Documentation ¶
Index ¶
- Variables
- func ContextWithAuthentication(ctx context.Context, a *authrpc.Authentication) context.Context
- func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, ...) grpc.UnaryServerInterceptor
- func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
- func NamespaceMatchingInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
- func UnaryInterceptor(logger *zap.Logger, authenticator Authenticator, ...) grpc.UnaryServerInterceptor
- func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
- type Authenticator
- type InterceptorOptions
- type ScopedAuthenticationServer
- type SkipsAuthenticationServer
Constants ¶
This section is empty.
Variables ¶
var ErrUnauthenticated = status.Error(codes.Unauthenticated, "request was not authenticated")
Functions ¶
func ContextWithAuthentication ¶
ContextWithAuthentication returns a context with the specified authentication
func EmailMatchingInterceptor ¶
func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
EmailMatchingInterceptor is a grpc.UnaryServerInterceptor only used in the case where the user is using OIDC and wants to whitelist a group of users issuing operations against the Flipt server.
func GetAuthenticationFrom ¶
func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
GetAuthenticationFrom is a utility for extracting an Authentication stored on a context.Context instance
func NamespaceMatchingInterceptor ¶
func NamespaceMatchingInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
func UnaryInterceptor ¶
func UnaryInterceptor(logger *zap.Logger, authenticator Authenticator, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
UnaryInterceptor is a grpc.UnaryServerInterceptor which extracts a clientToken found within the authorization field on the incoming requests metadata. The fields value is expected to be in the form "Bearer <clientToken>".
func WithServerSkipsAuthentication ¶
func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
WithServerSkipsAuthentication can be used to configure an auth unary interceptor which skips authentication when the provided server instance matches the intercepted calls parent server instance. This allows the caller to registers servers which explicitly skip authentication (e.g. OIDC).
Types ¶
type Authenticator ¶
type Authenticator interface {
GetAuthenticationByClientToken(ctx context.Context, clientToken string) (*authrpc.Authentication, error)
}
Authenticator is the minimum subset of an authentication provider required by the middleware to perform lookups for Authentication instances using a obtained clientToken.
type InterceptorOptions ¶
type InterceptorOptions struct {
// contains filtered or unexported fields
}
InterceptorOptions configure the UnaryInterceptor
type ScopedAuthenticationServer ¶
type ScopedAuthenticationServer interface {
AllowsNamespaceScopedAuthentication(ctx context.Context) bool
}
ScopedAuthenticationServer is a grpc.Server which allows for specific scoped authentication.
type SkipsAuthenticationServer ¶
SkipsAuthenticationServer is a grpc.Server which should always skip authentication.