client

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 31, 2022 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package client provides communication with the Aserto services.

There are two groups of services:

1. client/authorizer provides access to the authorizer service and the edge services running alongside it.

2. client/tenant provides access to the Aserto control plane services.

Index

Constants

This section is empty.

Variables

View Source 
var ErrInvalidOptions = errors.New("invalid connection options")

Functions

func SetSessionContext 

func SetSessionContext(ctx context.Context, sessionID string) context.Context

func SetTenantContext 

func SetTenantContext(ctx context.Context, tenantID string) context.Context

SetTenantContext returns a new context with the provided tenant ID embedded as metadata.

Types

type Config 

type Config struct {
	Address          string            `json:"address"`
	Token            string            `json:"token"`
	APIKey           string            `json:"api_key"`
	ClientCertPath   string            `json:"client_cert_path"`
	ClientKeyPath    string            `json:"client_key_path"`
	CACertPath       string            `json:"ca_cert_path"`
	TimeoutInSeconds int               `json:"timeout_in_seconds"`
	Insecure         bool              `json:"insecure"`
	Headers          map[string]string `json:"headers"`
}

gRPC Client Configuration.

type Connection 

type Connection struct {
	// Conn is the underlying gRPC connection to the backend service.
	Conn grpc.ClientConnInterface

	// TenantID is the ID of the Aserto tenant making the connection.
	TenantID string

	// SessionID
	SessionID string
}

Connection represents a gRPC connection with an Aserto tenant ID.

The tenant ID is automatically sent to the backend on each request using a ClientInterceptor.

func NewConnection 

func NewConnection(ctx context.Context, opts ...ConnectionOption) (*Connection, error)

NewConnection establishes a gRPC connection.

Options

Options can be specified to configure the connection or override default behavior:

1. WithAddr() - sets the server address and port. Default: "authorizer.prod.aserto.com:8443".

2. WithAPIKeyAuth() - sets an API key for authentication.

3. WithTokenAuth() - sets an OAuth2 token to be used for authentication.

4. WithTenantID() - sets the aserto tenant ID.

5. WithInsecure() - enables/disables TLS verification. Default: false.

6. WithCACertPath() - adds the specified PEM certificate file to the connection's list of trusted root CAs.

Timeout

Connection timeout can be set on the specified context using context.WithTimeout. If no timeout is set on the context, the default connection timeout is 5 seconds. For example, to increase the timeout to 10 seconds: 

ctx := context.Background()

client, err := authorizer.New(
	context.WithTimeout(ctx, time.Duration(10) * time.Second),
	aserto.WithAPIKeyAuth("<API Key>"),
	aserto.WithTenantID("<Tenant ID>"),
)

type ConnectionOption 

type ConnectionOption func(*ConnectionOptions) error

ConnectionOption functions are used to configure ConnectionOptions instances.

func WithAPIKeyAuth 

func WithAPIKeyAuth(key string) ConnectionOption

WithAPIKeyAuth uses an Aserto API key to authenticate with the authorizer service.

func WithAddr 

func WithAddr(addr string) ConnectionOption

WithAddr overrides the default authorizer server address.

Note: WithAddr and WithURL are mutually exclusive.

func WithCACertPath 

func WithCACertPath(path string) ConnectionOption

WithCACertPath treats the specified certificate file as a trusted root CA.

Include it when calling an authorizer service that uses a self-issued SSL certificate.

func WithChainStreamInterceptor 

func WithChainStreamInterceptor(mw ...grpc.StreamClientInterceptor) ConnectionOption

WithChainStreamInterceptor adds a stream interceptor to grpc dial options.

func WithChainUnaryInterceptor 

func WithChainUnaryInterceptor(mw ...grpc.UnaryClientInterceptor) ConnectionOption

WithChainUnaryInterceptor adds a unary interceptor to grpc dial options.

func WithDialOptions 

func WithDialOptions(opts ...grpc.DialOption) ConnectionOption

WithDialOptions add custom dial options to the grpc connection.

func WithInsecure 

func WithInsecure(insecure bool) ConnectionOption

WithInsecure disables TLS verification.

func WithSessionID 

func WithSessionID(sessionID string) ConnectionOption

WithSessionID sets the Aserto session ID.

func WithTenantID 

func WithTenantID(tenantID string) ConnectionOption

WithTenantID sets the Aserto tenant ID.

func WithTokenAuth 

func WithTokenAuth(token string) ConnectionOption

WithTokenAuth uses an OAuth2.0 token to authenticate with the authorizer service.

func WithURL 

func WithURL(svcURL *url.URL) ConnectionOption

WithURL overrides the default authorizer server URL. Unlike WithAddr, WithURL lets gRPC users to connect to communicate with a locally running authorizer over Unix sockets. See https://github.com/grpc/grpc/blob/master/doc/naming.md#grpc-name-resolution for more details about gRPC name resolution.

Note: WithURL and WithAddr are mutually exclusive.

type ConnectionOptionErrors 

type ConnectionOptionErrors []error

ConnectionOptionErrors is an error that can encapsulate one or more underlying ErrInvalidOptions errors.

func (ConnectionOptionErrors) Error 

func (errs ConnectionOptionErrors) Error() string

type ConnectionOptions 

type ConnectionOptions struct {
	// The server's host name and port separated by a colon ("hostname:port").
	//
	// Note: Address and URL are mutually exclusive. Only one of them may be set.
	Address string

	// URL is the authorizer service URL.
	//
	// Unlike ConnectionOptions.Address, URL gives gRPC clients the ability to use Unix sockets in addition
	// to DNS names (see https://github.com/grpc/grpc/blob/master/doc/naming.md#name-syntax)
	//
	// Note: Address and URL are mutually exclusive. Only one of them may be set.
	URL *url.URL

	// Path to a CA certificate file to treat as a root CA for TLS verification.
	CACertPath string

	// The tenant ID of your aserto account.
	TenantID string

	// Session ID.
	SessionID string

	// Credentials used to authenticate with the authorizer service. Either API Key or OAuth Token.
	Creds credentials.PerRPCCredentials

	// If true, skip TLS certificate verification.
	Insecure bool

	// UnaryClientInterceptors passed to the grpc client.
	UnaryClientInterceptors []grpc.UnaryClientInterceptor

	// StreamClientInterceptors passed to the grpc client.
	StreamClientInterceptors []grpc.StreamClientInterceptor

	// DialOptions passed to the grpc client.
	DialOptions []grpc.DialOption
}

ConnectionOptions holds settings used to establish a connection to the authorizer service.

func NewConnectionOptions 

func NewConnectionOptions(opts ...ConnectionOption) (*ConnectionOptions, error)

NewConnectionOptions creates a ConnectionOptions object from a collection of ConnectionOption functions.

type DialOptionsProvider 

type DialOptionsProvider func(*Config) ([]grpc.DialOption, error)

func NewDialOptionsProvider 

func NewDialOptionsProvider() DialOptionsProvider

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.