Requirements
Networking
Certain ports must be accessible to connect to Formal Resources. You can listen on multiple ports simultaneously for various Resources.
gRPC is a high-performance, open-source Remote Procedure Call (RPC) framework that uses HTTP/2 for transport, Protocol Buffers as the interface description language, and provides features like authentication, bidirectional streaming, and flow control. The Formal Connector enables you to proxy and monitor gRPC traffic to your APIs while enforcing policies and logging all interactions.
The connector runs a healthcheck server on port 8080 to let clients determine if the proxy is operational. As a result, you cannot create a listener on port 8080 to connect to a gRPC resource.
Resource health check
gRPC health checks are not supported.
Native Users
Native users are not supported.
Connect to a gRPC Resource
To connect to the a gRPC resource with a Formal identity, set the following metadata in your gRPC calls:
x-formal-user-username: The username of the user making the requestx-formal-user-password: The user’s authentication credentials
Connecting using the gRPC CLI
To connect using grpc_cli, execute the following command:
grpc_cli call HOSTNAME_OF_THE_CONNECTOR:PORT GRPC_METHOD_NAME --metadata "x-formal-user-username:FORMAL_USERNAME:x-formal-user-password:FORMAL_ACCESS_TOKEN"
Policy Evaluation
Formal supports the following policy evaluation stages for gRPC:
- Session: Evaluate and enforce policies at connection time
- Pre-Request: Evaluate and enforce policies before request execution
Policies and Controls
You can apply Formal policies to gRPC traffic at the session and pre_request stages. The gRPC method name is available as input.grpc.method_name.
