unary

package

v0.0.0-...-89602ce Latest Latest Go to latest Published: Aug 18, 2020 License: BSD-3-Clause Imports: 20 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package unary provides some default RPC interceptors and a wrapper around GRPC's unary interceptors called Interceptor. This package maintains a registry of interceptors to run on RPC requests.

package middleware/unary implements cloud service middleware layer which facilitates injection of cloudwide request & context decorators or filters (interceptors) for unary RPC methods

package interceptors implements all cloud service framework unary interceptors

Index ¶

Constants
func BlockUnregisteredGateways(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)
func MiddlewareHandler(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, ...) (resp interface{}, err error)
func SetIdentityFromContext(ctx context.Context, _ interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)
type Interceptor
type InterceptorHandler

Constants ¶

View Source

const (
	// Client Certificate CN Header
	CLIENT_CERT_CN_KEY = "x-magma-client-cert-cn"
	// Client Certificate Serial Number Header
	CLIENT_CERT_SN_KEY = "x-magma-client-cert-serial"
)

SetIdentityFromContext is an identity decorator implements Identity injector for all authenticated requests. It looks for x-magma-client-cert-cn and x-magma-client-cert-serial HTTP headers in the context, verifies validity of the client certificate and injects a valid, verified client Identity into RPC context SetIdentityFromContext can only modify CTX, it doesn't affect other RPC parameters

View Source

const (
	ERROR_MSG_NO_METADATA      = "Missing Required CTX Metadata"
	ERROR_MSG_INVALID_CERT     = "Invalid Client Certificate"
	ERROR_MSG_UNKNOWN_CERT     = "Unknown Client Certificate"
	ERROR_MSG_EXPIRED_CERT     = "Expired Client Certificate"
	ERROR_MSG_MISSING_IDENTITY = "Missing Certificate Identity"
	ERROR_MSG_INVALID_TYPE     = "Invalid Certificate Owner"
	ERROR_MSG_UNKNOWN_CLIENT   = "Unknown Client Address"

	// GW should start bootstrap 20 hours prior to cert expiration, give it 10 hours to try & start counting
	// bootstrap failures after that
	CERT_EXPIRATION_DURATION_THRESHOLD = time.Hour * 10
)

Variables ¶

This section is empty.

Functions ¶

func BlockUnregisteredGateways ¶

func BlockUnregisteredGateways(
	ctx context.Context,
	req interface{},
	info *grpc.UnaryServerInfo) (
	newCtx context.Context, newReq interface{}, resp interface{}, err error,
)

BlockUnregisteredGateways is an Interceptor blocking calls from Gateways which were not registered on the cloud. BlockUnregisteredGateways must be invoked after Identity Decorator since it relies on the Identity Decorator's results

func MiddlewareHandler ¶

func MiddlewareHandler(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error)

unary.MiddlewareHandler iterates through and calls all registered unary middleware interceptors and 'decorates' RPC parameters before invoking the original server RPC method

func SetIdentityFromContext ¶

func SetIdentityFromContext(ctx context.Context, _ interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)

SetIdentityFromContext finds Identity associated with caller's Client Certificate Serial Number (if present), makes sure that the found Identity is of a Gateway & fills in all available Gateway Identity information SetIdentityFromContext will bypass the Identity checks for local callers (other services on the cloud) and allowlisted RPCs (methods in identityDecoratorBypassList)

Types ¶

type Interceptor ¶

type Interceptor struct {
	// Interceptor's Handler, has the same signature as
	// the non-receiver InterceptorHandler
	Handler func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)
	// Name returns name of the Interceptor implementation
	Name string
	// Description returns a string describing Interceptor
	Description string
}

Interceptor defines an interface to be implemented by all Unary Interceptors In addition to a receiver form of InterceptorHandler it provides Name & Description methods to aid diagnostic & logging of Interceptor related issues

type InterceptorHandler ¶

type InterceptorHandler func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo) (newCtx context.Context, newReq interface{}, resp interface{}, err error)

InterceptorHandler is a function type to intercept the execution of a unary RPC on the server. ctx, req & info contains all the information of this RPC the interceptor can operate on, If Handler returns an error, the chain of Interceptor calls will be interrupted and the error will be returned to the RPC client If returned CTX is not nil, it'll be used for the remaining interceptors and original RPC If resp return value is not nil - , the chain of Interceptor calls will be interrupted and the resp will be returned to the RPC client

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
test_utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL