grpc

package
v0.0.0-...-66ba595 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 6, 2020 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthInfoInterceptor 

func AuthInfoInterceptor(
	ctx context.Context,
	req interface{},
	info *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler) (resp interface{}, err error)

AuthInfoInterceptor extracts peer's id from the certificate and adds it to the request context

func ErrorMarshallerInterceptor 

func ErrorMarshallerInterceptor(
	ctx context.Context,
	req interface{},
	info *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler) (resp interface{}, err error)

ErrorMarshallerInterceptor marshals an error chain to json.

func ErrorUnmarshallerInterceptor 

func ErrorUnmarshallerInterceptor(
	ctx context.Context,
	method string,
	req,
	reply interface{},
	cc *grpc.ClientConn,
	invoker grpc.UnaryInvoker,
	opts ...grpc.CallOption) error

ErrorUnmarshallerInterceptor unmarshals the returned error from the grpc call into an error chain if it is the marshalled form of an error chain

func PolicyEnforcementInterceptor 

func PolicyEnforcementInterceptor(p Policy) grpc.UnaryServerInterceptor

PolicyEnforcementInterceptor authorizes the execution of handler

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client implements rex.Service by translating the API to GRPC.

func NewClient 

func NewClient(conn grpc.ClientConnInterface) *Client

NewClient creates a new GRPC Client

func (*Client) Exec 

func (c *Client) Exec(ctx context.Context, path string, args ...string) (uuid.UUID, error)

Exec implementes rex.Service.Exec by sending it over GRPC to a remote implementation of rex.Service

func (*Client) GetProcessInfo 

func (c *Client) GetProcessInfo(ctx context.Context, processID uuid.UUID) (rex.ProcessInfo, error)

GetProcessInfo translates GetProcessInfo from the native API to the GRPC api to get the process info of a given process

func (*Client) Kill 

func (c *Client) Kill(ctx context.Context, processID uuid.UUID, signal int) error

Kill translates Kill from the native API to the GRPC api to send a signal to a specific process

func (*Client) ListProcessInfo 

func (c *Client) ListProcessInfo(ctx context.Context) ([]rex.ProcessInfo, error)

ListProcessInfo forwards a ListProcessInfo request to a remote GRPC implementation of rex.Service

func (*Client) Read 

func (c *Client) Read(ctx context.Context, processID uuid.UUID, target rex.OutputStream) ([]byte, error)

Read translates Read from the native API to the GRPC api to read the stdout or the stderr of a specific process

type Policy 

type Policy interface {
	// Enforce enforces a yes/no effect verdict on the given context and
	// returns "applies" (second return value) as true if the context falls
	// under the policy conditions. Otherwise it returns "applies" as false.
	Enforce(context.Context) (effect bool, applies bool)
}

Policy is an abstraction for enforcing arbitrary rules with boolean outcome.

type PolicyEnforcer 

type PolicyEnforcer struct {
	// contains filtered or unexported fields
}

PolicyEnforcer implements Policy by chaining together other policies and executing them one by one, defaulting

func NewPolicyEnforcer 

func NewPolicyEnforcer(policies ...Policy) *PolicyEnforcer

NewPolicyEnforcer creates a PolicyEnforcer from a list (ordered chain) of objects satisfying the Policy interface

func (*PolicyEnforcer) Enforce 

func (e *PolicyEnforcer) Enforce(ctx context.Context) (bool, bool)

Enforce applies []policies on the context. Returns (false, false) if none of the policies apply, returns (false, true) if at least one of the policies returns (false, true), and returns (true, true) otherwise.

type Server 

type Server struct {
	proto.UnimplementedRexServer
	// contains filtered or unexported fields
}

Server implements rex.Service by translating the GRPC api and passing the request to a concrete implementation of rex.Service

func NewServer 

func NewServer(ps rex.Service) *Server

NewServer creates a new Server capable of serving its API over GRPC.

func (*Server) Exec 

func (s *Server) Exec(ctx context.Context, req *proto.ExecRequest) (*proto.ExecResponse, error)

Exec implements the Exec function from the Rex GRPC api.

func (*Server) GetProcessInfo 

func (s *Server) GetProcessInfo(ctx context.Context, req *proto.GetProcessInfoRequest) (*proto.ProcessInfo, error)

GetProcessInfo translates the request to get the info of a specific process from the gRPC API to the native API.

func (*Server) Kill 

func (s *Server) Kill(ctx context.Context, req *proto.KillRequest) (*proto.KillResponse, error)

Kill will send the specified signal to the specified proces. Here it will be translated from the gRPC API to the native API and passed to the concrete implementation.

func (*Server) ListProcessInfo 

func (s *Server) ListProcessInfo(ctx context.Context, req *proto.ListProcessInfoRequest) (*proto.ProcessInfoList, error)

ListProcessInfo passes an incoming ListProcessInfo GRPC request to a concrete implementation of rex.Service

func (*Server) Read 

func (s *Server) Read(ctx context.Context, req *proto.ReadRequest) (*proto.ReadResponse, error)

Read forwards a requet to read the stdout/stderr of a process to the underlying (concrete) rex.Service.

type SimpleAccessRule 

type SimpleAccessRule struct {
	Principal string `validate:"required"`
	// TODO: extract method names from the grpc service. Currently I don't see
	// a clean way to do this. We can register a dummy service which will
	// introduce proto._Rex_serviceDesc to the grpc server upon registration,
	// They GetServiceInfo will reveal the method names. However to avoid
	// reconstructing the full method name ourselves, we need to extract those
	// directly from interceptors. One idea would be to loop over the method
	// names of the above dummy service and through server reflection send a
	// dummy request to each of its endpoints, allowing for the interceptor
	// to be invoked. There we steal the full name using UnaryServerInfo.
	// All of this happens before server startup time.
	Action string `validate:"oneof=* /Rex/Exec /Rex/Kill /Rex/GetProcessInfo /Rex/ListProcessInfo /Rex/Read"`
	Effect string `validate:"oneof=allow deny"`
}

SimpleAccessRule defines access rules of the form "User is/is not allowed to execute Action"

func SimpleAccessRuleFromJSON 

func SimpleAccessRuleFromJSON(marshalledAccessRule []byte) (*SimpleAccessRule, error)

SimpleAccessRuleFromJSON creates an access rule from its json representation

func (*SimpleAccessRule) Enforce 

func (r *SimpleAccessRule) Enforce(ctx context.Context) (bool, bool)

Enforce returns (lowercase(Effect) == "allow", true) if principal and action match those in the context, (false, false) otherwise. Its Principal and Action fields support "*" to always match.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.