Documentation
¶
Index ¶
Constants ¶
const ( // HmacDefaultKey is a exported constant for convenience // FIXME where is this used ? HmacDefaultKey = "4Rahs0WnJ4rJE8ZiwiLec62z" //nolint:gosec )
Variables ¶
var ( // Edit Groupname EditGroups = []security.ResourceAccess{ security.ResourceAccess("tmdm-all-all-edit"), } EditAccess = sec.MergeResourceAccess(EditGroups) // Edit User EditUser = security.User{ EMail: "tmdm@metal-stack.io", Name: "tmdm", Groups: sec.MergeResourceAccess(EditGroups), Tenant: "tmdm", } )
Functions ¶
Types ¶
type HMACAuther ¶
type HMACAuther struct {
// contains filtered or unexported fields
}
HMACAuther provides means for generation/encoding and decoding/validation for grpc. This code is potentially re-usable for all grpc-based clients/services that want to use hmac-Authentication.
func NewHMACAuther ¶
func NewHMACAuther(hmacKey string, user security.User) (*HMACAuther, error)
NewHMACAuther creates a new HMACAuther with the given hmac-pre-shared-key and user.
func (*HMACAuther) Auth ¶
Auth returns a new Context with the authenticated "user" from the current request. If there is no authentication info in the request, or the verification of the HMAC fails an Status-Error is returned with Code Unauthenticated.
see GetUser()
Used on the service/server-side.
func (*HMACAuther) GetRequestMetadata ¶
func (a *HMACAuther) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
GetRequestMetadata gets the current request metadata, refreshing tokens if required. This should be called by the transport layer on each request, and the data should be populated in headers or other context.
Used on the client-side.
func (*HMACAuther) RequireTransportSecurity ¶
func (a *HMACAuther) RequireTransportSecurity() bool
RequireTransportSecurity indicates whether the credentials requires transport security.
Used on the client-side.
Source Files