServer

go.mod

@@ -31,7 +31,7 @@ require (
 	github.com/google/uuid v1.1.1 // indirect
 	github.com/gorilla/websocket v1.4.1 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.1.0
-	github.com/grpc-ecosystem/grpc-gateway v1.12.1
+	github.com/grpc-ecosystem/grpc-gateway v1.12.1 // indirect
 	github.com/huandu/xstrings v1.2.0 // indirect
 	github.com/imdario/mergo v0.3.8 // indirect
 	github.com/jstemmer/go-junit-report v0.9.1 // indirect

integration/functions.sh

@@ -179,7 +179,7 @@ log_prep_test() {
 
   # Setup etcd quotas, if applicable
   if [[ ${has_etcd} -eq 1 ]]; then
-    setup_etcd_quotas "${HTTP_SERVER_1}"
+    setup_etcd_quotas "${RPC_SERVER_1}"
   fi
 
   # Start a set of signers.
@@ -231,10 +231,10 @@ log_stop_test() {
 # setup_etcd_quotas creates the etcd quota configurations used by tests.
 #
 # Parameters:
-#   - server : HTTP endpoint for the quota API (eg, logserver http port)
+#   - server : GRPC endpoint for the quota API (eg, logserver grpc port)
 #
 # Outputs:
-#   DELETE and POST responses.
+#   DeleteConfig and CreateConfig responses.
 #
 # Returns:
 #   0 if success, non-zero otherwise.
@@ -243,15 +243,10 @@ setup_etcd_quotas() {
   local name='quotas/global/write/config'
 
   # Remove the config before creating. It's OK if it doesn't exist.
-  local delete_output=$(curl -s -X DELETE "${server}/v1beta1/${name}")
-  printf 'DELETE %s: %s\n' "${name}" "${delete_output}"
-
-  local create_output=$(curl \
-      -d '@-' \
-      -s \
-      -H 'Content-Type: application/json' \
-      -X POST \
-      "${server}/v1beta1/${name}" <<EOF
+  local delete_output=$(grpcurl -plaintext -d "name: ${name}" ${server} quotapb.Quota.DeleteConfig )
+  printf 'quotapb.Quota.DeleteConfig %s: %s\n' "${name}" "${delete_output}"
+
+  local create_output=$(grpcurl -plaintext -d @ ${server} quotapb.Quota.CreateConfig <<EOF
 {
   "name": "${name}",
   "config": {
@@ -263,7 +258,7 @@ setup_etcd_quotas() {
 }
 EOF
   )
-  printf 'POST %s: %s\n' "${name}" "${create_output}"
+  printf 'quotapb.Quota.CreateConfig %s: %s\n' "${name}" "${create_output}"
 
   # Success responses have the config name in them
   echo "${create_output}" | grep '"name":' > /dev/null

quota/etcd/README.md

@@ -2,21 +2,19 @@
 
 Package etcd (and its subpackages) contain an etcd-based
 [quota.Manager](https://github.com/google/trillian/blob/3cf59cdfd0/quota/quota.go#L101)
-implementation, with a corresponding REST-based configuration service.
+implementation, with a corresponding configuration service.
 
 ## Usage
 
 First, ensure both `logserver` and `logsigner` are started with the
-`--etcd_servers` and `--quota_system=etcd` flags, in addition to other flags.
-`logserver` must also be started with a non-empty `--http_endpoint` flag, so the
-REST quota API can be bound.
+`--etcd_servers` and `--quota_system=etcd` flags.
 
 For example:
 
 ```bash
 trillian_log_server \
   --etcd_servers=... \
-  --http_endpoint=localhost:8091 \
+  --rpc_endpoint=localhost:8090 \
   --quota_system=etcd
 
 trillian_log_signer --etcd_servers=... --quota_system=etcd
@@ -25,19 +23,14 @@ trillian_log_signer --etcd_servers=... --quota_system=etcd
 If correctly started, the servers will be using etcd quotas. The default
 configuration is empty, which means no quotas are enforced.
 
-The REST quota API may be used to create and update configurations.
+The quota API may be used to create and update configurations.
 
 For example, the command below creates a sequencing-based, `global/write` quota.
 Assuming an expected sequencing performance of 50 QPS, the `max_tokens`
 specified below implies a backlog of 4h.
 
 ```bash
-curl \
-  -d '@-' \
-  -s \
-  -H 'Content-Type: application/json' \
-  -X POST \
-  'localhost:8091/v1beta1/quotas/global/write/config' <<EOF
+grpcurl -plaintext -d @ localhost:8090 v1beta1/quotas/global/write/config <<EOF
 {
   "name": "quotas/global/write/config",
   "config": {
@@ -53,11 +46,11 @@ EOF
 To list all configured quotas, run:
 
 ```bash
-curl 'localhost:8091/v1beta1/quotas?view=FULL'
+grpcurl -plaintext -d '{"view": "FULL"}' localhost:8090 v1beta1/quotas
 ```
 
 Quotas may be retrieved individually or via a series of filters, updated and
-deleted through the REST API as well. See
+deleted through the quota API as well. See
 [quotapb.proto](https://github.com/google/trillian/blob/master/quota/etcd/quotapb/quotapb.proto)
 for an in-depth description of entities and available methods.