grpcsp

package
v0.0.0-...-4448a72 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2024 License: BSD-3-Clause Imports: 9 Imported by: 0

Documentation

Overview

Package grpcsp implements grpc server interceptors to apply role-based access control to a grpc service. It is intended to work with headers set by go.skia.org/infra/kube/go/authproxy on incoming requests.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ServerPolicy

type ServerPolicy struct {
	// contains filtered or unexported fields
}

ServerPolicy captures the set of authorization policies for a given grpc.Server instance, including all individual services registered to it.

func Server

func Server() *ServerPolicy

Server returns a new ServerPolicy instance.

func (*ServerPolicy) Service

func (sp *ServerPolicy) Service(desc grpc.ServiceDesc) (*ServicePolicy, error)

Service returns a new configurable ServicePolicy. The policy is conservative in that anything that isn't explicitly allowed by the policy is denied. Calling this more than once with the same grpc.ServiceDesc results in an error.

func (*ServerPolicy) UnaryInterceptor

func (sp *ServerPolicy) UnaryInterceptor() grpc.UnaryServerInterceptor

UnaryInterceptor returns a grpc.UnaryServerInterceptor that applies role checks defined by the policy to incoming requests. Requests that do not satisfy the policy result in a codes.PermissionDenied response code returned to the caller.

type ServicePolicy

type ServicePolicy struct {
	// contains filtered or unexported fields
}

ServicePolicy captures the authorization policy for an individual grpc service.

func (*ServicePolicy) AuthorizeMethodForRoles

func (p *ServicePolicy) AuthorizeMethodForRoles(method string, r roles.Roles) error

AuthorizeMethodForRoles configures the policy to allow users with any of the given [role] values to make calls to [method]. Authorize multiple roles by passing multiple role values. Calling this more than once with the same [method] results in an error. Calling this with a method not included in the service description results in an error.

func (*ServicePolicy) AuthorizeRoles

func (p *ServicePolicy) AuthorizeRoles(r roles.Roles) error

AuthorizeRoles configures the policy to allow users with any of the given [role] values to make calls to any method. Authorize multiple roles by passing multiple role values. Calling this more than once results in an error.

func (*ServicePolicy) AuthorizeUnauthenticated

func (p *ServicePolicy) AuthorizeUnauthenticated() error

AuthorizeUnauthenticated configures the service to allow any request, regardless of authentication or roles attached to the request.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL