Documentation ¶
Index ¶
- func AuthenticationRequiredInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
- func ClientTokenAuthenticationInterceptor(logger *zap.Logger, authenticator ClientTokenAuthenticator, ...) grpc.UnaryServerInterceptor
- func ClientTokenInterceptorSelector() selector.Matcher
- func ContextWithAuthentication(ctx context.Context, a *authrpc.Authentication) context.Context
- func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, ...) grpc.UnaryServerInterceptor
- func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
- func JWTAuthenticationInterceptor(logger *zap.Logger, validator jwt.Validator, expected jwt.Expected, ...) grpc.UnaryServerInterceptor
- func JWTInterceptorSelector() selector.Matcher
- func NamespaceMatchingInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
- func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
- type ClientTokenAuthenticator
- type InterceptorOptions
- type ScopedAuthenticationServer
- type SkipsAuthenticationServer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthenticationRequiredInterceptor ¶
func AuthenticationRequiredInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
AuthenticationRequiredInterceptor is a grpc.UnaryServerInterceptor which requires that all requests contain an Authentication instance on the context.
func ClientTokenAuthenticationInterceptor ¶
func ClientTokenAuthenticationInterceptor(logger *zap.Logger, authenticator ClientTokenAuthenticator, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
ClientTokenAuthenticationInterceptor is a grpc.UnaryServerInterceptor which extracts a clientToken found within the authorization field on the incoming requests metadata. The fields value is expected to be in the form "Bearer <clientToken>".
func ContextWithAuthentication ¶
ContextWithAuthentication returns a context with the specified authentication
func EmailMatchingInterceptor ¶
func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
EmailMatchingInterceptor is a grpc.UnaryServerInterceptor only used in the case where the user is using OIDC and wants to whitelist a group of users issuing operations against the Flipt server.
func GetAuthenticationFrom ¶
func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
GetAuthenticationFrom is a utility for extracting an Authentication stored on a context.Context instance
func JWTAuthenticationInterceptor ¶
func JWTAuthenticationInterceptor(logger *zap.Logger, validator jwt.Validator, expected jwt.Expected, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
func JWTInterceptorSelector ¶
JWTInterceptorSelector is a grpc.UnaryServerInterceptor which selects requests which contain a JWT in the authorization header.
func NamespaceMatchingInterceptor ¶
func NamespaceMatchingInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
func WithServerSkipsAuthentication ¶
func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
WithServerSkipsAuthentication can be used to configure an auth unary interceptor which skips authentication when the provided server instance matches the intercepted calls parent server instance. This allows the caller to registers servers which explicitly skip authentication (e.g. OIDC).
Types ¶
type ClientTokenAuthenticator ¶
type ClientTokenAuthenticator interface {
GetAuthenticationByClientToken(ctx context.Context, clientToken string) (*authrpc.Authentication, error)
}
ClientTokenAuthenticator is the minimum subset of an authentication provider required by the middleware to perform lookups for Authentication instances using a obtained clientToken.
type InterceptorOptions ¶
type InterceptorOptions struct {
// contains filtered or unexported fields
}
InterceptorOptions configure the basic AuthUnaryInterceptors
type ScopedAuthenticationServer ¶
type ScopedAuthenticationServer interface {
AllowsNamespaceScopedAuthentication(ctx context.Context) bool
}
ScopedAuthenticationServer is a grpc.Server which allows for specific scoped authentication.
type SkipsAuthenticationServer ¶
SkipsAuthenticationServer is a grpc.Server which should always skip authentication.