credentials

package

v1.14.0 Latest Latest Go to latest Published: Jul 31, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package credentials implements various credentials supported by gRPC library, which encapsulate all the state needed by a client to authenticate with a server and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call.

Index ¶

Variables
type AuthInfo
type ChannelzSecurityInfo
type ChannelzSecurityValue
type OtherChannelzSecurityValue
type PerRPCCredentials
type ProtocolInfo
type TLSChannelzSecurityValue
type TLSInfo
- func (t TLSInfo) AuthType() string
- func (t TLSInfo) GetChannelzSecurityValue() ChannelzSecurityValue
type TransportCredentials

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrConnDispatched = errors.New("credentials: rawConn is dispatched out of gRPC")

ErrConnDispatched indicates that rawConn has been dispatched out of gRPC and the caller should not close rawConn.

Functions ¶

This section is empty.

Types ¶

type AuthInfo ¶

type AuthInfo interface {
	AuthType() string
}

AuthInfo defines the common interface for the auth information the users are interested in.

type ChannelzSecurityInfo ¶ added in v1.14.0

type ChannelzSecurityInfo interface {
	GetSecurityValue() ChannelzSecurityValue
}

ChannelzSecurityInfo defines the interface that security protocols should implement in order to provide security info to channelz.

type ChannelzSecurityValue ¶ added in v1.14.0

type ChannelzSecurityValue interface {
	// contains filtered or unexported methods
}

ChannelzSecurityValue defines the interface that GetSecurityValue() return value should satisfy. This interface should only be satisfied by *TLSChannelzSecurityValue and *OtherChannelzSecurityValue.

type OtherChannelzSecurityValue ¶ added in v1.14.0

type OtherChannelzSecurityValue struct {
	Name  string
	Value proto.Message
}

OtherChannelzSecurityValue defines the struct that non-TLS protocol should return from GetSecurityValue(), which contains protocol specific security info. Note the Value field will be sent to users of channelz requesting channel info, and thus sensitive info should better be avoided.

type PerRPCCredentials ¶

type PerRPCCredentials interface {
	// GetRequestMetadata gets the current request metadata, refreshing
	// tokens if required. This should be called by the transport layer on
	// each request, and the data should be populated in headers or other
	// context. If a status code is returned, it will be used as the status
	// for the RPC. uri is the URI of the entry point for the request.
	// When supported by the underlying implementation, ctx can be used for
	// timeout and cancellation.
	// TODO(zhaoq): Define the set of the qualified keys instead of leaving
	// it as an arbitrary string.
	GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
	// RequireTransportSecurity indicates whether the credentials requires
	// transport security.
	RequireTransportSecurity() bool
}

PerRPCCredentials defines the common interface for the credentials which need to attach security information to every RPC (e.g., oauth2).

type ProtocolInfo ¶

type ProtocolInfo struct {
	// ProtocolVersion is the gRPC wire protocol version.
	ProtocolVersion string
	// SecurityProtocol is the security protocol in use.
	SecurityProtocol string
	// SecurityVersion is the security protocol version.
	SecurityVersion string
	// ServerName is the user-configured server name.
	ServerName string
}

ProtocolInfo provides information regarding the gRPC wire protocol version, security protocol, security protocol version in use, server name, etc.

type TLSChannelzSecurityValue ¶ added in v1.14.0

type TLSChannelzSecurityValue struct {
	StandardName      string
	LocalCertificate  []byte
	RemoteCertificate []byte
}

TLSChannelzSecurityValue defines the struct that TLS protocol should return from GetSecurityValue(), containing security info like cipher and certificate used.

type TLSInfo ¶

type TLSInfo struct {
	State tls.ConnectionState
}

TLSInfo contains the auth information for a TLS authenticated connection. It implements the AuthInfo interface.

func (TLSInfo) AuthType ¶

func (t TLSInfo) AuthType() string

AuthType returns the type of TLSInfo as a string.

func (TLSInfo) GetChannelzSecurityValue ¶ added in v1.14.0

func (t TLSInfo) GetChannelzSecurityValue() ChannelzSecurityValue

GetChannelzSecurityValue returns security info requested by channelz.

type TransportCredentials ¶

type TransportCredentials interface {
	// ClientHandshake does the authentication handshake specified by the corresponding
	// authentication protocol on rawConn for clients. It returns the authenticated
	// connection and the corresponding auth information about the connection.
	// Implementations must use the provided context to implement timely cancellation.
	// gRPC will try to reconnect if the error returned is a temporary error
	// (io.EOF, context.DeadlineExceeded or err.Temporary() == true).
	// If the returned error is a wrapper error, implementations should make sure that
	// the error implements Temporary() to have the correct retry behaviors.
	//
	// If the returned net.Conn is closed, it MUST close the net.Conn provided.
	ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error)
	// ServerHandshake does the authentication handshake for servers. It returns
	// the authenticated connection and the corresponding auth information about
	// the connection.
	//
	// If the returned net.Conn is closed, it MUST close the net.Conn provided.
	ServerHandshake(net.Conn) (net.Conn, AuthInfo, error)
	// Info provides the ProtocolInfo of this TransportCredentials.
	Info() ProtocolInfo
	// Clone makes a copy of this TransportCredentials.
	Clone() TransportCredentials
	// OverrideServerName overrides the server name used to verify the hostname on the returned certificates from the server.
	// gRPC internals also use it to override the virtual hosting name if it is set.
	// It must be called before dialing. Currently, this is only used by grpclb.
	OverrideServerName(string) error
}

TransportCredentials defines the common interface for all the live gRPC wire protocols and supported transport security protocols (e.g., TLS, SSL).

func NewClientTLSFromCert ¶

func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials

NewClientTLSFromCert constructs TLS credentials from the input certificate for client. serverNameOverride is for testing only. If set to a non empty string, it will override the virtual host name of authority (e.g. :authority header field) in requests.

func NewClientTLSFromFile ¶

func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error)

NewClientTLSFromFile constructs TLS credentials from the input certificate file for client. serverNameOverride is for testing only. If set to a non empty string, it will override the virtual host name of authority (e.g. :authority header field) in requests.

func NewServerTLSFromCert ¶

func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials

NewServerTLSFromCert constructs TLS credentials from the input certificate for server.

func NewServerTLSFromFile ¶

func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error)

NewServerTLSFromFile constructs TLS credentials from the input certificate file and key file for server.

func NewTLS ¶

func NewTLS(c *tls.Config) TransportCredentials

NewTLS uses c to construct a TransportCredentials based on TLS.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
alts Package alts implements the ALTS credential support by gRPC library, which encapsulates all the state needed by a client to authenticate with a server using ALTS and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call.	Package alts implements the ALTS credential support by gRPC library, which encapsulates all the state needed by a client to authenticate with a server using ALTS and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call.
core Package core contains common core functionality for ALTS.	Package core contains common core functionality for ALTS.
core/authinfo Package authinfo provide authentication information returned by handshakers.	Package authinfo provide authentication information returned by handshakers.
core/conn Package conn contains an implementation of a secure channel created by gRPC handshakers.	Package conn contains an implementation of a secure channel created by gRPC handshakers.
core/handshaker Package handshaker provides ALTS handshaking functionality for GCP.	Package handshaker provides ALTS handshaking functionality for GCP.
core/handshaker/service Package service manages connections between the VM application and the ALTS handshaker service.	Package service manages connections between the VM application and the ALTS handshaker service.
core/proto/grpc_gcp
core/testutil Package testutil include useful test utilities for the handshaker.	Package testutil include useful test utilities for the handshaker.
oauth Package oauth implements gRPC credentials using OAuth.	Package oauth implements gRPC credentials using OAuth.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL