Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AllowAllChecker

type AllowAllChecker struct{}

AllowAllChecker is a simple auth checker that allows all requests.

func NewAllowAllChecker

func NewAllowAllChecker() *AllowAllChecker

NewAllowAllChecker creates a new AllowAllChecker.

func (*AllowAllChecker) Check

Check is an implementation of AuthChecker.Check that allows all check requests.

type AuthChecker

type AuthChecker interface {
	Check(authInfo credentials.AuthInfo) error
}

AuthChecker is used to check the transport auth info that is associated with each stream. If the function returns nil, then the connection will be allowed. If the function returns an error, then it will be percolated up to the gRPC stack.

Note that it is possible that this method can be called with nil authInfo. This can happen either if there is no peer info, or if the underlying gRPC stream is insecure. The implementations should be resilient in this case and apply appropriate policy.

type AuthListMode

type AuthListMode bool

AuthListMode indicates the list checking mode

const (
	// AuthBlackList indicates that the list should work as a black list
	AuthBlackList AuthListMode = false

	// AuthWhiteList indicates that the list should work as a white list
	AuthWhiteList AuthListMode = true
)

type ListAuthChecker

type ListAuthChecker struct {
	// contains filtered or unexported fields
}

ListAuthChecker implements AuthChecker function and is backed by a set of ids.

func NewListAuthChecker

func NewListAuthChecker(options *ListAuthCheckerOptions) *ListAuthChecker

NewListAuthChecker returns a new instance of ListAuthChecker

func (*ListAuthChecker) Add

func (l *ListAuthChecker) Add(id string)

Add the provided id to the list of ids.

func (*ListAuthChecker) Allowed

func (l *ListAuthChecker) Allowed(id string) bool

Allowed checks whether the given id is allowed.

func (*ListAuthChecker) Check

func (l *ListAuthChecker) Check(authInfo credentials.AuthInfo) error

func (*ListAuthChecker) Remove

func (l *ListAuthChecker) Remove(id string)

Remove the provided id from the list of ids.

func (*ListAuthChecker) Set

func (l *ListAuthChecker) Set(ids ...string)

Set new sets of ids. Previous ones are removed.

func (*ListAuthChecker) SetMode

func (l *ListAuthChecker) SetMode(mode AuthListMode)

SetMode sets the list-checking mode for this list.

func (*ListAuthChecker) String

func (l *ListAuthChecker) String() string

String is an implementation of Stringer.String.

type ListAuthCheckerOptions

type ListAuthCheckerOptions struct {
	// For the purposes of logging rate limiting authz failures, this controls how
	// many authz failures are logged in a burst every AuthzFailureLogFreq.
	AuthzFailureLogBurstSize int

	// For the purposes of logging rate limiting authz failures, this controls how
	// frequently bursts of authz failures are logged.
	AuthzFailureLogFreq time.Duration

	// AuthMode indicates the list checking mode
	AuthMode AuthListMode
}

func DefaultListAuthCheckerOptions

func DefaultListAuthCheckerOptions() *ListAuthCheckerOptions

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server implements the Mesh Configuration Protocol (MCP) gRPC server.

func New

func New(options *source.Options, authChecker AuthChecker) *Server

New creates a new gRPC server that implements the Mesh Configuration Protocol (MCP).

func (*Server) IncrementalAggregatedResources

func (s *Server) IncrementalAggregatedResources(stream mcp.AggregatedMeshConfigService_IncrementalAggregatedResourcesServer) error

IncrementalAggregatedResources implements bidirectional streaming method for incremental MCP.

func (*Server) StreamAggregatedResources

func (s *Server) StreamAggregatedResources(stream mcp.AggregatedMeshConfigService_StreamAggregatedResourcesServer) error

StreamAggregatedResources implements bidirectional streaming method for MCP.