Documentation ¶
Index ¶
- Constants
- Variables
- func StreamInterceptor(client pb.AuthzClient) grpc.StreamServerInterceptor
- func UnaryInterceptor(client pb.AuthzClient) grpc.UnaryServerInterceptor
- func WithCSR(csr *pb.CSR) cfg.Option[Config]
- func WithChallengeExpiry(dur time.Duration) cfg.Option[Config]
- func WithDurMonth(months int) cfg.Option[Config]
- func WithLogHandler(handler slog.Handler) cfg.Option[Config]
- func WithLogger(logger *slog.Logger) cfg.Option[Config]
- func WithMetrics(m Metrics) cfg.Option[Config]
- func WithTokenExpiry(dur time.Duration) cfg.Option[Config]
- func WithTracer(tracer trace.Tracer) cfg.Option[Config]
- type Authz
- func (a *Authz) CreateCertificate(ctx context.Context, req *pb.CertificateRequest) (*pb.CertificateResponse, error)
- func (a *Authz) DeleteCertificate(ctx context.Context, req *pb.CertificateDeletionRequest) (*pb.CertificateDeletionResponse, error)
- func (a *Authz) DeleteService(ctx context.Context, req *pb.DeletionRequest) (*pb.DeletionResponse, error)
- func (a *Authz) ListCertificates(ctx context.Context, req *pb.CertificateRequest) (*pb.ListCertificatesResponse, error)
- func (a *Authz) Login(ctx context.Context, req *pb.LoginRequest) (*pb.LoginResponse, error)
- func (a *Authz) RegisterService(ctx context.Context, req *pb.CertificateRequest) (*pb.CertificateResponse, error)
- func (a *Authz) RootCertificate(ctx context.Context, _ *pb.RootCertificateRequest) (*pb.RootCertificateResponse, error)
- func (a *Authz) Shutdown(ctx context.Context) error
- func (a *Authz) SignUp(ctx context.Context, req *pb.SignUpRequest) (*pb.SignUpResponse, error)
- func (a *Authz) Token(ctx context.Context, req *pb.TokenRequest) (*pb.TokenResponse, error)
- func (a *Authz) VerifyCertificate(ctx context.Context, req *pb.VerificationRequest) (*pb.VerificationResponse, error)
- func (a *Authz) VerifyToken(ctx context.Context, req *pb.AuthRequest) (*pb.AuthResponse, error)
- type Config
- type Metrics
- type Randomizer
- type ServiceRepository
- type TokensRepository
Constants ¶
View Source
const ( ErrNil = errs.Kind("nil") ErrInvalid = errs.Kind("invalid") ErrExpired = errs.Kind("expired") ErrEmpty = errs.Kind("empty") ErrCAAddress = errs.Entity("CA address") ErrPublicKey = errs.Entity("public key") ErrIDPublicKey = errs.Entity("ID public key") ErrPrivateKey = errs.Entity("private key") ErrServiceCertificate = errs.Entity("service certificate") ErrIDCertificate = errs.Entity("ID certificate") ErrServicesRepo = errs.Entity("services repository") ErrTokensRepo = errs.Entity("tokens repository") ErrChallenge = errs.Entity("challenge") ErrToken = errs.Entity("token") )
View Source
const (
ContextKey contextKey = "authz"
)
Variables ¶
View Source
var ( ErrEmptyCAAddress = errs.WithDomain(errDomain, ErrEmpty, ErrCAAddress) ErrNilServicesRepository = errs.WithDomain(errDomain, ErrNil, ErrServicesRepo) ErrNilTokensRepository = errs.WithDomain(errDomain, ErrNil, ErrTokensRepo) ErrNilPrivateKey = errs.WithDomain(errDomain, ErrNil, ErrPrivateKey) ErrInvalidPublicKey = errs.WithDomain(errDomain, ErrInvalid, ErrPublicKey) ErrInvalidServiceCertificate = errs.WithDomain(errDomain, ErrInvalid, ErrServiceCertificate) ErrInvalidIDPublicKey = errs.WithDomain(errDomain, ErrInvalid, ErrIDPublicKey) ErrInvalidIDCertificate = errs.WithDomain(errDomain, ErrInvalid, ErrIDCertificate) ErrInvalidChallenge = errs.WithDomain(errDomain, ErrInvalid, ErrChallenge) ErrExpiredToken = errs.WithDomain(errDomain, ErrExpired, ErrToken) )
View Source
var (
ErrEmptyHeaders = errors.New("empty headers")
)
Functions ¶
func StreamInterceptor ¶
func StreamInterceptor(client pb.AuthzClient) grpc.StreamServerInterceptor
func UnaryInterceptor ¶
func UnaryInterceptor(client pb.AuthzClient) grpc.UnaryServerInterceptor
Types ¶
type Authz ¶
type Authz struct { pb.UnimplementedAuthzServer pb.UnimplementedCertificateAuthorityServer // contains filtered or unexported fields }
func NewAuthz ¶
func NewAuthz( name, caAddress string, privateKey *ecdsa.PrivateKey, services ServiceRepository, tokens TokensRepository, random Randomizer, opts ...cfg.Option[Config], ) (*Authz, error)
func (*Authz) CreateCertificate ¶
func (a *Authz) CreateCertificate(ctx context.Context, req *pb.CertificateRequest) (*pb.CertificateResponse, error)
func (*Authz) DeleteCertificate ¶
func (a *Authz) DeleteCertificate(ctx context.Context, req *pb.CertificateDeletionRequest) (*pb.CertificateDeletionResponse, error)
func (*Authz) DeleteService ¶
func (a *Authz) DeleteService(ctx context.Context, req *pb.DeletionRequest) (*pb.DeletionResponse, error)
func (*Authz) ListCertificates ¶
func (a *Authz) ListCertificates(ctx context.Context, req *pb.CertificateRequest) (*pb.ListCertificatesResponse, error)
func (*Authz) Login ¶
func (a *Authz) Login(ctx context.Context, req *pb.LoginRequest) (*pb.LoginResponse, error)
func (*Authz) RegisterService ¶
func (a *Authz) RegisterService(ctx context.Context, req *pb.CertificateRequest) (*pb.CertificateResponse, error)
func (*Authz) RootCertificate ¶
func (a *Authz) RootCertificate(ctx context.Context, _ *pb.RootCertificateRequest) (*pb.RootCertificateResponse, error)
func (*Authz) SignUp ¶
func (a *Authz) SignUp(ctx context.Context, req *pb.SignUpRequest) (*pb.SignUpResponse, error)
func (*Authz) Token ¶
func (a *Authz) Token(ctx context.Context, req *pb.TokenRequest) (*pb.TokenResponse, error)
func (*Authz) VerifyCertificate ¶
func (a *Authz) VerifyCertificate(ctx context.Context, req *pb.VerificationRequest) (*pb.VerificationResponse, error)
func (*Authz) VerifyToken ¶
func (a *Authz) VerifyToken(ctx context.Context, req *pb.AuthRequest) (*pb.AuthResponse, error)
type Metrics ¶
type Metrics interface { // Authz metrics IncServiceLoginRequests(service string) IncServiceLoginFailed(service string) ObserveServiceLoginLatency(ctx context.Context, service string, duration time.Duration) IncServiceTokenRequests(service string) IncServiceTokenFailed(service string) ObserveServiceTokenLatency(ctx context.Context, service string, duration time.Duration) IncServiceTokenVerifications(service string) IncServiceTokenVerificationFailed(service string) ObserveServiceTokenVerificationLatency(ctx context.Context, service string, duration time.Duration) // CA metrics IncServiceRegistries() IncServiceRegistryFailed() ObserveServiceRegistryLatency(ctx context.Context, duration time.Duration) IncServiceDeletions() IncServiceDeletionFailed() ObserveServiceDeletionLatency(ctx context.Context, duration time.Duration) IncCertificatesCreated(service string) IncCertificatesCreateFailed(service string) ObserveCertificatesCreateLatency(ctx context.Context, service string, duration time.Duration) IncCertificatesListed(service string) IncCertificatesListFailed(service string) ObserveCertificatesListLatency(ctx context.Context, service string, duration time.Duration) IncCertificatesDeleted(service string) IncCertificatesDeleteFailed(service string) ObserveCertificatesDeleteLatency(ctx context.Context, service string, duration time.Duration) IncCertificatesVerified(service string) IncCertificateVerificationFailed(service string) ObserveCertificateVerificationLatency(ctx context.Context, service string, duration time.Duration) IncRootCertificateRequests() IncRootCertificateRequestFailed() ObserveRootCertificateRequestLatency(ctx context.Context, duration time.Duration) RegisterCollector(collector prometheus.Collector) }
type Randomizer ¶
type ServiceRepository ¶
type ServiceRepository interface { GetService(ctx context.Context, service string) (pubKey []byte, err error) CreateService(ctx context.Context, service string, pubKey []byte) (err error) DeleteService(ctx context.Context, service string) error ListCertificates(ctx context.Context, service string) (certs []*pb.CertificateResponse, err error) CreateCertificate(ctx context.Context, service string, cert []byte, expiry time.Time) error DeleteCertificate(ctx context.Context, service string, cert []byte) error Shutdown(ctx context.Context) error }
type TokensRepository ¶
type TokensRepository interface { CreateChallenge(ctx context.Context, service string, challenge []byte, expiry time.Time) error ListChallenges(ctx context.Context, service string) (challenges []*pb.LoginResponse, err error) DeleteChallenge(ctx context.Context, service string, challenge []byte) error CreateToken(ctx context.Context, service string, token []byte, expiry time.Time) error ListTokens(ctx context.Context, service string) (tokens []*pb.TokenResponse, err error) DeleteToken(ctx context.Context, service string, token []byte) error Shutdown(ctx context.Context) error }
Click to show internal directories.
Click to hide internal directories.