middleware

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 12, 2023 License: Apache-2.0 Imports: 10 Imported by: 3

Documentation

Overview

Package middleware provides functionality for instrumenting and enriching grpc connections.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdminEnricher

func AdminEnricher(password string) contextFunc

AdminEnricher enriches the given gRPC context with an admin, if possible. If the caller is not an admin, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.

func AdminInContext

func AdminInContext(ctx context.Context) bool

AdminInContext determines if an admin value is in the given context.

func ContextInterceptor

func ContextInterceptor(ctxFunc contextFunc) grpc.UnaryServerInterceptor

ContextInterceptor enables the interception and transformation of a gRPC context.

func EnforceAccess

func EnforceAccess(ctx context.Context, info *grpc.UnaryServerInfo) (context.Context, error)

EnforceAccess enforces authorization to API services. Specifically, if a service declares that it is allowed to be accessed anonymously, access is allowed always. If the service does not permit anonymous access, a v1.User must exist in the given context for access to be allowed.

func ServiceAccountEnricher

func ServiceAccountEnricher(validator func(string) (*v1.ServiceAccount, error)) contextFunc

ServiceAccountEnricher enriches the given gRPC context with a v1.ServiceAccount struct, if possible. If there is no service account, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.

func ServiceAccountFromContext

func ServiceAccountFromContext(ctx context.Context) (*v1.ServiceAccount, bool)

ServiceAccountFromContext extracts a v1.ServiceAccount from the given context, if one exists.

func UserEnricher

func UserEnricher(cfg auth.OidcAuth) contextFunc

UserEnricher enriches the given gRPC context with a v1.User struct, if possible. If there is no user, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.

func UserFromContext

func UserFromContext(ctx context.Context) (*v1.User, bool)

UserFromContext extracts a v1.User from the given context, if one exists.

Types

type APIService

type APIService interface {
	Access() map[string]Access
	RegisterServiceServer(server *grpc.Server)
	RegisterServiceHandler(context.Context, *runtime.ServeMux, *grpc.ClientConn) error
}

APIService is the service interface

func Services

func Services(serviceFuncs ...APIServiceFunc) ([]APIService, error)

Services process the given APIServiceFunc list, and returns the resulting APIService list. If any errors occur, that error is returned immediately.

type APIServiceFunc

type APIServiceFunc func() (APIService, error)

APIServiceFunc represents a function that is capable of making a APIService.

type Access

type Access int

Access represents a single access level, that is used when permissioning API endpoints.

const (
	// Admin represents admin level access
	Admin Access = iota + 1

	// Authenticated represents user or service account level access.
	Authenticated

	// Anonymous represents unauthenticated access.
	Anonymous
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL