middleware

package
v0.0.1-0...-c0e0c3d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package middleware provides functionality for instrumenting and enriching grpc connections.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdminEnricher 

func AdminEnricher(password string) contextFunc

AdminEnricher enriches the given gRPC context with an admin, if possible. If the caller is not an admin, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.

func AdminInContext 

func AdminInContext(ctx context.Context) bool

AdminInContext determines if an admin value is in the given context.

func ContextInterceptor 

func ContextInterceptor(ctxFunc contextFunc) grpc.UnaryServerInterceptor

ContextInterceptor enables the interception and transformation of a gRPC context.

func EnforceAccess 

func EnforceAccess(ctx context.Context, info *grpc.UnaryServerInfo) (context.Context, error)

EnforceAccess enforces authorization to API services. Specifically, if a service declares that it is allowed to be accessed anonymously, access is allowed always. If the service does not permit anonymous access, a v1.User must exist in the given context for access to be allowed.

func GetOwnerFromContext 

func GetOwnerFromContext(ctx context.Context) (string, error)

GetOwnerFromContext finds the email of the authenticated user or service account from the request context.

func ServiceAccountEnricher 

func ServiceAccountEnricher(validator func(string) (v1.ServiceAccount, error)) contextFunc

ServiceAccountEnricher enriches the given gRPC context with a v1.ServiceAccount struct, if possible. If there is no service account, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.

func ServiceAccountFromContext 

func ServiceAccountFromContext(ctx context.Context) (*v1.ServiceAccount, bool)

ServiceAccountFromContext extracts a v1.ServiceAccount from the given context, if one exists.

func UserEnricher 

func UserEnricher(cfg auth.OidcAuth) contextFunc

UserEnricher enriches the given gRPC context with a v1.User struct, if possible. If there is no user, this function does not return an error, as anonymous API calls are a possibility. Authorization must be independently enforced.

func UserFromContext 

func UserFromContext(ctx context.Context) (*v1.User, bool)

UserFromContext extracts a v1.User from the given context, if one exists.

Types

type APIService 

type APIService interface {
	Access() map[string]Access
	RegisterServiceServer(server *grpc.Server)
	RegisterServiceHandler(context.Context, *runtime.ServeMux, *grpc.ClientConn) error
}

APIService is the service interface

func Services 

func Services(serviceFuncs ...APIServiceFunc) ([]APIService, error)

Services process the given APIServiceFunc list, and returns the resulting APIService list. If any errors occur, that error is returned immediately.

type APIServiceFunc 

type APIServiceFunc func() (APIService, error)

APIServiceFunc represents a function that is capable of making a APIService.

type Access 

type Access int

Access represents a single access level, that is used when permissioning API endpoints. 

const (
	// Admin represents admin level access
	Admin Access = iota + 1

	// Authenticated represents user or service account level access.
	Authenticated

	// Anonymous represents unauthenticated access.
	Anonymous
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.