Documentation ¶
Index ¶
- func ParseMethod(method string) (string, string)
- func StreamMaintenance(conf config.Config) grpc.StreamServerInterceptor
- func StreamMonitoring(conf config.Config) grpc.StreamServerInterceptor
- func StreamRecovery(conf config.Config) grpc.StreamServerInterceptor
- func StreamType(info *grpc.MethodInfo) string
- func UnaryMaintenance(conf config.Config) grpc.UnaryServerInterceptor
- func UnaryMonitoring(conf config.Config) grpc.UnaryServerInterceptor
- func UnaryRecovery(conf config.Config) grpc.UnaryServerInterceptor
- type Authenticator
- type MonitoredStream
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseMethod ¶
func StreamMaintenance ¶
func StreamMaintenance(conf config.Config) grpc.StreamServerInterceptor
The stream maintenance interceptor simply returns an unavailable error. If the server is not in maintenance mode when the interceptor is created this method returns nil.
func StreamMonitoring ¶
func StreamMonitoring(conf config.Config) grpc.StreamServerInterceptor
Monitoring does double duty, handling Prometheus metrics, and logging with zerolog. These are piled into the same interceptor so that the monitoring uses the same latency and tagging constructs and so that this interceptor can be the outermost interceptor for stream calls. NOTE: Sentry is excluded from stream monitoring because we do not work to minimize the duration of stream processing but rather to maximize it in Ensign.
func StreamRecovery ¶
func StreamRecovery(conf config.Config) grpc.StreamServerInterceptor
Panic recovery logs the panic to Sentry if it is enabled and then converts the panic into a gRPC error to return to the client; this allows the server to stay online.
func StreamType ¶
func StreamType(info *grpc.MethodInfo) string
func UnaryMaintenance ¶
func UnaryMaintenance(conf config.Config) grpc.UnaryServerInterceptor
The maintenance interceptor only allows Status endpoint to be queried and returns a service unavailable error otherwise. If the server is not in maintenance mode when the interceptor is created this method returns nil.
func UnaryMonitoring ¶
func UnaryMonitoring(conf config.Config) grpc.UnaryServerInterceptor
Monitoring does triple duty, handling Sentry tracking, Prometheus metrics, and logging with zerolog. These are piled into the same interceptor so that the monitoring uses the same latency and tagging constructs and so that this interceptor can be the outermost interceptor for unary calls.
func UnaryRecovery ¶
func UnaryRecovery(conf config.Config) grpc.UnaryServerInterceptor
Panic recovery logs the panic to Sentry if it is enabled and then converts the panic into a gRPC error to return to the client; this allows the server to stay online.
Types ¶
type Authenticator ¶ added in v0.3.0
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator ensures that the RPC request has a valid Quarterdeck-issued JWT token in the credentials metadata of the request, otherwise it stops processing and returns an Unauthenticated error. A valid JWT token means that the token is supplied in the credentials, is unexpired, was signed by Quarterdeck private keys, and has the correct audience and issuer.
This interceptor extracts the claims from the JWT token and adds them to the context of the request, ensuring that downstream interceptors and the handlers can access the claims without having to parse the JWT token in the credentials.
In order to perform authentication, this middleware fetches public JSON Web Key Sets (JWKS) from the authorizing Quarterdeck server and caches them according to the Cache-Control or Expires headers in the response. As Quarterdeck keys are rotated, the cache must refresh the public keys in a background routine to correctly authenticate incoming credentials. Users can control how the JWKS are fetched and cached using AuthOptions from the Quarterdeck middleware package.
Both Unary and Streaming interceptors can be returned from this middleware handler.
func NewAuthenticator ¶ added in v0.3.0
func NewAuthenticator(opts ...middleware.AuthOption) (auth *Authenticator, err error)
Create an authenticator to handle both unary and streaming RPC calls, modifying the behavior of the authenticator using auth options from Quarterdeck middleware.
func (*Authenticator) Stream ¶ added in v0.3.0
func (a *Authenticator) Stream() grpc.StreamServerInterceptor
Return the Stream interceptor that uses the Authenticator handler.
func (*Authenticator) Unary ¶ added in v0.3.0
func (a *Authenticator) Unary() grpc.UnaryServerInterceptor
Return the Unary interceptor that uses the Authenticator handler.
type MonitoredStream ¶
type MonitoredStream struct { grpc.ServerStream // contains filtered or unexported fields }
MonitoredStream wraps a grpc.ServerStream allowing it to increment Sent and Recv message counters when they are called by the application.
func (*MonitoredStream) RecvMsg ¶
func (s *MonitoredStream) RecvMsg(m interface{}) (err error)
Increment the number of received messages if there is no error on Recv.
func (*MonitoredStream) SendMsg ¶
func (s *MonitoredStream) SendMsg(m interface{}) (err error)
Increment the number of sent messages if there is no error on Send.