server

package
v1.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 3, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package server provides the server-side implementation of the sansshell proxy server.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ReqBufferSize is the amount of requests we'll buffer on a given stream
	// while blocking to do the initial connect. After this the whole stream
	// will block until it can proceed (or error). Exported as a var so it can
	// be bound to a flag if wanted. By default this is only one as most RPCs
	// are unary from the client end so a small buffer is fine. Larger numbers
	// can cause large explosions in memory usage as potentially needing to buffer
	// N requests per sub stream that is slow/timing out.
	ReqBufferSize = 1
)

Functions

func LoadGlobalServiceMap

func LoadGlobalServiceMap() map[string]*ServiceMethod

LoadGlobalServiceMap loads service method defintions from the global file registry

func LoadServiceMap

func LoadServiceMap(files *protoregistry.Files) map[string]*ServiceMethod

LoadServiceMap returns serviceMethod information by introspecting protocol buffer definitions from files registered in the supplied protoregistry.Files instance

Types

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server implements proxy.ProxyServer

func New

func New(dialer TargetDialer, authorizer *rpcauth.Authorizer) *Server

New creates a new Server which will use the supplied TargetDialer for opening new target connections, and the global protobuf registry to resolve service methods The supplied authorizer is used to authorize requests made to targets.

func NewWithServiceMap

func NewWithServiceMap(dialer TargetDialer, authorizer *rpcauth.Authorizer, serviceMap map[string]*ServiceMethod) *Server

NewWithServiceMap create a new Server using the supplied TargetDialer and service map. The supplied authorizer is used to authorize requests made to targets.

func (*Server) Proxy

func (s *Server) Proxy(stream pb.Proxy_ProxyServer) error

Proxy implements ProxyServer.Proxy to provide a single bidirectional stream which manages requests to a set of one or more backend target servers

func (*Server) Register

func (s *Server) Register(sr grpc.ServiceRegistrar)

Register registers this server with the given ServiceRegistrar (typically a grpc.Server)

type ServiceMethod

type ServiceMethod struct {
	// contains filtered or unexported fields
}

A ServiceMethod represents a single gRPC service method

func (*ServiceMethod) ClientStreams

func (s *ServiceMethod) ClientStreams() bool

ClientStreams returns true if callers to this method send a stream of requests

func (*ServiceMethod) FullName

func (s *ServiceMethod) FullName() string

FullName returns the full method name as /Package.Service/Method

func (*ServiceMethod) NewReply

func (s *ServiceMethod) NewReply() proto.Message

NewReply returns a new reply message for this method

func (*ServiceMethod) NewRequest

func (s *ServiceMethod) NewRequest() proto.Message

NewRequest returns a new a request message for this method

func (*ServiceMethod) ServerStreams

func (s *ServiceMethod) ServerStreams() bool

ServerStreams returns true if servers that implement this method return a stream of responses

func (*ServiceMethod) StreamDesc

func (s *ServiceMethod) StreamDesc() *grpc.StreamDesc

StreamDesc returns a grpc.StreamDesc used to construct new client streams for this method

type TargetDialer

type TargetDialer interface {
	DialContext(ctx context.Context, target string, dialOpts ...grpc.DialOption) (grpc.ClientConnInterface, error)
}

A TargetDialer is used by the proxy server to make connections to requested targets It encapsulates the various low-level details of making target connections (such as client credentials, deadlines, etc) which the proxy can use without needing to understand them.

func NewDialer

func NewDialer(opts ...grpc.DialOption) TargetDialer

NewDialer creates a new TargetDialer that uses grpc.Dial with the supplied DialOptions

type TargetStream

type TargetStream struct {
	// contains filtered or unexported fields
}

A TargetStream is a single bidirectional stream between the proxy and a target sansshell server

func NewTargetStream

func NewTargetStream(ctx context.Context, target string, dialer TargetDialer, dialTimeout *time.Duration, method *ServiceMethod, authorizer *rpcauth.Authorizer) (*TargetStream, error)

NewTargetStream creates a new TargetStream for calling `method` on `target`

func (*TargetStream) ClientCancel

func (s *TargetStream) ClientCancel()

ClientCancel requests cancellation of the stream

func (*TargetStream) CloseSend

func (s *TargetStream) CloseSend()

CloseSend is used to indicate that no more client requests will be sent to this stream

func (*TargetStream) CloseWith

func (s *TargetStream) CloseWith(err error)

CloseWith initiates a closer of the stream, with the supplied error delivered in the ServerClose message, if no status has already been sent. If `err` is convertible to a grpc.Status, the status code will be preserved.

func (*TargetStream) Method

func (s *TargetStream) Method() string

Method returns the full method name associated with this stream

func (*TargetStream) NewRequest

func (s *TargetStream) NewRequest() proto.Message

NewRequest returns a new, empty request message for this target stream.

func (*TargetStream) PeerAuthInfo

func (s *TargetStream) PeerAuthInfo() *rpcauth.PeerAuthInput

PeerAuthInfo returns authz-relevant information about the stream peer

func (*TargetStream) Run

func (s *TargetStream) Run(nonce uint32, replyChan chan *pb.ProxyReply)

Run begins execution of the target stream All data received from target will be converted into ProxyReply messages for sending to a proxy client, including the final status of the target stream

func (*TargetStream) Send

func (s *TargetStream) Send(req proto.Message) error

Send the supplied request to the target stream, returning an error if the context has already been cancelled.

func (*TargetStream) StreamID

func (s *TargetStream) StreamID() uint64

StreamID returns the proxy-assigned stream identifier for this stream

func (*TargetStream) String

func (s *TargetStream) String() string

func (*TargetStream) Target

func (s *TargetStream) Target() string

Target returns the address of the target

type TargetStreamSet

type TargetStreamSet struct {
	// contains filtered or unexported fields
}

A TargetStreamSet manages multiple TargetStreams TargetStreamSets are not threadsafe, and should not be shared by multiple goroutines without external synchronization

func NewTargetStreamSet

func NewTargetStreamSet(serviceMethods map[string]*ServiceMethod, dialer TargetDialer, authorizer *rpcauth.Authorizer) *TargetStreamSet

NewTargetStreamSet creates a TargetStreamSet which manages a set of related TargetStreams

func (*TargetStreamSet) Add

func (t *TargetStreamSet) Add(ctx context.Context, req *pb.StartStream, replyChan chan *pb.ProxyReply, doneChan chan uint64) error

Add creates a new target stream for the given start stream request, and adds it to the set of streams managed by this set

The result of stream creation, as well as any messages received from the created stream will be sent directly to 'replyChan'. If the stream was successfully started, its id will eventually be sent to 'doneChan' when all work has completed.

Returns a non-nil error only on unrecoverable client error, such as the re-use of a nonce/target pair, which cannot be represented by a stream-specific status.

func (*TargetStreamSet) ClientCancel

func (t *TargetStreamSet) ClientCancel(req *pb.ClientCancel) error

ClientCancel cancels TargetStreams identified by ID in `req`

func (*TargetStreamSet) ClientClose

func (t *TargetStreamSet) ClientClose(req *pb.ClientClose) error

ClientClose dispatches ClientClose requests to TargetStreams identified by ID in `req`.

func (*TargetStreamSet) ClientCloseAll

func (t *TargetStreamSet) ClientCloseAll()

ClientCloseAll issues ClientClose to all associated TargetStreams

func (*TargetStreamSet) Remove

func (t *TargetStreamSet) Remove(streamID uint64)

Remove the stream corresponding to `streamid` from the stream set. Future references to this stream will return an error generally.

func (*TargetStreamSet) Send

func (t *TargetStreamSet) Send(ctx context.Context, req *pb.StreamData) error

Send dispatches new message data in `req` to the streams specified in req. It will return an error if a requested stream does not exist, the message type for the stream is incorrect, or if authorization data for the request cannot be generated. Before dispatching to the stream(s), an authorization check will be made to ensure that the request is permitted for all specified streams. On failure, streams that failed authorization will be closed with PermissionDenied, while other streams in the same request will continue along. Any other open TargetStreams which are not specified in the request are unaffected.

func (*TargetStreamSet) Wait

func (t *TargetStreamSet) Wait()

Wait blocks until all TargetStreams associated with this stream set have completed.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL