grpcsp

package

v0.0.0-...-65468f9 Latest Latest Go to latest Published: Oct 31, 2024 License: BSD-3-Clause Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

skia.googlesource.com/buildbot

Links

Open Source Insights

Documentation ¶

Overview ¶

Package grpcsp implements grpc server interceptors to apply role-based access control to a grpc service. It is intended to work with headers set by go.skia.org/infra/kube/go/authproxy on incoming requests.

Index ¶

type ServerPolicy
- func Server() *ServerPolicy
- func (sp *ServerPolicy) Service(desc grpc.ServiceDesc) (*ServicePolicy, error)
- func (sp *ServerPolicy) UnaryInterceptor() grpc.UnaryServerInterceptor
type ServicePolicy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ServerPolicy ¶

type ServerPolicy struct {
	// contains filtered or unexported fields
}

ServerPolicy captures the set of authorization policies for a given grpc.Server instance, including all individual services registered to it.

func Server ¶

func Server() *ServerPolicy

Server returns a new ServerPolicy instance.

func (*ServerPolicy) Service ¶

func (sp *ServerPolicy) Service(desc grpc.ServiceDesc) (*ServicePolicy, error)

Service returns a new configurable ServicePolicy. The policy is conservative in that anything that isn't explicitly allowed by the policy is denied. Calling this more than once with the same grpc.ServiceDesc results in an error.

func (*ServerPolicy) UnaryInterceptor ¶

func (sp *ServerPolicy) UnaryInterceptor() grpc.UnaryServerInterceptor

UnaryInterceptor returns a grpc.UnaryServerInterceptor that applies role checks defined by the policy to incoming requests. Requests that do not satisfy the policy result in a codes.PermissionDenied response code returned to the caller.

type ServicePolicy ¶

type ServicePolicy struct {
	// contains filtered or unexported fields
}

ServicePolicy captures the authorization policy for an individual grpc service.

func (*ServicePolicy) AuthorizeMethodForRoles ¶

func (p *ServicePolicy) AuthorizeMethodForRoles(method string, r roles.Roles) error

AuthorizeMethodForRoles configures the policy to allow users with any of the given [role] values to make calls to [method]. Authorize multiple roles by passing multiple role values. Calling this more than once with the same [method] results in an error. Calling this with a method not included in the service description results in an error.

func (*ServicePolicy) AuthorizeRoles ¶

func (p *ServicePolicy) AuthorizeRoles(r roles.Roles) error

AuthorizeRoles configures the policy to allow users with any of the given [role] values to make calls to any method. Authorize multiple roles by passing multiple role values. Calling this more than once results in an error.

func (*ServicePolicy) AuthorizeUnauthenticated ¶

func (p *ServicePolicy) AuthorizeUnauthenticated() error

AuthorizeUnauthenticated configures the service to allow any request, regardless of authentication or roles attached to the request.

Source Files ¶

View all Source files

authorization.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL