rpcauth

package
v0.41.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func APIKeyUnaryServerInterceptor

func APIKeyUnaryServerInterceptor(verifier APIKeyVerifier, logger *zap.Logger) grpc.UnaryServerInterceptor

APIKeyUnaryServerInterceptor extracts credentials from gRPC metadata and validates it by the specified Verifier. The valid API key will be set to the context.

func ContextWithAPIKey

func ContextWithAPIKey(ctx context.Context, k *model.APIKey) context.Context

ContextWithAPIKey returns a new context in which the given API key was attached.

func ExtractAPIKey

func ExtractAPIKey(ctx context.Context) (*model.APIKey, error)

ExtractAPIKey returns the verified API key inside the given context.

func ExtractClaims

func ExtractClaims(ctx context.Context) (jwt.Claims, error)

ExtractClaims returns the claims inside a given context.

func ExtractPipedToken

func ExtractPipedToken(ctx context.Context) (projectID, pipedID, pipedKey string, err error)

ExtractPipedToken returns the verified piped key inside a given context.

func JWTUnaryServerInterceptor

func JWTUnaryServerInterceptor(verifier jwt.Verifier, authorizer RBACAuthorizer, logger *zap.Logger) grpc.UnaryServerInterceptor

JWTUnaryServerInterceptor ensures that the JWT credentials included in the context must be verified by verifier.

func MakePipedToken

func MakePipedToken(projectID, pipedID, pipedKey string) string

MakePipedToken builds a piped token can be used as data of Credentials.

func PipedTokenStreamServerInterceptor

func PipedTokenStreamServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.StreamServerInterceptor

PipedTokenStreamServerInterceptor extracts credentials from gRPC metadata and set the extracted credentials to the context with a fixed key. This interceptor will returns a gPRC error when the credentials was not set or was malformed.

func PipedTokenUnaryServerInterceptor

func PipedTokenUnaryServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.UnaryServerInterceptor

PipedTokenUnaryServerInterceptor extracts credentials from gRPC metadata and validates it by the specified Verifier. If the token was valid the parsed ProjectID, PipedID, PipedKey will be set to the context.

Types

type APIKeyVerifier

type APIKeyVerifier interface {
	Verify(ctx context.Context, key string) (*model.APIKey, error)
}

APIKeyVerifier verifies the given API key.

type Credentials

type Credentials struct {
	Type CredentialsType
	Data string
}

Credentials contains the type of credentials and credentials data.

type CredentialsType

type CredentialsType string

CredentialsType represents the type of credentials was set inside gRPC metadata.

const (
	// IDTokenCredentials represents JWT IDToken for a web user.
	IDTokenCredentials CredentialsType = "ID-TOKEN"
	// PipedTokenCredentials represents a generated token for
	// authenticating between Piped and control-plane.
	PipedTokenCredentials CredentialsType = "PIPED-TOKEN"
	// APIKeyCredentials represents a generated key for
	// authenticating between pipectl/external-service and control-plane.
	APIKeyCredentials CredentialsType = "API-KEY"
	// UnknownCredentials represents an unsupported credentials.
	UnknownCredentials CredentialsType = "UNKNOWN"
)

type PipedTokenVerifier

type PipedTokenVerifier interface {
	Verify(ctx context.Context, projectID, pipedID, pipedKey string) error
}

PipedTokenVerifier verifies the given piped token.

type RBACAuthorizer

type RBACAuthorizer interface {
	Authorize(context.Context, string, model.Role) bool
}

RBACAuthorizer defines a function to check required role for a specific RPC method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL