Documentation ¶
Overview ¶
Package server provides the server-side implementation of the sansshell proxy server.
Index ¶
- Variables
- func LoadGlobalServiceMap() map[string]*ServiceMethod
- func LoadServiceMap(files *protoregistry.Files) map[string]*ServiceMethod
- type ClientConnCloser
- type Server
- type ServiceMethod
- type TargetDialer
- type TargetStream
- func (s *TargetStream) ClientCancel()
- func (s *TargetStream) CloseSend()
- func (s *TargetStream) CloseWith(err error)
- func (s *TargetStream) Method() string
- func (s *TargetStream) NewRequest() proto.Message
- func (s *TargetStream) PeerAuthInfo() *rpcauth.PeerAuthInput
- func (s *TargetStream) Run(nonce uint32, replyChan chan *pb.ProxyReply)
- func (s *TargetStream) Send(req proto.Message) error
- func (s *TargetStream) StreamID() uint64
- func (s *TargetStream) String() string
- func (s *TargetStream) Target() string
- type TargetStreamSet
- func (t *TargetStreamSet) Add(ctx context.Context, req *pb.StartStream, replyChan chan *pb.ProxyReply, ...) error
- func (t *TargetStreamSet) ClientCancel(req *pb.ClientCancel) error
- func (t *TargetStreamSet) ClientClose(req *pb.ClientClose) error
- func (t *TargetStreamSet) ClientCloseAll()
- func (t *TargetStreamSet) Remove(streamID uint64)
- func (t *TargetStreamSet) Send(ctx context.Context, req *pb.StreamData) error
- func (t *TargetStreamSet) Wait()
Constants ¶
This section is empty.
Variables ¶
var ( // ReqBufferSize is the amount of requests we'll buffer on a given stream // while blocking to do the initial connect. After this the whole stream // will block until it can proceed (or error). Exported as a var so it can // be bound to a flag if wanted. By default this is only one as most RPCs // are unary from the client end so a small buffer is fine. Larger numbers // can cause large explosions in memory usage as potentially needing to buffer // N requests per sub stream that is slow/timing out. ReqBufferSize = 1 )
Functions ¶
func LoadGlobalServiceMap ¶
func LoadGlobalServiceMap() map[string]*ServiceMethod
LoadGlobalServiceMap loads service method defintions from the global file registry
func LoadServiceMap ¶
func LoadServiceMap(files *protoregistry.Files) map[string]*ServiceMethod
LoadServiceMap returns serviceMethod information by introspecting protocol buffer definitions from files registered in the supplied protoregistry.Files instance
Types ¶
type ClientConnCloser ¶ added in v1.24.1
type ClientConnCloser interface { grpc.ClientConnInterface Close() error }
ClientConnCloser is a closeable grpc.ClientConnInterface
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server implements proxy.ProxyServer
func New ¶
func New(dialer TargetDialer, authorizer *rpcauth.Authorizer) *Server
New creates a new Server which will use the supplied TargetDialer for opening new target connections, and the global protobuf registry to resolve service methods The supplied authorizer is used to authorize requests made to targets.
func NewWithServiceMap ¶
func NewWithServiceMap(dialer TargetDialer, authorizer *rpcauth.Authorizer, serviceMap map[string]*ServiceMethod) *Server
NewWithServiceMap create a new Server using the supplied TargetDialer and service map. The supplied authorizer is used to authorize requests made to targets.
func (*Server) Proxy ¶
func (s *Server) Proxy(stream pb.Proxy_ProxyServer) error
Proxy implements ProxyServer.Proxy to provide a single bidirectional stream which manages requests to a set of one or more backend target servers
func (*Server) Register ¶
func (s *Server) Register(sr grpc.ServiceRegistrar)
Register registers this server with the given ServiceRegistrar (typically a grpc.Server)
type ServiceMethod ¶
type ServiceMethod struct {
// contains filtered or unexported fields
}
A ServiceMethod represents a single gRPC service method
func (*ServiceMethod) ClientStreams ¶
func (s *ServiceMethod) ClientStreams() bool
ClientStreams returns true if callers to this method send a stream of requests
func (*ServiceMethod) FullName ¶
func (s *ServiceMethod) FullName() string
FullName returns the full method name as /Package.Service/Method
func (*ServiceMethod) NewReply ¶
func (s *ServiceMethod) NewReply() proto.Message
NewReply returns a new reply message for this method
func (*ServiceMethod) NewRequest ¶
func (s *ServiceMethod) NewRequest() proto.Message
NewRequest returns a new a request message for this method
func (*ServiceMethod) ServerStreams ¶
func (s *ServiceMethod) ServerStreams() bool
ServerStreams returns true if servers that implement this method return a stream of responses
func (*ServiceMethod) StreamDesc ¶
func (s *ServiceMethod) StreamDesc() *grpc.StreamDesc
StreamDesc returns a grpc.StreamDesc used to construct new client streams for this method
type TargetDialer ¶
type TargetDialer interface {
DialContext(ctx context.Context, target string, dialOpts ...grpc.DialOption) (ClientConnCloser, error)
}
A TargetDialer is used by the proxy server to make connections to requested targets It encapsulates the various low-level details of making target connections (such as client credentials, deadlines, etc) which the proxy can use without needing to understand them.
func NewDialer ¶
func NewDialer(opts ...grpc.DialOption) TargetDialer
NewDialer creates a new TargetDialer that uses grpc.Dial with the supplied DialOptions
type TargetStream ¶
type TargetStream struct {
// contains filtered or unexported fields
}
A TargetStream is a single bidirectional stream between the proxy and a target sansshell server
func NewTargetStream ¶
func NewTargetStream(ctx context.Context, target string, dialer TargetDialer, dialTimeout *time.Duration, method *ServiceMethod, authorizer *rpcauth.Authorizer) (*TargetStream, error)
NewTargetStream creates a new TargetStream for calling `method` on `target`
func (*TargetStream) ClientCancel ¶
func (s *TargetStream) ClientCancel()
ClientCancel requests cancellation of the stream
func (*TargetStream) CloseSend ¶
func (s *TargetStream) CloseSend()
CloseSend is used to indicate that no more client requests will be sent to this stream
func (*TargetStream) CloseWith ¶
func (s *TargetStream) CloseWith(err error)
CloseWith initiates a closer of the stream, with the supplied error delivered in the ServerClose message, if no status has already been sent. If `err` is convertible to a grpc.Status, the status code will be preserved.
func (*TargetStream) Method ¶
func (s *TargetStream) Method() string
Method returns the full method name associated with this stream
func (*TargetStream) NewRequest ¶
func (s *TargetStream) NewRequest() proto.Message
NewRequest returns a new, empty request message for this target stream.
func (*TargetStream) PeerAuthInfo ¶
func (s *TargetStream) PeerAuthInfo() *rpcauth.PeerAuthInput
PeerAuthInfo returns authz-relevant information about the stream peer
func (*TargetStream) Run ¶
func (s *TargetStream) Run(nonce uint32, replyChan chan *pb.ProxyReply)
Run begins execution of the target stream All data received from target will be converted into ProxyReply messages for sending to a proxy client, including the final status of the target stream
func (*TargetStream) Send ¶
func (s *TargetStream) Send(req proto.Message) error
Send the supplied request to the target stream, returning an error if the context has already been cancelled.
func (*TargetStream) StreamID ¶
func (s *TargetStream) StreamID() uint64
StreamID returns the proxy-assigned stream identifier for this stream
func (*TargetStream) String ¶
func (s *TargetStream) String() string
func (*TargetStream) Target ¶
func (s *TargetStream) Target() string
Target returns the address of the target
type TargetStreamSet ¶
type TargetStreamSet struct {
// contains filtered or unexported fields
}
A TargetStreamSet manages multiple TargetStreams TargetStreamSets are not threadsafe, and should not be shared by multiple goroutines without external synchronization
func NewTargetStreamSet ¶
func NewTargetStreamSet(serviceMethods map[string]*ServiceMethod, dialer TargetDialer, authorizer *rpcauth.Authorizer) *TargetStreamSet
NewTargetStreamSet creates a TargetStreamSet which manages a set of related TargetStreams
func (*TargetStreamSet) Add ¶
func (t *TargetStreamSet) Add(ctx context.Context, req *pb.StartStream, replyChan chan *pb.ProxyReply, doneChan chan uint64) error
Add creates a new target stream for the given start stream request, and adds it to the set of streams managed by this set
The result of stream creation, as well as any messages received from the created stream will be sent directly to 'replyChan'. If the stream was successfully started, its id will eventually be sent to 'doneChan' when all work has completed.
Returns a non-nil error only on unrecoverable client error, such as the re-use of a nonce/target pair, which cannot be represented by a stream-specific status.
func (*TargetStreamSet) ClientCancel ¶
func (t *TargetStreamSet) ClientCancel(req *pb.ClientCancel) error
ClientCancel cancels TargetStreams identified by ID in `req`
func (*TargetStreamSet) ClientClose ¶
func (t *TargetStreamSet) ClientClose(req *pb.ClientClose) error
ClientClose dispatches ClientClose requests to TargetStreams identified by ID in `req`.
func (*TargetStreamSet) ClientCloseAll ¶
func (t *TargetStreamSet) ClientCloseAll()
ClientCloseAll issues ClientClose to all associated TargetStreams
func (*TargetStreamSet) Remove ¶
func (t *TargetStreamSet) Remove(streamID uint64)
Remove the stream corresponding to `streamid` from the stream set. Future references to this stream will return an error generally.
func (*TargetStreamSet) Send ¶
func (t *TargetStreamSet) Send(ctx context.Context, req *pb.StreamData) error
Send dispatches new message data in `req` to the streams specified in req. It will return an error if a requested stream does not exist, the message type for the stream is incorrect, or if authorization data for the request cannot be generated. Before dispatching to the stream(s), an authorization check will be made to ensure that the request is permitted for all specified streams. On failure, streams that failed authorization will be closed with PermissionDenied, while other streams in the same request will continue along. Any other open TargetStreams which are not specified in the request are unaffected.
func (*TargetStreamSet) Wait ¶
func (t *TargetStreamSet) Wait()
Wait blocks until all TargetStreams associated with this stream set have completed.