Documentation
¶
Overview ¶
Package acls is the main library used by cloud services to authenticate clients and check that they have access to named resources.
Index ¶
Constants ¶
const DeviceAccessTokenMetadataKey = "heatpump-device-access-token"
DeviceAccessTokenMetadataKey is the gRPC metadata key used to provide a device access token identity secret to the server.
Variables ¶
var ( // ClientCACertPool is the certificate pool that should be used by gRPC // services as the tls.Config.ClientCAs attribute for authenticating // clients. // // The certificate embedded in this package was generated using the // generate_client_cert_signer.sh script. ClientCACertPool = must.Compute(func() (*x509.CertPool, error) { pool := x509.NewCertPool() if !pool.AppendCertsFromPEM(clientSignerCertAuthorityCertData) { return nil, fmt.Errorf("invalid client certificate") } return pool, nil }) )
Functions ¶
This section is empty.
Types ¶
type AuthService ¶
type AuthService struct {
pb.UnimplementedAuthServiceServer
// contains filtered or unexported fields
}
func NewAuthService ¶
func NewAuthService(ctx context.Context, params *cloudconfig.Params) (*AuthService, error)
func (*AuthService) ExtendToken ¶
func (s *AuthService) ExtendToken(ctx context.Context, req *pb.ExtendTokenRequest) (*pb.ExtendTokenResponse, error)
type DeviceAccessToken ¶
type DeviceAccessToken struct {
// contains filtered or unexported fields
}
DeviceAccessToken wraps the proto by the same name.
func (*DeviceAccessToken) Expiration ¶
func (dat *DeviceAccessToken) Expiration() time.Time
func (*DeviceAccessToken) Proto ¶
func (dat *DeviceAccessToken) Proto() *pb.DeviceAccessToken
func (*DeviceAccessToken) UserID ¶
func (dat *DeviceAccessToken) UserID() string
type DeviceTokenVerifier ¶
type DeviceTokenVerifier struct {
// contains filtered or unexported fields
}
DeviceTokenVerifier verifies device access tokens sent by an IoT device.
func NewDeviceTokenVerifier ¶
func NewDeviceTokenVerifier(params *cloudconfig.Params) *DeviceTokenVerifier
func (*DeviceTokenVerifier) Verify ¶
func (dtv *DeviceTokenVerifier) Verify(token TokenString) (*DeviceAccessToken, error)
type Identity ¶
type Identity struct {
// contains filtered or unexported fields
}
Identity is information about a user or robot account.
func FixmeMainHardcodedIdentity ¶
func FixmeMainHardcodedIdentity() *Identity
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service is the service responsible for getting identity information about a client like an IoT device.
func NewService ¶
func NewService(params *cloudconfig.Params) *Service
NewService loads a new identity service.
type TokenString ¶
type TokenString string
TokenString is a base32-encoded DeviceAccessToken proto. This is delievered to the client as an opaque string and so should not contain private data. It is sent in the metadata fields of gRPC requests to authenticate a client.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package deviceauth is a library for obtaining credentials on an IoT device for authenticating with some of the cloud services like StateService and CommandQueueService.
|
Package deviceauth is a library for obtaining credentials on an IoT device for authenticating with some of the cloud services like StateService and CommandQueueService. |
|
Package server2serverauth is used for sending gRPC requests between Google Cloud hosted services (like Cloud Run instances).
|
Package server2serverauth is used for sending gRPC requests between Google Cloud hosted services (like Cloud Run instances). |