feat(grpc): support gNMI basic auth and subscription modes #125
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
cubic analysis
3 issues found across 5 files • Review in cubic
React with 👍 or 👎 to teach cubic. You can also tag @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| u := md.Get("username") | ||
| p := md.Get("password") | ||
| if len(u) == 0 || len(p) == 0 || u[0] != user || p[0] != pass { | ||
| return fmt.Errorf("unauthorized") |
There was a problem hiding this comment.
Returning a generic fmt.Errorf here causes gRPC to translate the error to status code "Unknown", so the client cannot properly detect an authentication failure. Use status.Error(codes.Unauthenticated, …) instead to return the correct gRPC status code.
Prompt for AI agents
Address the following comment on examples/grpc_gnmi_client/main.go at line 38:
<comment>Returning a generic fmt.Errorf here causes gRPC to translate the error to status code "Unknown", so the client cannot properly detect an authentication failure. Use status.Error(codes.Unauthenticated, …) instead to return the correct gRPC status code.</comment>
<file context>
@@ -14,18 +14,43 @@ import (
"github.com/universal-tool-calling-protocol/go-utcp/src/repository"
"google.golang.org/grpc"
+ "google.golang.org/grpc/metadata"
)
type UnifiedServer struct {
grpcpb.UnimplementedUTCPServiceServer
gnmi.UnimplementedGNMIServer
</file context>
| "auth": { | ||
| "auth_type": "basic", | ||
| "username": "alice", | ||
| "password": "secret" |
There was a problem hiding this comment.
Hard-coded plaintext credential exposes a real-looking password in the repository and risks accidental leakage; replace with a placeholder or environment substitution.
Prompt for AI agents
Address the following comment on examples/grpc_gnmi_client/provider.json at line 13:
<comment>Hard-coded plaintext credential exposes a real-looking password in the repository and risks accidental leakage; replace with a placeholder or environment substitution.</comment>
<file context>
@@ -6,7 +6,12 @@
"host": "127.0.0.1",
"port": 9339,
"service_name": "gnmi.gNMI",
- "method_name": "Subscribe"
+ "method_name": "Subscribe",
+ "auth": {
+ "auth_type": "basic",
+ "username": "alice",
+ "password": "secret"
</file context>
| "password": "secret" | |
| "password": "${GNMI_PASSWORD}" |
| }, nil | ||
| } | ||
|
|
||
| func (b basicPerRPCCreds) RequireTransportSecurity() bool { return b.requireTLS } |
There was a problem hiding this comment.
Returning the provider’s UseSSL flag here allows the client to transmit basic-auth credentials over an insecure gRPC connection when UseSSL is false, exposing the username/password on the wire. PerRPCCredentials implementations that carry secrets should always require transport security (or otherwise internally enforce encryption) to avoid accidental leakage.
(Based on your team’s feedback about preventing insecure transmission of sensitive data.)
Prompt for AI agents
Address the following comment on src/transports/grpc/grpc_transport.go at line 41:
<comment>Returning the provider’s UseSSL flag here allows the client to transmit basic-auth credentials over an insecure gRPC connection when UseSSL is false, exposing the username/password on the wire. PerRPCCredentials implementations that carry secrets should always require transport security (or otherwise internally enforce encryption) to avoid accidental leakage.
(Based on your team’s feedback about preventing insecure transmission of sensitive data.)</comment>
<file context>
@@ -24,6 +25,21 @@ import (
. "github.com/universal-tool-calling-protocol/go-utcp/src/tools"
)
+type basicPerRPCCreds struct {
+ username string
+ password string
+ requireTLS bool
+}
+
</file context>
| func (b basicPerRPCCreds) RequireTransportSecurity() bool { return b.requireTLS } | |
| func (b basicPerRPCCreds) RequireTransportSecurity() bool { return true } |
1 participant
Summary by cubic
Adds Basic Auth to the gRPC transport and expands gNMI Subscribe support (list and per-subscription modes, intervals). Also improves gNMI path parsing with key predicates and updates examples and tests.