Documentation ¶
Index ¶
- Constants
- func StreamPublicEndpointFilter(c *config, info *grpc.StreamServerInfo) bool
- func StreamReflectionFilter(_ *config, info *grpc.StreamServerInfo) bool
- func StreamServerInterceptorWithFilter(c *config, in grpc.StreamServerInterceptor, ...) grpc.StreamServerInterceptor
- func UnaryPublicEndpointFilter(c *config, info *grpc.UnaryServerInfo) bool
- func UnaryReflectionFilter(_ *config, info *grpc.UnaryServerInfo) bool
- func UnaryServerInterceptorWithFilter(c *config, in grpc.UnaryServerInterceptor, ...) grpc.UnaryServerInterceptor
- type AuthConfig
- type AuthContextKeyType
- type OpenIDConnectClaim
- type ProfileClaim
- type Server
- type StartGRPCServerOption
- func WithAdditionalGRPCOpts(opts []grpc.ServerOption) StartGRPCServerOption
- func WithJWKS(url string) StartGRPCServerOption
- func WithPublicEndpoints(endpoints []string) StartGRPCServerOption
- func WithPublicKey(publicKey *ecdsa.PublicKey) StartGRPCServerOption
- func WithReflection() StartGRPCServerOption
- func WithServices(services ...service.Service) StartGRPCServerOption
Constants ¶
const AuthContextKey = AuthContextKeyType("token")
AuthContextKey is a key used in RPC context to retrieve the token info with using context.Value.
const DefaultJWKSURL = "http://localhost:8080/v1/auth/certs"
DefaultJWKSURL is the default JWKS url pointing to a local authentication server.
Variables ¶
This section is empty.
Functions ¶
func StreamPublicEndpointFilter ¶
func StreamPublicEndpointFilter(c *config, info *grpc.StreamServerInfo) bool
StreamPublicEndpointFilter is a filter that ignores calls to the public endpoints
func StreamReflectionFilter ¶
func StreamReflectionFilter(_ *config, info *grpc.StreamServerInfo) bool
StreamReflectionFilter is a filter that ignores calls to the reflection endpoint
func StreamServerInterceptorWithFilter ¶
func StreamServerInterceptorWithFilter(c *config, in grpc.StreamServerInterceptor, filter ...func(c *config, info *grpc.StreamServerInfo) bool) grpc.StreamServerInterceptor
StreamServerInterceptorWithFilter wraps a grpc.StreamServerInterceptor and only invokes the interceptor, if the filter function does not return true.
func UnaryPublicEndpointFilter ¶
func UnaryPublicEndpointFilter(c *config, info *grpc.UnaryServerInfo) bool
UnaryPublicEndpointFilter is a filter that ignores calls to the public endpoints
func UnaryReflectionFilter ¶
func UnaryReflectionFilter(_ *config, info *grpc.UnaryServerInfo) bool
UnaryReflectionFilter is a filter that ignores calls to the reflection endpoint
func UnaryServerInterceptorWithFilter ¶
func UnaryServerInterceptorWithFilter(c *config, in grpc.UnaryServerInterceptor, filter ...func(c *config, info *grpc.UnaryServerInfo) bool) grpc.UnaryServerInterceptor
UnaryServerInterceptorWithFilter wraps a grpc.UnaryServerInterceptor and only invokes the interceptor, if the filter function does not return true.
Types ¶
type AuthConfig ¶
type AuthConfig struct {
// contains filtered or unexported fields
}
AuthConfig contains all necessary parameters that are needed to configure an authentication middleware.
func (*AuthConfig) AuthFunc ¶
func (config *AuthConfig) AuthFunc() grpc_auth.AuthFunc
AuthFunc returns a grpc_auth.AuthFunc that authenticates incoming gRPC requests based on the configuration properties.
type AuthContextKeyType ¶
type AuthContextKeyType string
AuthContextKeyType is a key type that is used in context.WithValue to store the token info in the RPC context. It should exclusively be used with the value of AuthContextKey.
Why is this needed? To avoid conflicts, the string type should not be used directly but they should be type-aliased.
type OpenIDConnectClaim ¶
type OpenIDConnectClaim struct { *jwt.RegisteredClaims *ProfileClaim }
OpenIDConnectClaim represents a claim that supports some aspects of a token issued by an OpenID Connect provider. It contains the regular registered JWT claims as well as some specific optional claims, which are empty if Open ID Connect is not used.
type ProfileClaim ¶
type ProfileClaim struct { PreferredUsername string `json:"preferred_username"` Name string `json:"name"` GivenName string `json:"given_name"` FamilyName string `json:"family_name"` }
ProfileClaim represents claims that are contained in the profile scope of OpenID Connect.
type Server ¶
Server is a typealias for grpc.Server so that users of this package do not need to import the grpc packages directly.
func StartGRPCServer ¶
func StartGRPCServer(addr string, opts ...StartGRPCServerOption) (sock net.Listener, srv *Server, err error)
StartGRPCServer starts a gRPC server listening on the given address. The server can be configured using the supplied opts, e.g., to register various Clouditor services. The server itself is started in a separate Go routine, therefore this function will NOT block.
type StartGRPCServerOption ¶
type StartGRPCServerOption func(c *config)
StartGRPCServerOption is a type for functional style options that can configure the StartGRPCServer function.
func WithAdditionalGRPCOpts ¶
func WithAdditionalGRPCOpts(opts []grpc.ServerOption) StartGRPCServerOption
WithAdditionalGRPCOpts is an option to add an additional gRPC dial options in the REST server communication to the backend.
func WithJWKS ¶
func WithJWKS(url string) StartGRPCServerOption
WithJWKS is an option to provide a URL that contains a JSON Web Key Set (JWKS). The JWKS will be used to validate tokens coming from RPC clients against public keys contains in the JWKS.
func WithPublicEndpoints ¶
func WithPublicEndpoints(endpoints []string) StartGRPCServerOption
WithReflection is an option for StartGRPCServer to enable gRPC reflection.
func WithPublicKey ¶
func WithPublicKey(publicKey *ecdsa.PublicKey) StartGRPCServerOption
WithPublicKey is an option to directly provide a ECDSA public key which is used to verify tokens coming from RPC clients.
func WithReflection ¶
func WithReflection() StartGRPCServerOption
WithReflection is an option for StartGRPCServer to enable gRPC reflection.
func WithServices ¶
func WithServices(services ...service.Service) StartGRPCServerOption
WithServices is an option for StartGRPCServer to register services at start.