grpc: google.golang.org/grpc/credentials Index | Files | Directories

package credentials

import "google.golang.org/grpc/credentials"

Package credentials implements various credentials supported by gRPC library, which encapsulate all the state needed by a client to authenticate with a server and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call.

Index

Package Files

credentials.go credentials_util_go17.go

Variables

var (
    // ErrConnDispatched indicates that rawConn has been dispatched out of gRPC
    // and the caller should not close rawConn.
    ErrConnDispatched = errors.New("credentials: rawConn is dispatched out of gRPC")
)

type AuthInfo Uses

type AuthInfo interface {
    AuthType() string
}

AuthInfo defines the common interface for the auth information the users are interested in.

type PerRPCCredentials Uses

type PerRPCCredentials interface {
    // GetRequestMetadata gets the current request metadata, refreshing
    // tokens if required. This should be called by the transport layer on
    // each request, and the data should be populated in headers or other
    // context. uri is the URI of the entry point for the request. When
    // supported by the underlying implementation, ctx can be used for
    // timeout and cancellation.
    // TODO(zhaoq): Define the set of the qualified keys instead of leaving
    // it as an arbitrary string.
    GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
    // RequireTransportSecurity indicates whether the credentials requires
    // transport security.
    RequireTransportSecurity() bool
}

PerRPCCredentials defines the common interface for the credentials which need to attach security information to every RPC (e.g., oauth2).

type ProtocolInfo Uses

type ProtocolInfo struct {
    // ProtocolVersion is the gRPC wire protocol version.
    ProtocolVersion string
    // SecurityProtocol is the security protocol in use.
    SecurityProtocol string
    // SecurityVersion is the security protocol version.
    SecurityVersion string
    // ServerName is the user-configured server name.
    ServerName string
}

ProtocolInfo provides information regarding the gRPC wire protocol version, security protocol, security protocol version in use, server name, etc.

type TLSInfo Uses

type TLSInfo struct {
    State tls.ConnectionState
}

TLSInfo contains the auth information for a TLS authenticated connection. It implements the AuthInfo interface.

func (TLSInfo) AuthType Uses

func (t TLSInfo) AuthType() string

AuthType returns the type of TLSInfo as a string.

type TransportCredentials Uses

type TransportCredentials interface {
    // ClientHandshake does the authentication handshake specified by the corresponding
    // authentication protocol on rawConn for clients. It returns the authenticated
    // connection and the corresponding auth information about the connection.
    // Implementations must use the provided context to implement timely cancellation.
    // gRPC will try to reconnect if the error returned is a temporary error
    // (io.EOF, context.DeadlineExceeded or err.Temporary() == true).
    // If the returned error is a wrapper error, implementations should make sure that
    // the error implements Temporary() to have the correct retry behaviors.
    ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error)
    // ServerHandshake does the authentication handshake for servers. It returns
    // the authenticated connection and the corresponding auth information about
    // the connection.
    ServerHandshake(net.Conn) (net.Conn, AuthInfo, error)
    // Info provides the ProtocolInfo of this TransportCredentials.
    Info() ProtocolInfo
    // Clone makes a copy of this TransportCredentials.
    Clone() TransportCredentials
    // OverrideServerName overrides the server name used to verify the hostname on the returned certificates from the server.
    // gRPC internals also use it to override the virtual hosting name if it is set.
    // It must be called before dialing. Currently, this is only used by grpclb.
    OverrideServerName(string) error
}

TransportCredentials defines the common interface for all the live gRPC wire protocols and supported transport security protocols (e.g., TLS, SSL).

func NewClientTLSFromCert Uses

func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials

NewClientTLSFromCert constructs a TLS from the input certificate for client. serverNameOverride is for testing only. If set to a non empty string, it will override the virtual host name of authority (e.g. :authority header field) in requests.

func NewClientTLSFromFile Uses

func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error)

NewClientTLSFromFile constructs a TLS from the input certificate file for client. serverNameOverride is for testing only. If set to a non empty string, it will override the virtual host name of authority (e.g. :authority header field) in requests.

func NewServerTLSFromCert Uses

func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials

NewServerTLSFromCert constructs a TLS from the input certificate for server.

func NewServerTLSFromFile Uses

func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error)

NewServerTLSFromFile constructs a TLS from the input certificate file and key file for server.

func NewTLS Uses

func NewTLS(c *tls.Config) TransportCredentials

NewTLS uses c to construct a TransportCredentials based on TLS.

Directories

PathSynopsis
oauthPackage oauth implements gRPC credentials using OAuth.

Package credentials imports 8 packages (graph) and is imported by 282 packages. Updated 2017-03-28. Refresh now. Tools for package owners.