Documentation
¶
Overview ¶
Package middleware provides functionality for instrumenting and enriching grpc connections.
Index ¶
- func AdminEnricher(password string) contextFunc
- func AdminInContext(ctx context.Context) bool
- func ContextInterceptor(ctxFunc contextFunc) grpc.UnaryServerInterceptor
- func EnforceAccess(ctx context.Context, info *grpc.UnaryServerInfo) (context.Context, error)
- func ServiceAccountEnricher(validator func(string) (*v1.ServiceAccount, error)) contextFunc
- func ServiceAccountFromContext(ctx context.Context) (*v1.ServiceAccount, bool)
- func UserEnricher(cfg auth.OidcAuth) contextFunc
- func UserFromContext(ctx context.Context) (*v1.User, bool)
- type APIService
- type APIServiceFunc
- type Access
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AdminEnricher ¶
func AdminEnricher(password string) contextFunc
AdminEnricher enriches the given gRPC context with an admin, if possible. If the caller is not an admin, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.
func AdminInContext ¶
AdminInContext determines if an admin value is in the given context.
func ContextInterceptor ¶
func ContextInterceptor(ctxFunc contextFunc) grpc.UnaryServerInterceptor
ContextInterceptor enables the interception and transformation of a gRPC context.
func EnforceAccess ¶
EnforceAccess enforces authorization to API services. Specifically, if a service declares that it is allowed to be accessed anonymously, access is allowed always. If the service does not permit anonymous access, a v1.User must exist in the given context for access to be allowed.
func ServiceAccountEnricher ¶
func ServiceAccountEnricher(validator func(string) (*v1.ServiceAccount, error)) contextFunc
ServiceAccountEnricher enriches the given gRPC context with a v1.ServiceAccount struct, if possible. If there is no service account, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.
func ServiceAccountFromContext ¶
func ServiceAccountFromContext(ctx context.Context) (*v1.ServiceAccount, bool)
ServiceAccountFromContext extracts a v1.ServiceAccount from the given context, if one exists.
func UserEnricher ¶
UserEnricher enriches the given gRPC context with a v1.User struct, if possible. If there is no user, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.
Types ¶
type APIService ¶
type APIService interface {
Access() map[string]Access
RegisterServiceServer(server *grpc.Server)
RegisterServiceHandler(context.Context, *runtime.ServeMux, *grpc.ClientConn) error
}
APIService is the service interface
func Services ¶
func Services(serviceFuncs ...APIServiceFunc) ([]APIService, error)
Services process the given APIServiceFunc list, and returns the resulting APIService list. If any errors occur, that error is returned immediately.
type APIServiceFunc ¶
type APIServiceFunc func() (APIService, error)
APIServiceFunc represents a function that is capable of making a APIService.
Source Files