Documentation ¶
Overview ¶
Package server provides functionality so that other uses of sansshell can provide their own main.go without having to cargo-cult everything across for common use cases. i.e. adding additional modules that are locally defined.
Index ¶
- func Run(ctx context.Context, opts ...Option)
- type Option
- func WithAuthzHook(hook rpcauth.RPCAuthzHook) Option
- func WithCredSource(credSource string) Option
- func WithDebugPort(addr string) Option
- func WithHostPort(hostport string) Option
- func WithJustification(j bool) Option
- func WithJustificationHook(hook func(string) error) Option
- func WithLogger(l logr.Logger) Option
- func WithMetricsPort(addr string) Option
- func WithMetricsRecorder(recorder metrics.MetricsRecorder) Option
- func WithOtelTracing(interceptorOpts ...otelgrpc.Option) Option
- func WithParsedPolicy(policy *opa.AuthzPolicy) Option
- func WithPolicy(policy string) Option
- func WithRawServerOption(s func(*grpc.Server)) Option
- func WithRefreshCredsOnSIGHUP() Option
- func WithStreamInterceptor(i grpc.StreamServerInterceptor) Option
- func WithTlsConfig(tlsConfig *tls.Config) Option
- func WithUnaryInterceptor(i grpc.UnaryServerInterceptor) Option
- func WithUnixSocket(socket string) Option
- func WithUnixSocketConfigHook(h func(string) error) Option
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Option ¶ added in v1.6.0
type Option interface {
// contains filtered or unexported methods
}
func WithAuthzHook ¶ added in v1.6.0
func WithAuthzHook(hook rpcauth.RPCAuthzHook) Option
WithAuthzHook adds an additional authz hook to be applied to the server.
func WithCredSource ¶ added in v1.6.0
WithCredSource applies a registered credential source with the mtls package.
func WithDebugPort ¶ added in v1.18.0
WithDebugPort opens an additional port for a http debug page.
This is meant for humans. The format of the debug pages may change over time.
func WithHostPort ¶ added in v1.6.0
WithHostport applies the host:port to run the server.
func WithJustification ¶ added in v1.6.0
WithJustification applies the justification param. Justification if true requires justification to be set in the incoming RPC context Metadata (to the key defined in the telemetry package).
func WithJustificationHook ¶ added in v1.6.0
WithJustificationFunc applies a justification function. This function will be called if Justication is true and a justification entry is found. The supplied function can then do any validation it wants in order to ensure it's compliant.
func WithLogger ¶ added in v1.6.0
WithLogger applies a logger that is used for all logging. A discard based one is used if none is supplied.
func WithMetricsPort ¶ added in v1.19.4
WithMetricsPort opens a HTTP endpoint for publishing metrics at the given addr and initializes metrics exporter. This endpoint is to be scraped by a Prometheus-style metrics scraper. It can be accessed at http://{addr}/metrics
func WithMetricsRecorder ¶ added in v1.19.4
func WithMetricsRecorder(recorder metrics.MetricsRecorder) Option
WithMetricsRecorder enables metric instrumentations by inserting grpc metric interceptors and attaching recorder to the server runstate
func WithOtelTracing ¶ added in v1.18.4
WithOtelTracing adds the OpenTelemetry gRPC interceptors to both stream and unary servers The interceptors collect and export tracing data for gRPC requests and responses
func WithParsedPolicy ¶ added in v1.19.2
func WithParsedPolicy(policy *opa.AuthzPolicy) Option
WithParsedPolicy applies an already-parsed OPA policy used against incoming RPC requests.
func WithPolicy ¶ added in v1.6.0
WithPolicy applies an OPA policy used against incoming RPC requests.
func WithRawServerOption ¶ added in v1.9.0
WithRawServerOption allows one access to the RPC Server object. Generally this is done to add additional registration functions for RPC services to be done before starting the server.
func WithRefreshCredsOnSIGHUP ¶ added in v1.30.0
func WithRefreshCredsOnSIGHUP() Option
WithRefreshCredsOnSIGHUP will make sansshell-server refresh its credentials via its credential loader when it receives a SIGHUP signal. This is useful if you want to make sansshell immediately refresh its identity and trust configuration via `systemctl reload`.
func WithStreamInterceptor ¶ added in v1.6.0
func WithStreamInterceptor(i grpc.StreamServerInterceptor) Option
WithStreamInterceptor adds an additional stream server interceptor. These become any additional interceptors to be added to streaming RPCs served from this instance. They will be added after logging and authz checks.
func WithTlsConfig ¶ added in v1.14.1
WithTlsConfig applies a supplied tls.Config object to the gRPC server.
func WithUnaryInterceptor ¶ added in v1.6.0
func WithUnaryInterceptor(i grpc.UnaryServerInterceptor) Option
WithUnaryInterceptor adds an additional unary server interceptor. These become any additional interceptors to be added to unary RPCs served from this instance. They will be added after logging and authz checks.
func WithUnixSocket ¶ added in v1.36.0
WithUnixSocket specifies the path of a Unix socket which should be opened for the server to listen on, in addition to the TCP socket specified in WithHostPort.
func WithUnixSocketConfigHook ¶ added in v1.36.0
WithUnixSocketConfigHook allows for a hook to be called with the Unix socket path after it is created but before the server starts. This allows callers to set proper permissions and ownership on the socket.