Documentation ¶
Overview ¶
Package server provides functionality so that other uses of sansshell can provide their own main.go without having to cargo-cult everything across for common use cases. i.e. simply adding your own authz hooks but using the standard modules. Or adding additional modules that are locally defined.
Index ¶
- func Run(ctx context.Context, opts ...Option)
- type Option
- func WithAuthzHook(hook rpcauth.RPCAuthzHook) Option
- func WithClientPolicy(policy string) Option
- func WithCredSource(credSource string) Option
- func WithHostPort(hostport string) Option
- func WithJustification(j bool) Option
- func WithJustificationHook(hook func(string) error) Option
- func WithLogger(l logr.Logger) Option
- func WithPolicy(policy string) Option
- func WithStreamClientInterceptor(i grpc.StreamClientInterceptor) Option
- func WithStreamInterceptor(i grpc.StreamServerInterceptor) Option
- func WithUnaryClientInterceptor(i grpc.UnaryClientInterceptor) Option
- func WithUnaryInterceptor(i grpc.UnaryServerInterceptor) Option
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Run ¶
Run takes the given context and RunState along with any authz hooks and starts up a sansshell proxy server using the flags above to provide credentials. An address hook (based on the remote host) with always be added. As this is intended to be called from main() it doesn't return errors and will instead exit on any errors.
Types ¶
type Option ¶ added in v1.6.0
type Option interface {
// contains filtered or unexported methods
}
func WithAuthzHook ¶ added in v1.6.0
func WithAuthzHook(hook rpcauth.RPCAuthzHook) Option
WithAuthzHook adds an additional authz hook to be applied to the server.
func WithClientPolicy ¶ added in v1.6.0
WithClientPolicy appplies an optional OPA policy for determining outbound decisions.
func WithCredSource ¶ added in v1.6.0
WithCredSource applies a registered credential source with the mtls package.
func WithHostPort ¶ added in v1.6.0
WithHostport applies the host:port to run the server.
func WithJustification ¶ added in v1.6.0
WithJustification applies the justification param. Justification if true requires justification to be set in the incoming RPC context Metadata (to the key defined in the telemetry package).
func WithJustificationHook ¶ added in v1.6.0
WithJustificationFunc applies a justification function. This function will be called if Justication is true and a justification entry is found. The supplied function can then do any validation it wants in order to ensure it's compliant.
func WithLogger ¶ added in v1.6.0
WithLogger applies a logger that is used for all logging. A discard based one is used if none is supplied.
func WithPolicy ¶ added in v1.6.0
WithPolicy applies an OPA policy used against incoming RPC requests.
func WithStreamClientInterceptor ¶ added in v1.6.0
func WithStreamClientInterceptor(i grpc.StreamClientInterceptor) Option
WithStreamClientInterceptor adds an additional stream client interceptor. These become any additional interceptors to be added to outbound streaming RPCs performed from this instance. They will be added after logging and authz checks.
func WithStreamInterceptor ¶ added in v1.6.0
func WithStreamInterceptor(i grpc.StreamServerInterceptor) Option
WithStreamInterceptor adds an additional stream server interceptor. These become any additional interceptors to be added to streaming RPCs served from this instance. They will be added after logging and authz checks.
func WithUnaryClientInterceptor ¶ added in v1.6.0
func WithUnaryClientInterceptor(i grpc.UnaryClientInterceptor) Option
WithUnaryClientInterceptor adds an additional unary client interceptor. These become any additional interceptors to be added to outbound unary RPCs performed from this instance. They will be added after logging and authz checks.
func WithUnaryInterceptor ¶ added in v1.6.0
func WithUnaryInterceptor(i grpc.UnaryServerInterceptor) Option
WithUnaryInterceptor adds an additional unary server interceptor. These become any additional interceptors to be added to unary RPCs served from this instance. They will be added after logging and authz checks.