Back to / cmd / grail-access

Command grail-access

Latest Go to latest
Published: Jun 24, 2020 | License: Apache-2.0 | Module:


Command grail-access creates Vanadium credentials (also called principals) using either Google ID tokens (the default) or the AWS IAM role attached to an EC2 instance (requested using the '-ec2' flag).

For the Google-based auth the user will be prompted to go through an OAuth flow that requires minimal permissions (only 'Know who you are on Google') and obtains an ID token scoped to the clientID expected by the server. The ID token is presented to the server via a Vanadium RPC. For a '' email address the server will hand to the client a '[server]' blessing where '[server]' is the blessing of the server.

For the EC2-based auth an instance with ID 'i-0aec7b085f8432699' in the account number '619867110810' using the 'adhoc' role the server will hand to the client a '[server]:ec2:619867110810:role:adhoc:i-0aec7b085f8432699' blessing where 'server' is the blessing of the server.


grail-access [flags]

The grail-access flags are:

  Blesser to talk to for the EC2-based flow.
  Blesser to talk to for the Google-based flow.
  Attempt to open a browser.
  Where to store the Vanadium credentials. NOTE: the content will be erased if
  the credentials are regenerated.
  Use the role of the EC2 VM.

The global flags are:

  log to standard error as well as files
  filename prefix for block profiles
  rate for runtime. SetBlockProfileRate
  filename for cpu profile
  filename prefix for heap profiles
  when logging hits line file:N, emit a stack trace
  if non-empty, write log files to this directory
  log to standard error instead of files
  max size in bytes of the buffer to use for logging stack traces
-metadata=<just specify -metadata to activate>
  Displays metadata for the program and exits.
  filename prefix for mutex profiles
  rate for runtime.SetMutexProfileFraction
  address for pprof server
  If >0, output new profiles at this interval (seconds). If <=0, profiles are
  written only when Write() is called
  logs at or above this threshold go to stderr
  filename prefix for thread create profiles
  Dump timing information to stderr before exiting the program.
  log level for V logs
  directory to use for storing security credentials
  18n catalogue files to load, comma separated
  local namespace root; can be repeated to provided multiple roots
  specify a perms file as <name>:<permsfile>
  explicitly specify the runtime perms as a JSON-encoded access.Permissions.
  Overrides all --v23.permissions.file flags.
  object name of proxy service to use to export services across network
  address to listen on
  protocol to listen with
  The number of vtrace traces to store in memory.
  Spans and annotations that match this regular expression will trigger trace
  If true, dump all stored traces on runtime shutdown.
  Rate (from 0.0 to 1.0) to sample vtrace traces.
  The verbosity level of the log messages to be captured in traces
  comma-separated list of globpattern=N settings for filename-filtered logging
  (without the .go suffix).  E.g. foo/bar/baz.go is matched by patterns baz or
  *az or b* but not by bar/baz or baz.go or az or b.*
  comma-separated list of regexppattern=N settings for file pathname-filtered
  logging (without the .go suffix).  E.g. foo/bar/baz.go is matched by patterns
  foo/bar/baz or fo.*az or oo/ba or b.z but not by foo/bar/baz.go or fo*az

The following enables go generate to generate the doc.go file. go:generate go run "--build-cmd=go install" --copyright-notice= . -help

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier