grpc_middleware

package

v1.36.0 Latest Latest Go to latest Published: Jan 23, 2024 License: GPL-3.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/flipt-io/flipt

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AuthenticationRequiredInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
func ClientTokenAuthenticationInterceptor(logger *zap.Logger, authenticator ClientTokenAuthenticator, ...) grpc.UnaryServerInterceptor
func ClientTokenInterceptorSelector() selector.Matcher
func ContextWithAuthentication(ctx context.Context, a *authrpc.Authentication) context.Context
func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, ...) grpc.UnaryServerInterceptor
func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
func JWTAuthenticationInterceptor(logger *zap.Logger, validator jwt.Validator, expected jwt.Expected, ...) grpc.UnaryServerInterceptor
func JWTInterceptorSelector() selector.Matcher
func NamespaceMatchingInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
type ClientTokenAuthenticator
type InterceptorOptions
type ScopedAuthenticationServer
type SkipsAuthenticationServer

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrUnauthenticated = status.Error(codes.Unauthenticated, "request was not authenticated")

Functions ¶

func AuthenticationRequiredInterceptor ¶ added in v1.35.0

func AuthenticationRequiredInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

AuthenticationRequiredInterceptor is a grpc.UnaryServerInterceptor which requires that all requests contain an Authentication instance on the context.

func ClientTokenAuthenticationInterceptor ¶ added in v1.35.0

func ClientTokenAuthenticationInterceptor(logger *zap.Logger, authenticator ClientTokenAuthenticator, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

ClientTokenAuthenticationInterceptor is a grpc.UnaryServerInterceptor which extracts a clientToken found within the authorization field on the incoming requests metadata. The fields value is expected to be in the form "Bearer <clientToken>".

func ClientTokenInterceptorSelector ¶ added in v1.35.0

func ClientTokenInterceptorSelector() selector.Matcher

func ContextWithAuthentication ¶

func ContextWithAuthentication(ctx context.Context, a *authrpc.Authentication) context.Context

ContextWithAuthentication returns a context with the specified authentication

func EmailMatchingInterceptor ¶

func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

EmailMatchingInterceptor is a grpc.UnaryServerInterceptor only used in the case where the user is using OIDC and wants to whitelist a group of users issuing operations against the Flipt server.

func GetAuthenticationFrom ¶

func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication

GetAuthenticationFrom is a utility for extracting an Authentication stored on a context.Context instance

func JWTAuthenticationInterceptor ¶ added in v1.35.0

func JWTAuthenticationInterceptor(logger *zap.Logger, validator jwt.Validator, expected jwt.Expected, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

func JWTInterceptorSelector ¶ added in v1.35.0

func JWTInterceptorSelector() selector.Matcher

JWTInterceptorSelector is a grpc.UnaryServerInterceptor which selects requests which contain a JWT in the authorization header.

func NamespaceMatchingInterceptor ¶

func NamespaceMatchingInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

func WithServerSkipsAuthentication ¶

func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]

WithServerSkipsAuthentication can be used to configure an auth unary interceptor which skips authentication when the provided server instance matches the intercepted calls parent server instance. This allows the caller to registers servers which explicitly skip authentication (e.g. OIDC).

Types ¶

type ClientTokenAuthenticator ¶ added in v1.35.0

type ClientTokenAuthenticator interface {
	GetAuthenticationByClientToken(ctx context.Context, clientToken string) (*authrpc.Authentication, error)
}

ClientTokenAuthenticator is the minimum subset of an authentication provider required by the middleware to perform lookups for Authentication instances using a obtained clientToken.

type InterceptorOptions ¶

type InterceptorOptions struct {
	// contains filtered or unexported fields
}

InterceptorOptions configure the basic AuthUnaryInterceptors

type ScopedAuthenticationServer ¶

type ScopedAuthenticationServer interface {
	AllowsNamespaceScopedAuthentication(ctx context.Context) bool
}

ScopedAuthenticationServer is a grpc.Server which allows for specific scoped authentication.

type SkipsAuthenticationServer ¶

type SkipsAuthenticationServer interface {
	SkipsAuthentication(ctx context.Context) bool
}

SkipsAuthenticationServer is a grpc.Server which should always skip authentication.

Source Files ¶

View all Source files

middleware.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL