Documentation ¶
Index ¶
- Variables
- func AuthenticateFunc(tokenManager jwt.Manager) grpc_auth.AuthFunc
- func AuthenticationUnaryServerInterceptor(interceptor grpc.UnaryServerInterceptor) grpc.UnaryServerInterceptor
- func AuthorizationStreamServerInterceptor(authorizationFunc AuthzFunc) grpc.StreamServerInterceptor
- func AuthorizationUnaryServerInterceptor(authorizationFunc AuthzFunc) grpc.UnaryServerInterceptor
- type AuthzFunc
- type Parser
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ResourcesAndActionsByMethod maps the resource kind and action for each // gRPC method available in the proto API. ResourcesAndActionsByMethod = map[string][]string{ "/authz.Api/PolicyCreate": {"authz.policies", "create"}, "/authz.Api/PolicyDelete": {"authz.policies", "delete"}, "/authz.Api/PolicyGet": {"authz.policies", "get"}, "/authz.Api/PolicyUpdate": {"authz.policies", "update"}, "/authz.Api/PrincipalCreate": {"authz.principals", "create"}, "/authz.Api/PrincipalDelete": {"authz.principals", "delete"}, "/authz.Api/PrincipalGet": {"authz.principals", "get"}, "/authz.Api/PrincipalUpdate": {"authz.principals", "update"}, "/authz.Api/ResourceCreate": {"authz.resources", "create"}, "/authz.Api/ResourceDelete": {"authz.resources", "delete"}, "/authz.Api/ResourceGet": {"authz.resources", "get"}, "/authz.Api/ResourceUpdate": {"authz.resources", "update"}, "/authz.Api/RoleCreate": {"authz.roles", "create"}, "/authz.Api/RoleDelete": {"authz.roles", "delete"}, "/authz.Api/RoleGet": {"authz.roles", "get"}, "/authz.Api/RoleUpdate": {"authz.roles", "update"}, } // RetrieveResourceValueByMethod maps the request object for each gRPC method // that needs a resource value (identifier). RetrieveResourceValueByMethod = map[string]string{ "/authz.Api/PolicyDelete": "PolicyDeleteRequest", "/authz.Api/PolicyGet": "PolicyGetRequest", "/authz.Api/PolicyUpdate": "PolicyUpdateRequest", "/authz.Api/PrincipalDelete": "PrincipalDeleteRequest", "/authz.Api/PrincipalGet": "PrincipalGetRequest", "/authz.Api/PrincipalUpdate": "PrincipalUpdateRequest", "/authz.Api/ResourceDelete": "ResourceDeleteRequest", "/authz.Api/ResourceGet": "ResourceGetRequest", "/authz.Api/ResourceUpdate": "ResourceUpdateRequest", "/authz.Api/RoleDelete": "RoleDeleteRequest", "/authz.Api/RoleGet": "RoleGetRequest", "/authz.Api/RoleUpdate": "RoleUpdateRequest", } )
View Source
var (
// ClaimsKey is the context key used for storing claims.
ClaimsKey contextKey = "claims"
)
View Source
var ( // UnauthenticatedMethods specify gRPC methods that should not be authenticated. // This means they can be call publicly. UnauthenticatedMethods = []string{ "/authz.Api/Authenticate", "/authz.Api/Check", } )
Functions ¶
func AuthenticateFunc ¶
AuthenticateFunc is the authentication function used to parse JWT token and retrieve user claims.
func AuthenticationUnaryServerInterceptor ¶
func AuthenticationUnaryServerInterceptor(interceptor grpc.UnaryServerInterceptor) grpc.UnaryServerInterceptor
AuthenticationUnaryServerInterceptor returns a new unary server interceptors that performs per-request auth.
func AuthorizationStreamServerInterceptor ¶
func AuthorizationStreamServerInterceptor(authorizationFunc AuthzFunc) grpc.StreamServerInterceptor
AuthorizationStreamServerInterceptor checks if current user is allowed to do stream method calls.
func AuthorizationUnaryServerInterceptor ¶
func AuthorizationUnaryServerInterceptor(authorizationFunc AuthzFunc) grpc.UnaryServerInterceptor
AuthorizationUnaryServerInterceptor checks if current user is allowed to do method calls.
Types ¶
Click to show internal directories.
Click to hide internal directories.