Documentation ¶
Overview ¶
Package authz exposes methods to manage authorization within gRPC.
Experimental ¶
Notice: This package is EXPERIMENTAL and may be changed or removed in a later release.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FileWatcherInterceptor ¶ added in v1.42.0
type FileWatcherInterceptor struct {
// contains filtered or unexported fields
}
FileWatcherInterceptor contains details used to make authorization decisions by watching a file path that contains authorization policy in JSON format.
func NewFileWatcher ¶ added in v1.42.0
func NewFileWatcher(file string, duration time.Duration) (*FileWatcherInterceptor, error)
NewFileWatcher returns a new FileWatcherInterceptor from a policy file that contains JSON string of authorization policy and a refresh duration to specify the amount of time between policy refreshes.
func (*FileWatcherInterceptor) Close ¶ added in v1.42.0
func (i *FileWatcherInterceptor) Close()
Close cleans up resources allocated by the interceptor.
func (*FileWatcherInterceptor) StreamInterceptor ¶ added in v1.42.0
func (i *FileWatcherInterceptor) StreamInterceptor(srv any, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
StreamInterceptor intercepts incoming Stream RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.
func (*FileWatcherInterceptor) UnaryInterceptor ¶ added in v1.42.0
func (i *FileWatcherInterceptor) UnaryInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)
UnaryInterceptor intercepts incoming Unary RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.
type StaticInterceptor ¶
type StaticInterceptor struct {
// contains filtered or unexported fields
}
StaticInterceptor contains engines used to make authorization decisions. It either contains two engines deny engine followed by an allow engine or only one allow engine.
func NewStatic ¶
func NewStatic(authzPolicy string) (*StaticInterceptor, error)
NewStatic returns a new StaticInterceptor from a static authorization policy JSON string.
func (*StaticInterceptor) StreamInterceptor ¶
func (i *StaticInterceptor) StreamInterceptor(srv any, ss grpc.ServerStream, _ *grpc.StreamServerInfo, handler grpc.StreamHandler) error
StreamInterceptor intercepts incoming Stream RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.
func (*StaticInterceptor) UnaryInterceptor ¶
func (i *StaticInterceptor) UnaryInterceptor(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)
UnaryInterceptor intercepts incoming Unary RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.