Documentation ¶
Overview ¶
Package unary provides some default RPC interceptors and a wrapper around GRPC's unary interceptors called Interceptor. This package maintains a registry of interceptors to run on RPC requests.
package middleware/unary implements cloud service middleware layer which facilitates injection of cloudwide request & context decorators or filters (interceptors) for unary RPC methods
package interceptors implements all cloud service framework unary interceptors
package interceptors implements all cloud service framework unary interceptors
Index ¶
- Constants
- func BlockUnregisteredGateways(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)
- func MiddlewareHandler(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, ...) (resp interface{}, err error)
- func SetIdentityFromContext(ctx context.Context, _ interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)
- type Interceptor
- type InterceptorHandler
Constants ¶
const ( // Client Certificate CN Header CLIENT_CERT_CN_KEY = "x-magma-client-cert-cn" // Client Certificate Serial Number Header CLIENT_CERT_SN_KEY = "x-magma-client-cert-serial" )
SetIdentityFromContext is an identity decorator implements Identity injector for all authenticated requests. It looks for x-magma-client-cert-cn and x-magma-client-cert-serial HTTP headers in the context, verifies validity of the client certificate and injects a valid, verified client Identity into RPC context SetIdentityFromContext can only modify CTX, it doesn't affect other RPC parameters
const ( ERROR_MSG_NO_METADATA = "Missing Required CTX Metadata" ERROR_MSG_INVALID_CERT = "Invalid Client Certificate" ERROR_MSG_UNKNOWN_CERT = "Unknown Client Certificate" ERROR_MSG_EXPIRED_CERT = "Expired Client Certificate" ERROR_MSG_MISSING_IDENTITY = "Missing Certificate Identity" ERROR_MSG_INVALID_TYPE = "Invalid Certificate Owner" ERROR_MSG_UNKNOWN_CLIENT = "Unknown Client Address" // GW should start bootstrap 20 hours prior to cert expiration, give it 10 hours to try & start counting // bootstrap failures after that CERT_EXPIRATION_DURATION_THRESHOLD = time.Hour * 10 )
Variables ¶
This section is empty.
Functions ¶
func BlockUnregisteredGateways ¶
func BlockUnregisteredGateways( ctx context.Context, req interface{}, info *grpc.UnaryServerInfo) ( newCtx context.Context, newReq interface{}, resp interface{}, err error, )
BlockUnregisteredGateways is an Interceptor blocking calls from Gateways which were not registered on the cloud. BlockUnregisteredGateways must be invoked after Identity Decorator since it relies on the Identity Decorator's results
func MiddlewareHandler ¶
func MiddlewareHandler(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error)
unary.MiddlewareHandler iterates through and calls all registered unary middleware interceptors and 'decorates' RPC parameters before invoking the original server RPC method
func SetIdentityFromContext ¶
func SetIdentityFromContext(ctx context.Context, _ interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)
SetIdentityFromContext finds Identity associated with caller's Client Certificate Serial Number (if present), makes sure that the found Identity is of a Gateway & fills in all available Gateway Identity information SetIdentityFromContext will bypass the Identity checks for local callers (other services on the cloud) and allowlisted RPCs (methods in identityDecoratorBypassList)
Types ¶
type Interceptor ¶
type Interceptor struct { // Interceptor's Handler, has the same signature as // the non-receiver InterceptorHandler Handler func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error) // Name returns name of the Interceptor implementation Name string // Description returns a string describing Interceptor Description string }
Interceptor defines an interface to be implemented by all Unary Interceptors In addition to a receiver form of InterceptorHandler it provides Name & Description methods to aid diagnostic & logging of Interceptor related issues
type InterceptorHandler ¶
type InterceptorHandler func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)
InterceptorHandler is a function type to intercept the execution of a unary RPC on the server. ctx, req & info contains all the information of this RPC the interceptor can operate on, If Handler returns an error, the chain of Interceptor calls will be interrupted and the error will be returned to the RPC client If returned CTX is not nil, it'll be used for the remaining interceptors and original RPC If resp return value is not nil - , the chain of Interceptor calls will be interrupted and the resp will be returned to the RPC client