Documentation ¶
Index ¶
- func DisabledLimit() api.RateLimiter
- func Interceptors(m Middleware) (grpc.UnaryServerInterceptor, grpc.StreamServerInterceptor)
- func NoLimit() api.RateLimiter
- func PerCallLimit(limit int) api.RateLimiter
- func PerIPLimit(limit int) api.RateLimiter
- func StreamInterceptor(m Middleware) grpc.StreamServerInterceptor
- func UnaryInterceptor(m Middleware) grpc.UnaryServerInterceptor
- func WithAuthorization(authPolicyEngine *authpolicy.Engine, entryFetcher EntryFetcher, ...) middleware.Middleware
- func WithCallerEntries(ctx context.Context, entryFetcher EntryFetcher) (context.Context, []*types.Entry, error)
- func WithRateLimits(rateLimits map[string]api.RateLimiter, metrics telemetry.Metrics) middleware.Middleware
- type AgentAuthorizer
- type AgentAuthorizerFunc
- type EntryFetcher
- type EntryFetcherFunc
- type Middleware
- func Chain(ms ...Middleware) Middleware
- func Funcs(preprocess PreprocessFunc, postprocess PostprocessFunc) Middleware
- func Postprocess(fn PostprocessFunc) Middleware
- func Preprocess(fn PreprocessFunc) Middleware
- func WithAuditLog(udsTrackerEnabled bool) Middleware
- func WithLogger(log logrus.FieldLogger) Middleware
- func WithMetrics(metrics telemetry.Metrics) Middleware
- type PostprocessFunc
- type PreprocessFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DisabledLimit ¶ added in v0.11.2
func DisabledLimit() api.RateLimiter
DisabledLimit returns a rate limiter that does not rate limit. It is used to configure methods where rate limiting has been disabled by configuration.
func Interceptors ¶
func Interceptors(m Middleware) (grpc.UnaryServerInterceptor, grpc.StreamServerInterceptor)
func NoLimit ¶
func NoLimit() api.RateLimiter
NoLimit returns a rate limiter that does not rate limit. It is used to configure methods that don't do rate limiting.
func PerCallLimit ¶
func PerCallLimit(limit int) api.RateLimiter
PerCallLimit returns a rate limiter that imposes a server-wide limit for calls to the method. It can be shared across methods to enforce a server-wide limit for a group of methods.
func PerIPLimit ¶
func PerIPLimit(limit int) api.RateLimiter
PerIPLimit returns a rate limiter that imposes a per-ip limit on calls to a method. It can be shared across methods to enforce per-ip limits for a group of methods.
func StreamInterceptor ¶
func StreamInterceptor(m Middleware) grpc.StreamServerInterceptor
func UnaryInterceptor ¶
func UnaryInterceptor(m Middleware) grpc.UnaryServerInterceptor
func WithAuthorization ¶
func WithAuthorization(authPolicyEngine *authpolicy.Engine, entryFetcher EntryFetcher, agentAuthorizer AgentAuthorizer) middleware.Middleware
func WithCallerEntries ¶
func WithCallerEntries(ctx context.Context, entryFetcher EntryFetcher) (context.Context, []*types.Entry, error)
WithCallerEntries returns the caller entries retrieved using the given fetcher. If the context already has the caller entries, they are returned without re-fetching. This reduces entry fetching in the face of multiple authorizers.
func WithRateLimits ¶
func WithRateLimits(rateLimits map[string]api.RateLimiter, metrics telemetry.Metrics) middleware.Middleware
WithRateLimits returns a middleware that performs rate limiting for the group of methods descripted by the rateLimits map. It provides the configured rate limiter to the method handlers via the request context. If the middleware is invoked for a method that is not described in the map, it will fail the RPC with an INTERNAL error code, describing the RPC that was not configured properly. The middleware also encourages proper rate limiting by logging errors if a handler fails to invoke the rate limiter provided on the context when a limit has been configured or the handler invokes the rate limiter when a no limit has been configured.
WithRateLimits owns the passed rateLimits map and assumes it will not be mutated after the method is called.
The WithRateLimits middleware depends on the Logger and Authorization middlewares.
Types ¶
type AgentAuthorizer ¶
type AgentAuthorizerFunc ¶
type AgentAuthorizerFunc func(ctx context.Context, agentID spiffeid.ID, agentSVID *x509.Certificate) error
func (AgentAuthorizerFunc) AuthorizeAgent ¶
func (fn AgentAuthorizerFunc) AuthorizeAgent(ctx context.Context, agentID spiffeid.ID, agentSVID *x509.Certificate) error
type EntryFetcher ¶
type EntryFetcherFunc ¶
EntryFetcherFunc implements EntryFetcher with a function
func (EntryFetcherFunc) FetchEntries ¶
func (fn EntryFetcherFunc) FetchEntries(ctx context.Context, id spiffeid.ID) ([]*types.Entry, error)
FetchEntries fetches the downstream entries matching the given SPIFFE ID.
type Middleware ¶
type Middleware = middleware.Middleware
func Chain ¶
func Chain(ms ...Middleware) Middleware
func Funcs ¶
func Funcs(preprocess PreprocessFunc, postprocess PostprocessFunc) Middleware
func Postprocess ¶
func Postprocess(fn PostprocessFunc) Middleware
func Preprocess ¶
func Preprocess(fn PreprocessFunc) Middleware
func WithAuditLog ¶ added in v1.0.1
func WithAuditLog(udsTrackerEnabled bool) Middleware
func WithLogger ¶
func WithLogger(log logrus.FieldLogger) Middleware
func WithMetrics ¶
func WithMetrics(metrics telemetry.Metrics) Middleware
type PostprocessFunc ¶
type PostprocessFunc = middleware.PostprocessFunc
type PreprocessFunc ¶
type PreprocessFunc = middleware.PreprocessFunc