middleware

package
v0.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 28, 2020 License: Apache-2.0 Imports: 21 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DisabledLimit added in v0.11.2 

func DisabledLimit() api.RateLimiter

DisabledLimit returns a rate limiter that does not rate limit. It is used to configure methods where rate limiting has been disabled by configuration.

func Interceptors 

func Interceptors(middleware Middleware) (grpc.UnaryServerInterceptor, grpc.StreamServerInterceptor)

func NoLimit 

func NoLimit() api.RateLimiter

NoLimit returns a rate limiter that does not rate limit. It is used to configure methods that don't do rate limiting.

func PerCallLimit 

func PerCallLimit(limit int) api.RateLimiter

PerCallLimit returns a rate limiter that imposes a server-wide limit for calls to the method. It can be shared across methods to enforce a server-wide limit for a group of methods.

func PerIPLimit 

func PerIPLimit(limit int) api.RateLimiter

PerIPLimit returns a rate limiter that imposes a per-ip limit on calls to a method. It can be shared across methods to enforce per-ip limits for a group of methods.

func StreamInterceptor 

func StreamInterceptor(middleware Middleware) grpc.StreamServerInterceptor

func UnaryInterceptor 

func UnaryInterceptor(middleware Middleware) grpc.UnaryServerInterceptor

func WithCallerEntries 

func WithCallerEntries(ctx context.Context, entryFetcher EntryFetcher) (context.Context, []*types.Entry, error)

WithCallerEntries returns the caller entries retrieved using the given fetcher. If the context already has the caller entries, they are returned without re-fetching. This reduces entry fetching in the face of multiple authorizers.

Types

type AgentAuthorizer 

type AgentAuthorizer interface {
	// AuthorizeAgent authorizes the agent indicated by the given ID and SVID.
	//
	// It returns PERMISSION_DENIED if the agent is not authorized.
	AuthorizeAgent(ctx context.Context, agentID spiffeid.ID, agentSVID *x509.Certificate) error
}

type AgentAuthorizerFunc 

type AgentAuthorizerFunc func(ctx context.Context, agentID spiffeid.ID, agentSVID *x509.Certificate) error

func (AgentAuthorizerFunc) AuthorizeAgent 

func (fn AgentAuthorizerFunc) AuthorizeAgent(ctx context.Context, agentID spiffeid.ID, agentSVID *x509.Certificate) error

type Authorizer 

type Authorizer interface {
	// Name returns the name of the authorizer. The value may be included in
	// logs and messages returned to callers on authorization failure.
	Name() string

	// AuthorizeCaller is called by the authorization middleware to determine
	// if a caller is authorized. The caller is retrievable on the passed in
	// context. On success, the method returns the (potentially embellished)
	// context passed into the function. On failure, the method returns an
	// error and the returned context is ignored.
	AuthorizeCaller(ctx context.Context) (context.Context, error)
}

func AuthorizeAdmin 

func AuthorizeAdmin(entryFetcher EntryFetcher) Authorizer

func AuthorizeAgent 

func AuthorizeAgent(authorizer AgentAuthorizer) Authorizer

func AuthorizeAny 

func AuthorizeAny() Authorizer

func AuthorizeAnyOf 

func AuthorizeAnyOf(authorizers ...Authorizer) Authorizer

AuthorizeAnyOf combines authorizers where if any authorizer succeeds, then the caller is authorized. Specifically: 1. If any authorizer returns any status code other than OK or PERMISSION_DENIED, the authorization fails. 2. If all authorizers return PERMISSION_DENIED, then authorization fails. 3. Otherwise, if at least one authorizer returns OK, authorization succeeds.

func AuthorizeDownstream 

func AuthorizeDownstream(entryFetcher EntryFetcher) Authorizer

func AuthorizeLocal 

func AuthorizeLocal() Authorizer

type EntryFetcher 

type EntryFetcher interface {
	// FetchEntries fetches the downstream entries matching the given SPIFFE ID.
	FetchEntries(ctx context.Context, id spiffeid.ID) ([]*types.Entry, error)
}

type EntryFetcherFunc 

type EntryFetcherFunc func(ctx context.Context, id spiffeid.ID) ([]*types.Entry, error)

EntryFetcherFunc implements EntryFetcher with a function

func (EntryFetcherFunc) FetchEntries 

func (fn EntryFetcherFunc) FetchEntries(ctx context.Context, id spiffeid.ID) ([]*types.Entry, error)

FetchEntries fetches the downstream entries matching the given SPIFFE ID.

type Middleware 

type Middleware interface {
	// Preprocess is invoked before the gRPC handler is called. It returns a
	// (possibly modified) context that is passed into the handler, which
	// should either be the context passed into the function or one derived
	// from it. If the function returns an error, the gRPC method fails.
	Preprocess(ctx context.Context, fullMethod string) (context.Context, error)

	// Postprocess is invoked after the handler is called, or if downstream
	// middleware returns an error from Preprocess. The function is passed an
	// error that was returned from the handler or a downstream middleware
	// during preprocessing. The handlerInvoked boolean, if true, indicates
	// that the handler was executed. If false, then the call failed during
	// preprocessing.
	Postprocess(ctx context.Context, fullMethod string, handlerInvoked bool, rpcErr error)
}

func Chain 

func Chain(middleware ...Middleware) Middleware

Chain chains together a series of middleware. The middleware is called in order during preprocessing and in reverse order for postprocessing. The context returned by each Middleware during preprocessing is passed into subsequent middlewares

func Funcs 

func Funcs(preprocess PreprocessFunc, postprocess PostprocessFunc) Middleware

Funcs constructs a Middleware from a pair of functions, one for preprocessing, one for postprocessing.

func Postprocess 

func Postprocess(fn PostprocessFunc) Middleware

Postprocess creates a middleware from a function that does postprocessing only.

func Preprocess 

func Preprocess(fn PreprocessFunc) Middleware

Preprocess creates a middleware from a function that does preprocessing only.

func WithAuthorization 

func WithAuthorization(authorizers map[string]Authorizer) Middleware

func WithLogger 

func WithLogger(log logrus.FieldLogger) Middleware

WithLogger returns logging middleware that provides a per-rpc logger with some initial fields set. If unset, it also provides name metadata to the handler context.

func WithMetrics 

func WithMetrics(metrics telemetry.Metrics) Middleware

WithMetrics adds per-call metrics to each RPC call. It emits both a call counter and sample with the call timing. RPC handlers can add their own labels to be attached to the per-call metrics via the rpccontext.AddMetricsLabel function. If unset, it also provides name metadata on to the handler context.

func WithRateLimits 

func WithRateLimits(rateLimits map[string]api.RateLimiter) Middleware

WithRateLimits returns a middleware that performs rate limiting for the group of methods descripted by the rateLimits map. It provides the configured rate limiter to the method handlers via the request context. If the middleware is invoked for a method that is not described in the map, it will fail the RPC with an INTERNAL error code, describing the RPC that was not configured properly. The middleware also encourages proper rate limiting by logging errors if a handler fails to invoke the rate limiter provided on the context when a limit has been configured or the handler invokes the rate limiter when a no limit has been configured.

WithRateLimits owns the passed rateLimits map and assumes it will not be mutated after the method is called.

The WithRateLimits middleware depends on the Logger and Authorization middlewares.

type PostprocessFunc 

type PostprocessFunc = func(ctx context.Context, fullMethod string, handlerInvoked bool, rpcErr error)

type PreprocessFunc 

type PreprocessFunc = func(ctx context.Context, fullMethod string) (context.Context, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.