server

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 29, 2024 License: Apache-2.0 Imports: 30 Imported by: 1

Documentation

Overview

Copyright 2022 Pure Storage

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package server is the gRPC implementation of the SDK gRPC server Copyright 2018 Portworx

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// Metedata context key where the token is found.
	// This key must be used by the caller as the key for the token in
	// the metedata of the context. The generated Rest Gateway also uses this
	// key as the location of the raw token coming from the standard REST
	// header: Authorization: bearer <adaf0sdfsd...token>
	ContextMetadataTokenKey = "bearer"
)
View Source 
const InsecureNoAuthNAuthZ = "insecureNoAuthNAuthZ"

InsecureNoAuthNAuthZ is returned by the API handlers that wish to skip authN and authZ checks.

View Source 
const InsecureNoAuthZ = "insecureNoAuthZ"

InsecureNoAuthZ is returned by the API handlers that want to skip authZ but require that the user be an authenticated user. No guests.

Variables

View Source 
var (
	DefaultRestServerCors = cors.Options{
		AllowedOrigins:   []string{"*"},
		AllowedMethods:   []string{"GET", "POST", "DELETE", "HEAD", "PUT", "OPTIONS"},
		AllowCredentials: true,
	}
	DefaultRateLimiter        = rate.NewLimiter(100, 50)
	DefaultRateLimiterPerUser = rate.NewLimiter(10, 25)
)

Functions

func ContextGetHandlerData added in v0.0.8 

func ContextGetHandlerData(ctx context.Context) interface{}

ContextGetHandlerData returns handler data that was stashed in the context by authZ interceptor. Returns nil if no data was found.

Types

type ExternalAuthZChecker added in v0.0.8 

type ExternalAuthZChecker func(ctx context.Context, authZReq ExternalAuthZRequest) (bool, error)

ExternalAuthZChecker is a caller-supplied function that is invoked by this framework to perform an authZ check. Returns true if the request is allowed. Otherwise, returns false.

type ExternalAuthZRequest added in v0.0.8 

type ExternalAuthZRequest interface{}

ExternalAuthZRequest contains data required to perform authorization via an external authorizer e.g. OPA. The concrete type of this request is specific to the external authorizer. gRPC API handlers return this value to indicate which objects/operations authZ check is to be performed against. The value is then passed to the specified AuthZChecker function which understands the concrete type of this value.

type ExternalAuthZRequestGetter added in v0.0.8 

type ExternalAuthZRequestGetter interface {
	// GetAuthZRequest is invoked by the authZ interceptor before performing an authZ check.
	// Returns an auth request that will be passed to ExternalAuthZChecker function to authorize
	// the specified input API request. Optionally, returns handler-data to be stashed in the context
	// for the later retrieval by the handler. The first return param can have following special values:
	// - Return InsecureNoAuthNAuthZ to skip both authN and authZ completely.
	// - Return InsecureNoAuthZ to perform just an authN check for a specific request and skip authZ check.
	// Such insecure requests must also be whilelisted in insecureNoAuthNAuthZReqs or insecureNoAuthZReqs params.
	// ExternalAuthZChecker function is not invoked for the insecure requests.
	GetAuthZRequest(ctx context.Context, fullPath string, request interface{}) (ExternalAuthZRequest, HandlerData, error)
}

ExternalAuthZRequestGetter must be implemented by all gRPC services that use the external authorizer.

type GrpcFrameworkServer 

type GrpcFrameworkServer struct {
	*grpcserver.GrpcServer
	// contains filtered or unexported fields
}

func NewGrpcFrameworkServer 

func NewGrpcFrameworkServer(config *ServerConfig) (*GrpcFrameworkServer, error)

New creates a new gRPC server for the gRPC framework

func (*GrpcFrameworkServer) Start 

func (s *GrpcFrameworkServer) Start() error

Start is used to start the server. It will return an error if the server is already running.

type HandlerData added in v0.0.8 

type HandlerData interface{}

HandlerData is optionally returned by the API handlers that wish to stash data in the context for later retrieval. This is useful to avoid duplicating (in the handler) the work previously done when performing an authZ check.

type RateLimiter added in v0.0.2 

type RateLimiter interface {
	Allow() bool
}

RateLimiter provides an interace which can be executed using golang.org/x/time/rate.Limter or a customer Limiter

type RateLimiterConfig added in v0.0.2 

type RateLimiterConfig struct {
	RateLimiter        RateLimiter
	RateLimiterPerUser RateLimiter
}

type RestGateway 

type RestGateway struct {
	// contains filtered or unexported fields
}

func NewRestGateway 

func NewRestGateway(config *ServerConfig, grpcServer *GrpcFrameworkServer) (*RestGateway, error)

func (*RestGateway) Start 

func (s *RestGateway) Start() error

func (*RestGateway) Stop 

func (s *RestGateway) Stop()

type RestServerConfig 

type RestServerConfig struct {
	Enabled          bool
	Port             string
	CorsOptions      RestServerCorsConfig
	PrometheusConfig RestServerPrometheusConfig
}

type RestServerCorsConfig 

type RestServerCorsConfig struct {
	Enabled bool

	// If not set, the framework will set up the cors
	CustomOptions *cors.Options
}

type RestServerPrometheusConfig 

type RestServerPrometheusConfig struct {
	Enabled bool

	// Defaults to `/metrics` if not provided
	Path string
}

type SecurityConfig 

type SecurityConfig struct {
	// Role implementation
	Role role.RoleManager
	// Tls configuration
	Tls *TLSConfig
	// Authenticators is a map of Authenticators by issuer which is key in the map.
	// If there are multiple authenticators with the same issuer (e.g. using different
	// client IDs), use NewIteratingMultiAuthenticator or NewMultiAuthenticatorByClientID and
	// then, add the returned multi-authenticator to this map.
	Authenticators map[string]auth.Authenticator
}

SecurityConfig provides configuration for SDK auth

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server is an implementation of the gRPC SDK interface

func New 

func New(config *ServerConfig) (*Server, error)

New creates a new SDK server

func (*Server) Address 

func (s *Server) Address() string

func (*Server) GrpcPort 

func (s *Server) GrpcPort() string

func (*Server) RestPort 

func (s *Server) RestPort() string

func (*Server) Start 

func (s *Server) Start() error

Start all servers

func (*Server) Stop 

func (s *Server) Stop()

func (*Server) Transaction 

func (s *Server) Transaction(f func() error) error

func (*Server) UdsAddress 

func (s *Server) UdsAddress() string

type ServerConfig 

type ServerConfig struct {
	// Name of the server
	Name string
	// Net is the transport for gRPC: unix, tcp, etc.
	// Defaults to `tcp` if the value is not provided.
	Net string
	// Address is the port number or the unix domain socket path.
	// For the gRPC Server. This value goes together with `Net`.
	Address string
	// REST server configuration
	RestConfig RestServerConfig
	// Unix domain socket for local communication. This socket
	// will be used by the REST Gateway to communicate with the gRPC server.
	// Only set for testing. Having a '%s' can be supported to use the
	// name of the driver as the driver name.
	Socket string
	// (optional) Location for audit log.
	// If not provided, it will go to /var/log/openstorage-audit.log
	AuditOutput io.Writer
	// (optional) Location of access log.
	// This is useful when authorization is not running.
	// If not provided, it will go to /var/log/grpc-framework-access.log
	AccessOutput io.Writer
	// Security configuration
	Security *SecurityConfig
	// RateLimiters provide caller with the ability to setup rate limits for
	// the gRPC server
	RateLimiters RateLimiterConfig
	// ServerExtensions allows you to extend the SDK gRPC server
	// with callback functions that are sequentially executed
	// at the end of Server.Start()
	//
	// To add your own service to the SDK gRPC server,
	// just append a function callback that registers it:
	//
	// s.config.ServerExtensions = append(s.config.ServerExtensions,
	// 		func(gs *grpc.Server) {
	//			api.RegisterCustomService(gs, customHandler)
	//		})
	GrpcServerExtensions []func(grpcServer *grpc.Server)

	// RestServerExtensions allows for extensions to be added
	// to the SDK Rest Gateway server.
	//
	// To add your own service to the SDK REST Server, simply add your handlers
	// to the RestSererExtensions slice. These handlers will be registered on the
	// REST Gateway http server.
	RestServerExtensions []func(context.Context, *runtime.ServeMux, *grpc.ClientConn) error

	// UnaryServerInterceptors will be interceptors added to the end of the default chain
	UnaryServerInterceptors []grpc.UnaryServerInterceptor

	// StreamServerInterceptors will be interceptors added to the end of the default chain
	StreamServerInterceptors []grpc.StreamServerInterceptor

	// ServerOptions hold any special gRPC server options
	ServerOptions []grpc.ServerOption

	// AuthNUnaryInterceptor installs a custom authN unary interceptor and overrides the default one
	AuthNUnaryInterceptor grpc.UnaryServerInterceptor

	// AuthNStreamInterceptor installs a custom authN stream interceptor and overrides the default one
	AuthNStreamInterceptor grpc.StreamServerInterceptor

	// AuthZUnaryInterceptor installs a custom authZ unary interceptor and overrides the default one
	AuthZUnaryInterceptor grpc.UnaryServerInterceptor

	// AuthZStreamInterceptor installs a custom authZ stream interceptor and overrides the default one
	AuthZStreamInterceptor grpc.StreamServerInterceptor

	// ExternalAuthZChecker plugs into the external authorizer framework's authZ interceptor
	ExternalAuthZChecker ExternalAuthZChecker

	// InsecureNoAuthNAuthZReqs is a list of API request types for which AuthN
	// or AuthZ checks are skipped.  When
	// ExternalAuthZRequestGetter.GetAuthZRequest() returns
	// InsecureNoAuthNAuthZ, the framework ensures that the request type is also
	// present in InsecureNoAuthNAuthZReqs  list. This adds a second level of
	// confirmation that it is ok to skip the auth checks for this request.
	// Refer to the documentation of ExternalAuthZRequestGetter interface for
	// more details.
	InsecureNoAuthNAuthZReqs []interface{}

	// InsecureNoAuthZReqs is data passed by the caller for the caller's
	// interceptor containing information on what APIs to not check for
	// authorization
	InsecureNoAuthZReqs []interface{}
}

ServerConfig provides the configuration to the SDK server

func (*ServerConfig) RegisterGrpcServers 

func (c *ServerConfig) RegisterGrpcServers(handlers func(grpcServer *grpc.Server)) *ServerConfig

func (*ServerConfig) RegisterRestHandlers 

func (c *ServerConfig) RegisterRestHandlers(
	handlers ...func(context.Context, *runtime.ServeMux, *grpc.ClientConn) error,
) *ServerConfig

func (*ServerConfig) WithAuthNInterceptors added in v0.0.6 

func (c *ServerConfig) WithAuthNInterceptors(unary grpc.UnaryServerInterceptor, stream grpc.StreamServerInterceptor,
) *ServerConfig

func (*ServerConfig) WithAuthZInterceptors added in v0.0.6 

func (c *ServerConfig) WithAuthZInterceptors(unary grpc.UnaryServerInterceptor, stream grpc.StreamServerInterceptor,
) *ServerConfig

func (*ServerConfig) WithDefaultGenericRoleManager added in v0.0.8 

func (c *ServerConfig) WithDefaultGenericRoleManager() *ServerConfig

func (*ServerConfig) WithDefaultRateLimiters added in v0.0.2 

func (c *ServerConfig) WithDefaultRateLimiters() *ServerConfig

func (*ServerConfig) WithDefaultRestServer 

func (c *ServerConfig) WithDefaultRestServer(port string) *ServerConfig

func (*ServerConfig) WithExternalAuthZChecker added in v0.0.8 

func (c *ServerConfig) WithExternalAuthZChecker(
	authZChecker ExternalAuthZChecker, insecureNoAuthNAuthZReqs, insecureNoAuthZReqs []interface{},
) *ServerConfig

func (*ServerConfig) WithRateLimiter added in v0.0.2 

func (c *ServerConfig) WithRateLimiter(r RateLimiter) *ServerConfig

func (*ServerConfig) WithRateLimiterPerUser added in v0.0.2 

func (c *ServerConfig) WithRateLimiterPerUser(r RateLimiter) *ServerConfig

func (*ServerConfig) WithRestCors 

func (c *ServerConfig) WithRestCors(co cors.Options) *ServerConfig

func (*ServerConfig) WithRestPrometheus 

func (c *ServerConfig) WithRestPrometheus(path string) *ServerConfig

func (*ServerConfig) WithServerOptions 

func (c *ServerConfig) WithServerOptions(opt ...grpc.ServerOption) *ServerConfig

func (*ServerConfig) WithServerStreamInterceptors 

func (c *ServerConfig) WithServerStreamInterceptors(i ...grpc.StreamServerInterceptor) *ServerConfig

func (*ServerConfig) WithServerUnaryInterceptors 

func (c *ServerConfig) WithServerUnaryInterceptors(i ...grpc.UnaryServerInterceptor) *ServerConfig

type TLSConfig 

type TLSConfig struct {
	// CertFile is the path to the cert file
	CertFile string
	// KeyFile is the path to the key file
	KeyFile string
}

TLSConfig points to the cert files needed for HTTPS

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.