Add mutual TLS example code.

* Add examples sections in README linking to simple and tls examples.
* Update example links in README to be relative paths instead of GitHub URLs
  direct to the master branch.
* Update simple.py example README to work with Dgraph v1.0.10+ (Server -> Alpha
  rename).

Author: danielmai

README.md

@@ -27,6 +27,7 @@ and understand how to run and work with Dgraph.
   - [Commit a transaction](#commit-a-transaction)
   - [Cleanup Resources](#cleanup-resources)
   - [Setting Metadata Headers](#setting-metadata-headers)
+- [Examples](#examples)
 - [Development](#development)
   - [Building the source](#building-the-source)
   - [Running tests](#running-tests)
@@ -41,11 +42,11 @@ pip install pydgraph
 
 ## Quickstart
 
-Build and run the [simple] project in the `examples` folder, which
+Build and run the [simple][] project in the `examples` folder, which
 contains an end-to-end example of using the Dgraph python client. Follow the
 instructions in the README of that project.
 
-[simple]: https://github.com/dgraph-io/pydgraph/tree/master/examples/simple
+[simple]: ./examples/simple
 
 ## Using a client
 
@@ -300,6 +301,13 @@ metadata = [("auth-token", "the-auth-token-value")]
 dg.alter(op, metadata=metadata)
 ```
 
+## Examples
+
+- [simple][]: Quickstart example of using pydgraph.
+- [tls][]: Example of using pydgraph with a Dgraph cluster secured with TLS.
+
+[tls]: ./examples/tls
+
 ## Development
 
 ### Building the source

examples/simple/README.md

@@ -9,14 +9,14 @@ for Dgraph.
 
 ### Start Dgraph server
 
-You will need to install [Dgraph v1.0.0 or above][releases] and run it.
+You will need to install [Dgraph v1.0.10 or above][releases] and run it.
 
 [releases]: https://github.com/dgraph-io/dgraph/releases
 
 You can run the commands below to start a clean Dgraph server every time, for testing
 and exploration.
 
-First, create two separate directories for `dgraph zero` and `dgraph server`.
+First, create two separate directories for `dgraph zero` and `dgraph alpha`.
 
 ```sh
 mkdir -p dgraphdata/zero dgraphdata/data
@@ -27,18 +27,16 @@ Then start `dgraph zero`:
 ```sh
 cd dgraphdata/zero
 rm -r zw; dgraph zero
-# If running Dgraph version <= 1.0.2, use the following command instead:
-# rm -r zw; dgraph zero --port_offset -2000
 ```
 
-Finally, start the `dgraph server`:
+Finally, start the `dgraph alpha`:
 
 ```sh
 cd dgraphdata/data
-rm -r p w; dgraph server --memory_mb=1024 --zero localhost:5080
+rm -r p w; dgraph server --lru_mb=1024 --zero localhost:5080
 ```
 
-For more configuration options, and other details, refer to
+For more configuration options and other details, refer to
 [docs.dgraph.io](https://docs.dgraph.io)
 
 ## Install dependencies

examples/tls/.gitignore

@@ -0,0 +1,6 @@
+tls/
+
+p/
+w/
+zw/
+

examples/tls/README.md

@@ -0,0 +1,119 @@
+# Mutual TLS example project
+
+Project demonstrating the use of pydgraph and Dgraph set up with client-server
+mutual TLS. The following guide shows how to set up a single-group two-node
+cluster (1 Dgraph Zero and 1 Dgraph Alpha) configured with mutual TLS.
+
+## Running
+
+### Install Dgraph
+
+You will need to [install Dgraph v1.0.0 or
+above](https://docs.dgraph.io/get-started/#step-1-install-dgraph).
+
+A quick-start installation script is available for Linux and Mac:
+
+```sh
+curl -sSf https://get.dgraph.io | bash
+```
+
+### Create TLS certificates
+
+Dgraph provides a `dgraph cert` tool to create and manage self-signed
+server and client certificates using a generated Dgraph Root CA. See the [TLS
+documentation](https://docs.dgraph.io/deploy/#tls-configuration) for more
+information.
+
+Create the root CA. All certificates and keys are created in the `tls` directory.
+
+```sh
+dgraph cert
+```
+
+Now create the Alpha server certificate (node.crt) and key (node.key) and client
+certificate (client.user.crt) key (client.user.key).
+
+```sh
+dgraph cert -n localhost
+```
+
+```sh
+dgraph cert -c user
+```
+
+The following files should now be in the `tls` directory:
+
+```sh
+$ ls tls
+ca.crt  ca.key  client.user.crt  client.user.key  node.crt  node.key
+```
+
+Using `dgraph cert ls` provides more details about each file. For instance, it
+shows that the `node.crt` is valid only for the host named `localhost` and the
+corresponding file permissions.
+
+```sh
+$ dgraph cert ls
+-rw-r--r-- ca.crt - Dgraph Root CA certificate
+    Issuer: Dgraph Labs, Inc.
+       S/N: 3dfb9c54929d703b
+Expiration: 19 Feb 29 00:57 UTC
+  MD5 hash: C82CF5D4C344668E34A61D590D6A4B77
+
+-r-------- ca.key - Dgraph Root CA key
+  MD5 hash: C82CF5D4C344668E34A61D590D6A4B77
+
+-rw-r--r-- client.user.crt - Dgraph client certificate: user
+    Issuer: Dgraph Labs, Inc.
+ CA Verify: PASSED
+       S/N: 5991417e75ba14c7
+Expiration: 21 Feb 24 01:04 UTC
+  MD5 hash: BA35D4ABD8DFF1ED137E8D8E5D921D06
+
+-rw------- client.user.key - Dgraph Client key
+  MD5 hash: BA35D4ABD8DFF1ED137E8D8E5D921D06
+
+-rw-r--r-- node.crt - Dgraph Node certificate
+    Issuer: Dgraph Labs, Inc.
+ CA Verify: PASSED
+       S/N: 51d53048b6845d8c
+Expiration: 21 Feb 24 01:00 UTC
+     Hosts: localhost
+  MD5 hash: 5D71F59AAEE294F1CFDA9E3232761018
+
+-rw------- node.key - Dgraph Node key
+  MD5 hash: 5D71F59AAEE294F1CFDA9E3232761018
+```
+
+### Start Dgraph cluster
+
+Start Dgraph Zero:
+
+```sh
+dgraph zero
+```
+
+Start Dgraph Alpha with TLS options. `REQUIREANDVERIFY` sets mutual TLS (server authentication and client authentication):
+
+```sh
+dgraph alpha --lru_mb=1024 --zero=localhost:5080 --tls_dir=./tls --tls_client_auth=REQUIREANDVERIFY
+```
+
+### Run example
+
+Ensure the pydgraph client is installed:
+
+```sh
+pip install pydgraph
+```
+
+Then run the example, which connects to the Dgraph Alpha via TLS using the
+generated root CA cert and client cert and key in the `tls` directory. The
+example first deletes all the data in Dgraph via drop all, updates the schema,
+runs a mutation, and finally runs a query. The result of the query is printed
+out.
+
+```sh
+python mutualtls_example.py
+```
+

examples/tls/mutualtls_example.py

@@ -0,0 +1,64 @@
+#!/usr/bin/python
+
+import pydgraph
+import grpc
+
+def create_client(addr='localhost:9080'):
+    # Read certs
+    with open('./tls/ca.crt', 'rb') as f:
+        root_ca_cert = f.read()
+    with open('./tls/client.user.key', 'rb') as f:
+        client_cert_key = f.read()
+    with open('./tls/client.user.crt', 'rb') as f:
+        client_cert = f.read()
+
+    # Connect to Dgraph via gRPC with mutual TLS.
+    creds = grpc.ssl_channel_credentials(root_certificates=root_ca_cert,
+                                         private_key=client_cert_key,
+                                         certificate_chain=client_cert)
+    client_stub = pydgraph.DgraphClientStub(addr, credentials=creds)
+    return pydgraph.DgraphClient(client_stub)
+
+def main():
+    client = create_client('localhost:9080')
+
+    # Drop all
+    client.alter(pydgraph.Operation(drop_all=True))
+
+    # Update schema
+    schema = '''
+name: string @index(exact) .
+description: string .
+url: string .
+'''
+    op = pydgraph.Operation(schema=schema)
+    client.alter(op)
+
+    # Mutate
+    dgraph = {
+        "name": "Dgraph",
+        "description": "Scalable, Distributed, Low Latency Graph Database",
+        "url": "https://dgraph.io"
+    }
+    txn = client.txn()
+    try:
+        txn.mutate(set_obj=dgraph)
+        txn.commit()
+    finally:
+        txn.discard()
+    
+    # Query
+    res = client.query('''
+query dgraph($name: string) {
+  data(func: eq(name, $name)) {
+    uid
+    name
+    description
+    url
+  }
+}
+''', variables={"$name": "Dgraph"})
+    print(res.json);
+
+if __name__ == '__main__':
+    main()