middleware

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 8, 2021 License: Apache-2.0 Imports: 23 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DisabledLimit added in v0.11.2

func DisabledLimit() api.RateLimiter

DisabledLimit returns a rate limiter that does not rate limit. It is used to configure methods where rate limiting has been disabled by configuration.

func NoLimit

func NoLimit() api.RateLimiter

NoLimit returns a rate limiter that does not rate limit. It is used to configure methods that don't do rate limiting.

func PerCallLimit

func PerCallLimit(limit int) api.RateLimiter

PerCallLimit returns a rate limiter that imposes a server-wide limit for calls to the method. It can be shared across methods to enforce a server-wide limit for a group of methods.

func PerIPLimit

func PerIPLimit(limit int) api.RateLimiter

PerIPLimit returns a rate limiter that imposes a per-ip limit on calls to a method. It can be shared across methods to enforce per-ip limits for a group of methods.

func UnaryInterceptor

func UnaryInterceptor(m Middleware) grpc.UnaryServerInterceptor

func WithAuthorization

func WithAuthorization(authorizers map[string]Authorizer) middleware.Middleware

func WithCallerEntries

func WithCallerEntries(ctx context.Context, entryFetcher EntryFetcher) (context.Context, []*types.Entry, error)

WithCallerEntries returns the caller entries retrieved using the given fetcher. If the context already has the caller entries, they are returned without re-fetching. This reduces entry fetching in the face of multiple authorizers.

func WithRateLimits

func WithRateLimits(rateLimits map[string]api.RateLimiter) middleware.Middleware

WithRateLimits returns a middleware that performs rate limiting for the group of methods descripted by the rateLimits map. It provides the configured rate limiter to the method handlers via the request context. If the middleware is invoked for a method that is not described in the map, it will fail the RPC with an INTERNAL error code, describing the RPC that was not configured properly. The middleware also encourages proper rate limiting by logging errors if a handler fails to invoke the rate limiter provided on the context when a limit has been configured or the handler invokes the rate limiter when a no limit has been configured.

WithRateLimits owns the passed rateLimits map and assumes it will not be mutated after the method is called.

The WithRateLimits middleware depends on the Logger and Authorization middlewares.

Types

type AgentAuthorizer

type AgentAuthorizer interface {
	// AuthorizeAgent authorizes the agent indicated by the given ID and SVID.
	//
	// It returns PERMISSION_DENIED if the agent is not authorized.
	AuthorizeAgent(ctx context.Context, agentID spiffeid.ID, agentSVID *x509.Certificate) error
}

type AgentAuthorizerFunc

type AgentAuthorizerFunc func(ctx context.Context, agentID spiffeid.ID, agentSVID *x509.Certificate) error

func (AgentAuthorizerFunc) AuthorizeAgent

func (fn AgentAuthorizerFunc) AuthorizeAgent(ctx context.Context, agentID spiffeid.ID, agentSVID *x509.Certificate) error

type Authorizer

type Authorizer interface {
	// Name returns the name of the authorizer. The value may be included in
	// logs and messages returned to callers on authorization failure.
	Name() string

	// AuthorizeCaller is called by the authorization middleware to determine
	// if a caller is authorized. The caller is retrievable on the passed in
	// context. On success, the method returns the (potentially embellished)
	// context passed into the function. On failure, the method returns an
	// error and the returned context is ignored.
	AuthorizeCaller(ctx context.Context) (context.Context, error)
}

func AuthorizeAdmin

func AuthorizeAdmin(entryFetcher EntryFetcher) Authorizer

func AuthorizeAgent

func AuthorizeAgent(authorizer AgentAuthorizer) Authorizer

func AuthorizeAny

func AuthorizeAny() Authorizer

func AuthorizeAnyOf

func AuthorizeAnyOf(authorizers ...Authorizer) Authorizer

AuthorizeAnyOf combines authorizers where if any authorizer succeeds, then the caller is authorized. Specifically: 1. If any authorizer returns any status code other than OK or PERMISSION_DENIED, the authorization fails. 2. If all authorizers return PERMISSION_DENIED, then authorization fails. 3. Otherwise, if at least one authorizer returns OK, authorization succeeds.

func AuthorizeDownstream

func AuthorizeDownstream(entryFetcher EntryFetcher) Authorizer

func AuthorizeLocal

func AuthorizeLocal() Authorizer

type EntryFetcher

type EntryFetcher interface {
	// FetchEntries fetches the downstream entries matching the given SPIFFE ID.
	FetchEntries(ctx context.Context, id spiffeid.ID) ([]*types.Entry, error)
}

type EntryFetcherFunc

type EntryFetcherFunc func(ctx context.Context, id spiffeid.ID) ([]*types.Entry, error)

EntryFetcherFunc implements EntryFetcher with a function

func (EntryFetcherFunc) FetchEntries

func (fn EntryFetcherFunc) FetchEntries(ctx context.Context, id spiffeid.ID) ([]*types.Entry, error)

FetchEntries fetches the downstream entries matching the given SPIFFE ID.

type Middleware

type Middleware = middleware.Middleware

func Chain

func Chain(ms ...Middleware) Middleware

func Funcs

func Funcs(preprocess PreprocessFunc, postprocess PostprocessFunc) Middleware

func Postprocess

func Postprocess(fn PostprocessFunc) Middleware

func Preprocess

func Preprocess(fn PreprocessFunc) Middleware

func WithLogger

func WithLogger(log logrus.FieldLogger) Middleware

func WithMetrics

func WithMetrics(metrics telemetry.Metrics) Middleware

type PostprocessFunc

type PostprocessFunc = middleware.PostprocessFunc

type PreprocessFunc

type PreprocessFunc = middleware.PreprocessFunc

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL