Documentation ¶
Index ¶
- func APIKeyUnaryServerInterceptor(verifier APIKeyVerifier, logger *zap.Logger) grpc.UnaryServerInterceptor
- func ContextWithAPIKey(ctx context.Context, k *model.APIKey) context.Context
- func ExtractAPIKey(ctx context.Context) (*model.APIKey, error)
- func ExtractClaims(ctx context.Context) (jwt.Claims, error)
- func ExtractPipedToken(ctx context.Context) (projectID, pipedID, pipedKey string, err error)
- func JWTUnaryServerInterceptor(verifier jwt.Verifier, authorizer RBACAuthorizer, logger *zap.Logger) grpc.UnaryServerInterceptor
- func MakePipedToken(projectID, pipedID, pipedKey string) string
- func ParsePipedToken(token string) (projectID, pipedID, pipedKey string, err error)
- func PipedTokenStreamServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.StreamServerInterceptor
- func PipedTokenUnaryServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.UnaryServerInterceptor
- type APIKeyVerifier
- type Credentials
- type CredentialsType
- type PipedTokenVerifier
- type RBACAuthorizer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func APIKeyUnaryServerInterceptor ¶
func APIKeyUnaryServerInterceptor(verifier APIKeyVerifier, logger *zap.Logger) grpc.UnaryServerInterceptor
APIKeyUnaryServerInterceptor extracts credentials from gRPC metadata and validates it by the specified Verifier. The valid API key will be set to the context.
func ContextWithAPIKey ¶
ContextWithAPIKey returns a new context in which the given API key was attached.
func ExtractAPIKey ¶
ExtractAPIKey returns the verified API key inside the given context.
func ExtractClaims ¶
ExtractClaims returns the claims inside a given context.
func ExtractPipedToken ¶
ExtractPipedToken returns the verified piped key inside a given context.
func JWTUnaryServerInterceptor ¶
func JWTUnaryServerInterceptor(verifier jwt.Verifier, authorizer RBACAuthorizer, logger *zap.Logger) grpc.UnaryServerInterceptor
JWTUnaryServerInterceptor ensures that the JWT credentials included in the context must be verified by verifier.
func MakePipedToken ¶
MakePipedToken builds a piped token can be used as data of Credentials.
func ParsePipedToken ¶ added in v0.48.0
ParsePipedToken parses a piped token and returns projectID, pipedID, pipedKey.
func PipedTokenStreamServerInterceptor ¶
func PipedTokenStreamServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.StreamServerInterceptor
PipedTokenStreamServerInterceptor extracts credentials from gRPC metadata and set the extracted credentials to the context with a fixed key. This interceptor will returns a gRPC error when the credentials was not set or was malformed.
func PipedTokenUnaryServerInterceptor ¶
func PipedTokenUnaryServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.UnaryServerInterceptor
PipedTokenUnaryServerInterceptor extracts credentials from gRPC metadata and validates it by the specified Verifier. If the token was valid the parsed ProjectID, PipedID, PipedKey will be set to the context.
Types ¶
type APIKeyVerifier ¶
APIKeyVerifier verifies the given API key.
type Credentials ¶
type Credentials struct { Type CredentialsType Data string }
Credentials contains the type of credentials and credentials data.
type CredentialsType ¶
type CredentialsType string
CredentialsType represents the type of credentials was set inside gRPC metadata.
const ( // IDTokenCredentials represents JWT IDToken for a web user. IDTokenCredentials CredentialsType = "ID-TOKEN" // PipedTokenCredentials represents a generated token for // authenticating between Piped and control-plane. PipedTokenCredentials CredentialsType = "PIPED-TOKEN" // APIKeyCredentials represents a generated key for // authenticating between pipectl/external-service and control-plane. APIKeyCredentials CredentialsType = "API-KEY" // UnknownCredentials represents an unsupported credentials. UnknownCredentials CredentialsType = "UNKNOWN" )