grpc

package
v0.0.0-...-a9d0937 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2024 License: Apache-2.0 Imports: 45 Imported by: 11

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var PeerTransportCredentials credentials.TransportCredentials = &peerTransportCredentials{}

PeerTransportCredentials is a gRPC TransportCredentials implementation that can be used by a gRPC server to extract credentials from a process connecting to the server over a UNIX socket.

Functions

func BaseClientDialer 

func BaseClientDialer(ctx context.Context, target string, opts ...grpc.DialOption) (grpc.ClientConnInterface, error)

BaseClientDialer is a ClientDialer that simply calls gRPC's DialContext() function.

func NewAuthenticatingStreamInterceptor 

func NewAuthenticatingStreamInterceptor(a Authenticator) grpc.StreamServerInterceptor

NewAuthenticatingStreamInterceptor creates a gRPC request interceptor for streaming calls that passes all requests through an Authenticator. This may be used to enable authentication support on a gRPC server.

func NewAuthenticatingUnaryInterceptor 

func NewAuthenticatingUnaryInterceptor(a Authenticator) grpc.UnaryServerInterceptor

NewAuthenticatingUnaryInterceptor creates a gRPC request interceptor for unary calls that passes all requests through an Authenticator. This may be used to enable authentication support on a gRPC server.

func NewMetadataAddingStreamClientInterceptor 

func NewMetadataAddingStreamClientInterceptor(headerValues MetadataHeaderValues) grpc.StreamClientInterceptor

NewMetadataAddingStreamClientInterceptor creates a gRPC request interceptor for streaming calls that adds a set of specified header values into the outgoing metadata headers. This may, for example, be used to perform authentication.

func NewMetadataAddingUnaryClientInterceptor 

func NewMetadataAddingUnaryClientInterceptor(headerValues MetadataHeaderValues) grpc.UnaryClientInterceptor

NewMetadataAddingUnaryClientInterceptor creates a gRPC request interceptor for unary calls that adds a set of specified header values into the outgoing metadata headers. This may, for example, be used to perform authentication.

func NewMetadataExtractingAndForwardingStreamClientInterceptor 

func NewMetadataExtractingAndForwardingStreamClientInterceptor(metadataExtractor MetadataExtractor) grpc.StreamClientInterceptor

NewMetadataExtractingAndForwardingStreamClientInterceptor creates a gRPC request interceptor for streaming calls that adds headers into the outgoing metadata headers based on examining the context.

func NewMetadataExtractingAndForwardingUnaryClientInterceptor 

func NewMetadataExtractingAndForwardingUnaryClientInterceptor(metadataExtractor MetadataExtractor) grpc.UnaryClientInterceptor

NewMetadataExtractingAndForwardingUnaryClientInterceptor creates a gRPC request interceptor for unary calls that adds headers into the outgoing metadata headers based on examining the context.

func NewServersFromConfigurationAndServe 

func NewServersFromConfigurationAndServe(configurations []*configuration.ServerConfiguration, registrationFunc func(grpc.ServiceRegistrar), group program.Group) error

NewServersFromConfigurationAndServe creates a series of gRPC servers based on a configuration stored in a list of Protobuf messages. It then lets all of these gRPC servers listen on the network addresses of UNIX socket paths provided.

func RequestMetadataTracingStreamInterceptor 

func RequestMetadataTracingStreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

RequestMetadataTracingStreamInterceptor is a gRPC streaming server interceptor that adds additional information about the RPC from the REv2 RequestMetadata into the current trace span.

func RequestMetadataTracingUnaryInterceptor 

func RequestMetadataTracingUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)

RequestMetadataTracingUnaryInterceptor is a gRPC unary server interceptor that adds additional information about the RPC from the REv2 RequestMetadata into the current trace span.

Types

type Authenticator 

type Authenticator interface {
	Authenticate(ctx context.Context) (*auth.AuthenticationMetadata, error)
}

Authenticator can be used to grant or deny access to a gRPC server. Implementations may grant access based on TLS connection state, provided headers, source IP address ranges, etc. etc. etc.

func NewAllAuthenticator 

func NewAllAuthenticator(authenticators []Authenticator) Authenticator

NewAllAuthenticator wraps a series of Authenticators into a single instance.

Allows incoming requests if all the authentication policies allows it.

The authentication metadata is merged, first to last. So if this was configured with two authenticators, one which returned metadata: 

{
    "public": {
        "first_name": "kermit",
        "middle_name": "the"
    }
}

And the second returned metadata: 

{
    "public": {
        "first_name": "robin",
        "last_name": "frog"
    }
}

This authenticator would return the metadata: 

{
    "public": {
        "first_name": "robin",
        "middle_name": "the",
        "last_name": "frog"
    }
}

func NewAllowAuthenticator 

func NewAllowAuthenticator(metadata *auth.AuthenticationMetadata) Authenticator

NewAllowAuthenticator creates an implementation of Authenticator that simply always returns success. This implementation can be used in case a gRPC server needs to be started that does not perform any authentication (e.g., one listening on a UNIX socket with restricted file permissions).

func NewAnyAuthenticator 

func NewAnyAuthenticator(authenticators []Authenticator) Authenticator

NewAnyAuthenticator wraps a series of Authenticators into a single instance. Access is granted only when one or more backing Authenticators permit access, similar to Python's any() function.

func NewAuthenticatorFromConfiguration 

func NewAuthenticatorFromConfiguration(policy *configuration.AuthenticationPolicy, group program.Group) (Authenticator, bool, error)

NewAuthenticatorFromConfiguration creates a tree of Authenticator objects based on a configuration file.

func NewDenyAuthenticator 

func NewDenyAuthenticator(message string) Authenticator

NewDenyAuthenticator creates an Authenticator that always returns an UNAUTHENTICATED error with a fixed error message string. This implementation can be used in case a gRPC server needs to be administratively disabled without shutting it down entirely.

func NewJWTAuthenticator 

func NewJWTAuthenticator(authorizationHeaderParser *jwt.AuthorizationHeaderParser) Authenticator

NewJWTAuthenticator creates an authenticator for incoming gRPC requests that validates requests that contain an "Authorization" of shape "Bearer ${jwt}", where ${jwt} is a valid JSON Web Token.

func NewPeerCredentialsAuthenticator 

func NewPeerCredentialsAuthenticator(metadataExtractor *jmespath.JMESPath) Authenticator

NewPeerCredentialsAuthenticator creates an Authenticator that only grants access in case the client connected to the gRPC server over a UNIX socket. The credentials (user ID, group memberships) of the client may be added to the authentication metadata.

func NewTLSClientCertificateAuthenticator 

func NewTLSClientCertificateAuthenticator(clientCAs *x509.CertPool, clock clock.Clock, validator, metadataExtractor *jmespath.JMESPath) Authenticator

NewTLSClientCertificateAuthenticator creates an Authenticator that only grants access in case the client connected to the gRPC server using a TLS client certificate that can be validated against the chain of CAs used by the server.

type ClientDialer 

type ClientDialer func(ctx context.Context, target string, opts ...grpc.DialOption) (grpc.ClientConnInterface, error)

ClientDialer is a function type that corresponds with the prototype of grpc.DialContext(). It can be used to override the dialer function that is invoked by BaseClientFactory.

While grpc.DialContext() returns a *grpc.ClientConn, this function type returns grpc.ClientConnInterface to make it possible to wrap gRPC client connections.

func NewLazyClientDialer 

func NewLazyClientDialer(dialer ClientDialer) ClientDialer

NewLazyClientDialer creates a gRPC ClientDialer that forwards calls to an underlying implementation. Instead of creating a gRPC client connection immediately, the creation is delayed until the first RPC is invoked.

The purpose of this decorator is to ensure that gRPC client connections are only opened if we actually use it to send RPCs. Doing this is especially important for users of DemultiplexingBlobAccess and DemultiplexingBuildQueue, as it's often the case that one or more backends are never used.

In an ideal world, a feature like this would be part of gRPC itself, together with the ability to automatically hang up connections if unused for a prolonged amount of time.

type ClientFactory 

type ClientFactory interface {
	NewClientFromConfiguration(configuration *configuration.ClientConfiguration) (grpc.ClientConnInterface, error)
}

ClientFactory can be used to construct gRPC clients based on options specified in a configuration message.

func NewBaseClientFactory 

func NewBaseClientFactory(dialer ClientDialer, unaryInterceptors []grpc.UnaryClientInterceptor, streamInterceptors []grpc.StreamClientInterceptor) ClientFactory

NewBaseClientFactory creates factory for gRPC clients that calls into ClientDialer to construct the actual client.

func NewDeduplicatingClientFactory 

func NewDeduplicatingClientFactory(base ClientFactory) ClientFactory

NewDeduplicatingClientFactory creates a decorator for ClientFactory that deduplicates requests for creating gRPC clients. This means that clients for identical endpoints, having identical TLS settings, etc. will not cause multiple connections to be established.

type MetadataExtractor 

type MetadataExtractor func(context.Context) (MetadataHeaderValues, error)

MetadataExtractor is a function which extracts metadata values from a context.

func NewJMESPathMetadataExtractor 

func NewJMESPathMetadataExtractor(expression *jmespath.JMESPath) (MetadataExtractor, error)

NewJMESPathMetadataExtractor creates a MetadataExtractor by evaluating a JMESPath expression. The expression is expected to return a map[string][]string with all keys lower-case, and will populate a header per key.

The JMESPath expression is called against a JSON object with the following structure: 

{
    "authenticationMetadata": value,
    "incomingGRPCMetadata": map<string, repeated string>
}

type MetadataForwardingAndReusingInterceptor 

type MetadataForwardingAndReusingInterceptor struct {
	// contains filtered or unexported fields
}

MetadataForwardingAndReusingInterceptor is a gRPC interceptor that extracts a set of incoming metadata headers from the calling context and copies them to the outgoing metadata headers.

In addition to that, these headers are preserved and are attached to future calls that don't provide these headers. This option is useful when bb_storage is used as a personal proxy, where clients (e.g., Bazel) can be used to inject credentials into bb_storage.

func NewMetadataForwardingAndReusingInterceptor 

func NewMetadataForwardingAndReusingInterceptor(headers []string) *MetadataForwardingAndReusingInterceptor

NewMetadataForwardingAndReusingInterceptor creates a MetadataForwardingAndReusingInterceptor that forwards a provided set of headers.

func (*MetadataForwardingAndReusingInterceptor) InterceptStreamClient 

func (i *MetadataForwardingAndReusingInterceptor) InterceptStreamClient(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error)

InterceptStreamClient can be used as an interceptor for streaming client gRPC calls.

func (*MetadataForwardingAndReusingInterceptor) InterceptUnaryClient 

func (i *MetadataForwardingAndReusingInterceptor) InterceptUnaryClient(ctx context.Context, method string, req, resp interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error

InterceptUnaryClient can be used as an interceptor for unary client gRPC calls.

type MetadataHeaderValues 

type MetadataHeaderValues []string

MetadataHeaderValues is a utility type for generating pairs of header names and values that need to be provided to metadata.AppendToOutgoingContext().

func (*MetadataHeaderValues) Add 

func (hv *MetadataHeaderValues) Add(header string, values []string)

Add one or more values for a given header name.

type PeerAuthInfo 

type PeerAuthInfo struct {
	UID    uint32
	Groups []uint32
}

PeerAuthInfo contains peer credentials that were extracted by PeerTransportCredentials upon establishing a connection with the client over a UNIX socket.

This structure is essentially an operating system independent version of struct ucred (Linux) and struct xucred (BSD).

func (PeerAuthInfo) AuthType 

func (PeerAuthInfo) AuthType() string

AuthType returns a shorthand name for the type of credentials stored in this struct.

type ProtoTraceAttributesExtractor 

type ProtoTraceAttributesExtractor struct {
	// contains filtered or unexported fields
}

ProtoTraceAttributesExtractor is a gRPC client and server interceptor that can be used to attach attributes to the trace spans created by the OpenTelemetry gRPC interceptors ("otelgrpc"), whose values are based on RPC request and response payloads.

func NewProtoTraceAttributesExtractor 

func NewProtoTraceAttributesExtractor(configuration map[string]*configuration.TracingMethodConfiguration, errorLogger util.ErrorLogger) *ProtoTraceAttributesExtractor

NewProtoTraceAttributesExtractor creates a new ProtoTraceAttributesExtractor that captures fields from request and response payloads for the RPCs that are provided in the configuration.

func (*ProtoTraceAttributesExtractor) InterceptStreamClient 

func (pe *ProtoTraceAttributesExtractor) InterceptStreamClient(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error)

InterceptStreamClient is a gRPC stream client interceptor that attaches attributes to trace spans created by the OpenTelemetry gRPC stream client interceptor.

func (*ProtoTraceAttributesExtractor) InterceptStreamServer 

func (pe *ProtoTraceAttributesExtractor) InterceptStreamServer(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

InterceptStreamServer is a gRPC stream server interceptor that attaches attributes to trace spans created by the OpenTelemetry gRPC stream server interceptor.

func (*ProtoTraceAttributesExtractor) InterceptUnaryClient 

func (pe *ProtoTraceAttributesExtractor) InterceptUnaryClient(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error

InterceptUnaryClient is a gRPC unary client interceptor that attaches attributes to trace spans created by the OpenTelemetry gRPC unary client interceptor.

func (*ProtoTraceAttributesExtractor) InterceptUnaryServer 

func (pe *ProtoTraceAttributesExtractor) InterceptUnaryServer(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)

InterceptUnaryServer is a gRPC unary server interceptor that attaches attributes to trace spans created by the OpenTelemetry gRPC unary server interceptor.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.