Documentation
¶
Overview ¶
Package grpcutil contains functions for interacting with gRPC.
Index ¶
- Constants
- func AttachMetadataInterceptors(md metadata.MD) (grpc.UnaryServerInterceptor, grpc.StreamServerInterceptor)
- func GetTypeURL(msg proto.Message) string
- func JWTFromGRPCRequest(ctx context.Context) (rawjwt string, ok bool)
- func NewGRPCClientConn(ctx context.Context, opts *Options, other ...grpc.DialOption) (*grpc.ClientConn, error)
- func RequireSignedJWT(ctx context.Context, key []byte) error
- func ServeWithGracefulStop(ctx context.Context, srv *grpc.Server, li net.Listener, ...) error
- func SessionIDFromGRPCRequest(ctx context.Context) (sessionID string, ok bool)
- func StreamRequireSignedJWT(key string) grpc.StreamServerInterceptor
- func UnaryRequireSignedJWT(key string) grpc.UnaryServerInterceptor
- func WithOutgoingJWT(ctx context.Context, rawjwt string) context.Context
- func WithOutgoingSessionID(ctx context.Context, sessionID string) context.Context
- func WithStreamSignedJWT(getKey func() []byte) grpc.StreamClientInterceptor
- func WithUnarySignedJWT(getKey func() []byte) grpc.UnaryClientInterceptor
- type Options
Constants ¶
const JWTMetadataKey = "jwt"
JWTMetadataKey is the key in the metadata.
const MetadataKeyEnvoyVersion = "x-envoy-version"
MetadataKeyEnvoyVersion is the gRPC metadata key used for the envoy version.
const MetadataKeyPomeriumVersion = "x-pomerium-version"
MetadataKeyPomeriumVersion is the gRPC metadata key used for the pomerium version.
const SessionIDMetadataKey = "sessionid"
SessionIDMetadataKey is the key in the metadata.
Variables ¶
This section is empty.
Functions ¶
func AttachMetadataInterceptors ¶ added in v0.11.0
func AttachMetadataInterceptors(md metadata.MD) (grpc.UnaryServerInterceptor, grpc.StreamServerInterceptor)
AttachMetadataInterceptors returns unary and server stream interceptors that attach metadata to the response.
func GetTypeURL ¶ added in v0.14.0
GetTypeURL gets the TypeURL for a protobuf message.
func JWTFromGRPCRequest ¶
JWTFromGRPCRequest returns the JWT from the gRPC request.
func NewGRPCClientConn ¶ added in v0.16.0
func NewGRPCClientConn(ctx context.Context, opts *Options, other ...grpc.DialOption) (*grpc.ClientConn, error)
NewGRPCClientConn returns a new gRPC pomerium service client connection.
func RequireSignedJWT ¶ added in v0.11.0
RequireSignedJWT requires a JWT in the gRPC metadata and that it be signed by the given key.
func ServeWithGracefulStop ¶ added in v0.25.0
func ServeWithGracefulStop(ctx context.Context, srv *grpc.Server, li net.Listener, gracefulTimeout time.Duration) error
ServeWithGracefulStop serves the gRPC listener until ctx.Done(), and then gracefully stops and waits for gracefulTimeout before definitively stopping.
func SessionIDFromGRPCRequest ¶
SessionIDFromGRPCRequest returns the session id from the gRPC request.
func StreamRequireSignedJWT ¶ added in v0.11.0
func StreamRequireSignedJWT(key string) grpc.StreamServerInterceptor
StreamRequireSignedJWT requires a JWT in the gRPC metadata and that it be signed by the base64-encoded key.
func UnaryRequireSignedJWT ¶ added in v0.11.0
func UnaryRequireSignedJWT(key string) grpc.UnaryServerInterceptor
UnaryRequireSignedJWT requires a JWT in the gRPC metadata and that it be signed by the base64-encoded key.
func WithOutgoingJWT ¶
WithOutgoingJWT appends a metadata header for the JWT to a context.
func WithOutgoingSessionID ¶
WithOutgoingSessionID appends a metadata header for the session ID to a context.
func WithStreamSignedJWT ¶ added in v0.11.0
func WithStreamSignedJWT(getKey func() []byte) grpc.StreamClientInterceptor
WithStreamSignedJWT returns a StreamClientInterceptor that adds a JWT to requests.
func WithUnarySignedJWT ¶ added in v0.11.0
func WithUnarySignedJWT(getKey func() []byte) grpc.UnaryClientInterceptor
WithUnarySignedJWT returns a UnaryClientInterceptor that adds a JWT to requests.
Types ¶
type Options ¶ added in v0.16.0
type Options struct {
// Address is the location of the service. e.g. "service.corp.example:8443"
Address *url.URL
// OverrideCertificateName overrides the server name used to verify the hostname on the
// returned certificates from the server. gRPC internals also use it to override the virtual
// hosting name if it is set.
OverrideCertificateName string
// CA specifies the base64 encoded TLS certificate authority to use.
CA string
// CAFile specifies the TLS certificate authority file to use.
CAFile string
// RequestTimeout specifies the timeout for individual RPC calls
RequestTimeout time.Duration
// ClientDNSRoundRobin enables or disables DNS resolver based load balancing
ClientDNSRoundRobin bool
// InsecureSkipVerify skips destination hostname and ca check
InsecureSkipVerify bool
// ServiceName specifies the service name for telemetry exposition
ServiceName string
// SignedJWTKey is the JWT key to use for signing a JWT attached to metadata.
SignedJWTKey []byte
}
Options contains options for connecting to a pomerium rpc service.
Source Files