alts

package
v0.0.0-...-015ad48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 21, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ClientSide identifies the client in this communication.
	ClientSide = internal.ClientSide
	// ServerSide identifies the server in this communication.
	ServerSide = internal.ServerSide
)

Variables

View Source 
var (

	// ErrUntrustedPlatform is returned from ClientHandshake and
	// ServerHandshake is running on a platform where the trustworthiness of
	// the handshaker service is not guaranteed.
	ErrUntrustedPlatform = errors.New("ALTS: untrusted platform. ALTS is only supported on GCP")
)

Functions

func ClientAuthorizationCheck 

func ClientAuthorizationCheck(ctx context.Context, expectedServiceAccounts []string) error

ClientAuthorizationCheck checks whether the client is authorized to access the requested resources based on the given expected client service accounts. This API should be used by gRPC server RPC handlers. This API should not be used by clients.

func NewALTS 

func NewALTS(side int, accounts []string, hsAddress string, serviceName string) credentials.TransportCredentials

Types

type AuthInfo 

type AuthInfo interface {
	// ApplicationProtocol returns application protocol negotiated for the
	// ALTS connection.
	ApplicationProtocol() string
	// RecordProtocol returns the record protocol negotiated for the ALTS
	// connection.
	RecordProtocol() string
	// SecurityLevel returns the security level of the created ALTS secure
	// channel.
	SecurityLevel() altsproto.SecurityLevel
	// PeerServiceAccount returns the peer service account.
	PeerServiceAccount() string
	// LocalServiceAccount returns the local service account.
	LocalServiceAccount() string
	// PeerRPCVersions returns the RPC version supported by the peer.
	PeerRPCVersions() *altsproto.RpcProtocolVersions
}

AuthInfo exposes security information from the ALTS handshake to the application. This interface is to be implemented by ALTS. Users should not need a brand new implementation of this interface. For situations like testing, any new implementation should embed this interface. This allows ALTS to add new methods to this interface.

func AuthInfoFromContext 

func AuthInfoFromContext(ctx context.Context) (AuthInfo, error)

AuthInfoFromContext extracts the alts.AuthInfo object from the given context, if it exists. This API should be used by gRPC server RPC handlers to get information about the communicating peer. For client-side, use grpc.Peer() CallOption.

func AuthInfoFromPeer 

func AuthInfoFromPeer(p *peer.Peer) (AuthInfo, error)

AuthInfoFromPeer extracts the alts.AuthInfo object from the given peer, if it exists. This API should be used by gRPC clients after obtaining a peer object using the grpc.Peer() CallOption.

Source Files

View all Source files

Directories

Path Synopsis
commons
conn
Package conn contains an implementation of a secure channel created by gRPC handshakers.
 Package conn contains an implementation of a secure channel created by gRPC handshakers.
service
Package service manages connections between the VM application and the ALTS handshaker service.
 Package service manages connections between the VM application and the ALTS handshaker service.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.