how to use grpc calls

[warlock9600]

hi everyone!
i'm run wg-access-server in kubernetes with postgres backend, but not understand how to use grpc calls to automate user CRUD operations

can you tell me how to implement access to grpc?

[DasSkelett]

I'm not sure if I understand the question correctly, do you want to create users through the gRPC API?
If so, that's not possible. The wg-access-server only supports either specifying basic auth users statically in the config file, or through an OIDC backend, or a GitLab instance (which is also implemented through OIDC). See https://www.freie-netze.org/wg-access-server/4-auth/

If you want to have dynamic user management, you need to set up some Identity and Access Management like Keycloak and connect it through OIDC.

[warlock9600]

ok, i'm wrong %)

i meant creating/deleting peers using gRPC API
devices.proto provides several methods (AddDeviceReq, ListDevicesReq, etc) - how to use them from another application?

[DasSkelett]

You should be able to generate the code from the .proto files for the language you want, then hook it together. You can check the frontend code as an example, e.g.

wg-access-server/website/src/components/AddDevice.tsx

Lines 41 to 67 in ad98910

	const keypair = box_keyPair();
	const publicKey = window.btoa(String.fromCharCode(...(new Uint8Array(keypair.publicKey) as any)));
	const privateKey = window.btoa(String.fromCharCode(...(new Uint8Array(keypair.secretKey) as any)));
	try {
	const device = await grpc.devices.addDevice({
	name: this.deviceName,
	publicKey,
	});
	this.props.onAdd();
	const info = AppState.info!;
	const configFile = codeBlock`
	[Interface]
	PrivateKey = ${privateKey}
	Address = ${device.address}
	${info.dnsEnabled && `DNS = ${info.dnsAddress}`}
	[Peer]
	PublicKey = ${info.publicKey}
	AllowedIPs = ${info.allowedIps}
	Endpoint = ${`${info.host?.value || window.location.hostname}:${info.port || '51820'}`}
	`;
	this.configFile = configFile;
	this.dialogOpen = true;
	this.reset();

for creating a wireguard-native ini-style config file after adding a new device.

[warlock9600]

uh, nope

for example

i have locally installed Postman with added proto scheme from repository
how to make from Postman gRPC request to proto.Devices with ListAllDevices method?

[DasSkelett]

I don't know Postman aside from that it exists, but this could be a start https://blog.postman.com/postman-now-supports-grpc/ ?
But we use gRPC-Web to be precise, which might or might not work with Postman.

But I think I need to point out that the API isn't meant as a standalone one, it's primary purpose is the consumption through the wg-access-server frontend. I also can't promise that we don't break it every now and then.

Why do you want to call it through Postman? Just as a gateway / load balancer? If so, a normal HTTP reverse proxy should work just fine, in the end, thanks to gRPC-Web, it's just HTTP/1.1 or HTTP/2 requests.

[warlock9600]

hmm, can you give an example of how to use any of these api requests via http?

[DasSkelett]

Not really, no. Because while the underlying transport is HTTP, the POST body data is protobuf-encoded (and maybe some grpc-specific additions?). You should let protoc's code generation generate the client code for whatever programming language you need and build anything else around that. See https://developers.google.com/protocol-buffers/ and https://grpc.io/ for basics about protocol buffers and gRPC.

But as I said, I really don't see the need to do this. We have a working web UI, if there are issues with it please open bug reports or feature requests. Unless you explain what you actually want to do and what your ultimate goal is I won't be able to help you.

[DasSkelett]

Closing now, please come back with more details if you need more help.