Documentation ¶
Overview ¶
Package alts implements the ALTS credential support by gRPC library, which encapsulates all the state needed by a client to authenticate with a server using ALTS and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call. This package is experimental.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUntrustedPlatform is returned from ClientHandshake and // ServerHandshake is running on a platform where the trustworthiness of // the handshaker service is not guaranteed. ErrUntrustedPlatform = errors.New("untrusted platform") )
Functions ¶
func NewClientCreds ¶
func NewClientCreds(opts *ClientOptions) credentials.TransportCredentials
NewClientCreds constructs a client-side ALTS TransportCredentials object.
func NewServerCreds ¶
func NewServerCreds(opts *ServerOptions) credentials.TransportCredentials
NewServerCreds constructs a server-side ALTS TransportCredentials object.
Types ¶
type AuthInfo ¶
type AuthInfo interface { // ApplicationProtocol returns application protocol negotiated for the // ALTS connection. ApplicationProtocol() string // RecordProtocol returns the record protocol negotiated for the ALTS // connection. RecordProtocol() string // SecurityLevel returns the security level of the created ALTS secure // channel. SecurityLevel() altspb.SecurityLevel // PeerServiceAccount returns the peer service account. PeerServiceAccount() string // LocalServiceAccount returns the local service account. LocalServiceAccount() string // PeerRPCVersions returns the RPC version supported by the peer. PeerRPCVersions() *altspb.RpcProtocolVersions }
AuthInfo exposes security information from the ALTS handshake to the application. This interface is to be implemented by ALTS. Users should not need a brand new implementation of this interface. For situations like testing, any new implementation should embed this interface. This allows ALTS to add new methods to this interface.
type ClientOptions ¶
type ClientOptions struct { // TargetServiceAccounts contains a list of expected target service // accounts. TargetServiceAccounts []string // HandshakerServiceAddress represents the ALTS handshaker gRPC service // address to connect to. HandshakerServiceAddress string }
ClientOptions contains the client-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker.
func DefaultClientOptions ¶ added in v1.12.0
func DefaultClientOptions() *ClientOptions
DefaultClientOptions creates a new ClientOptions object with the default values.
type ServerOptions ¶ added in v1.12.0
type ServerOptions struct { // HandshakerServiceAddress represents the ALTS handshaker gRPC service // address to connect to. HandshakerServiceAddress string }
ServerOptions contains the server-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker.
func DefaultServerOptions ¶ added in v1.12.0
func DefaultServerOptions() *ServerOptions
DefaultServerOptions creates a new ServerOptions object with the default values.
Directories ¶
Path | Synopsis |
---|---|
Package core contains common core functionality for ALTS.
|
Package core contains common core functionality for ALTS. |
authinfo
Package authinfo provide authentication information returned by handshakers.
|
Package authinfo provide authentication information returned by handshakers. |
conn
Package conn contains an implementation of a secure channel created by gRPC handshakers.
|
Package conn contains an implementation of a secure channel created by gRPC handshakers. |
handshaker
Package handshaker provides ALTS handshaking functionality for GCP.
|
Package handshaker provides ALTS handshaking functionality for GCP. |
handshaker/service
Package service manages connections between the VM application and the ALTS handshaker service.
|
Package service manages connections between the VM application and the ALTS handshaker service. |
proto/grpc_gcp
Package grpc_gcp is a generated protocol buffer package.
|
Package grpc_gcp is a generated protocol buffer package. |
testutil
Package testutil include useful test utilities for the handshaker.
|
Package testutil include useful test utilities for the handshaker. |