grpc_middleware

package
v1.43.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 30, 2024 License: GPL-3.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrUnauthenticated = status.Error(codes.Unauthenticated, "request was not authenticated")

Functions

func AuthenticationRequiredInterceptor

func AuthenticationRequiredInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

AuthenticationRequiredInterceptor is a grpc.UnaryServerInterceptor which requires that all requests contain an Authentication instance on the context.

func ClientTokenAuthenticationInterceptor

func ClientTokenAuthenticationInterceptor(logger *zap.Logger, authenticator ClientTokenAuthenticator, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

ClientTokenAuthenticationInterceptor is a grpc.UnaryServerInterceptor which extracts a clientToken found within the authorization field on the incoming requests metadata. The fields value is expected to be in the form "Bearer <clientToken>".

func ClientTokenInterceptorSelector

func ClientTokenInterceptorSelector() selector.Matcher

func ContextWithAuthentication

func ContextWithAuthentication(ctx context.Context, a *authrpc.Authentication) context.Context

ContextWithAuthentication returns a context with the specified authentication

func EmailMatchingInterceptor

func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

EmailMatchingInterceptor is a grpc.UnaryServerInterceptor only used in the case where the user is using OIDC and wants to whitelist a group of users issuing operations against the Flipt server.

func GetAuthenticationFrom

func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication

GetAuthenticationFrom is a utility for extracting an Authentication stored on a context.Context instance

func JWTAuthenticationInterceptor

func JWTAuthenticationInterceptor(logger *zap.Logger, validator jwt.Validator, expected jwt.Expected, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

func JWTInterceptorSelector

func JWTInterceptorSelector() selector.Matcher

JWTInterceptorSelector is a grpc.UnaryServerInterceptor which selects requests which contain a JWT in the authorization header.

func WithServerSkipsAuthentication

func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]

WithServerSkipsAuthentication can be used to configure an auth unary interceptor which skips authentication when the provided server instance matches the intercepted calls parent server instance. This allows the caller to registers servers which explicitly skip authentication (e.g. OIDC).

Types

type ClientTokenAuthenticator

type ClientTokenAuthenticator interface {
	GetAuthenticationByClientToken(ctx context.Context, clientToken string) (*authrpc.Authentication, error)
}

ClientTokenAuthenticator is the minimum subset of an authentication provider required by the middleware to perform lookups for Authentication instances using a obtained clientToken.

type InterceptorOptions

type InterceptorOptions struct {
	// contains filtered or unexported fields
}

InterceptorOptions configure the basic AuthUnaryInterceptors

type ScopedAuthenticationServer

type ScopedAuthenticationServer interface {
	AllowsNamespaceScopedAuthentication(ctx context.Context) bool
}

ScopedAuthenticationServer is a grpc.Server which allows for specific scoped authentication.

type SkipsAuthenticationServer

type SkipsAuthenticationServer interface {
	SkipsAuthentication(ctx context.Context) bool
}

SkipsAuthenticationServer is a grpc.Server which should always skip authentication.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL