Documentation

Overview

    Package alts implements the ALTS credential support by gRPC library, which encapsulates all the state needed by a client to authenticate with a server using ALTS and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call. This package is experimental.

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var (
    
    	// ErrUntrustedPlatform is returned from ClientHandshake and
    	// ServerHandshake is running on a platform where the trustworthiness of
    	// the handshaker service is not guaranteed.
    	ErrUntrustedPlatform = errors.New("ALTS: untrusted platform. ALTS is only supported on GCP")
    )

    Functions

    func ClientAuthorizationCheck

    func ClientAuthorizationCheck(ctx context.Context, expectedServiceAccounts []string) error

      ClientAuthorizationCheck checks whether the client is authorized to access the requested resources based on the given expected client service accounts. This API should be used by gRPC server RPC handlers. This API should not be used by clients.

      func NewClientCreds

      func NewClientCreds(opts *ClientOptions) credentials.TransportCredentials

        NewClientCreds constructs a client-side ALTS TransportCredentials object.

        func NewServerCreds

        func NewServerCreds(opts *ServerOptions) credentials.TransportCredentials

          NewServerCreds constructs a server-side ALTS TransportCredentials object.

          Types

          type AuthInfo

          type AuthInfo interface {
          	// ApplicationProtocol returns application protocol negotiated for the
          	// ALTS connection.
          	ApplicationProtocol() string
          	// RecordProtocol returns the record protocol negotiated for the ALTS
          	// connection.
          	RecordProtocol() string
          	// SecurityLevel returns the security level of the created ALTS secure
          	// channel.
          	SecurityLevel() altspb.SecurityLevel
          	// PeerServiceAccount returns the peer service account.
          	PeerServiceAccount() string
          	// LocalServiceAccount returns the local service account.
          	LocalServiceAccount() string
          	// PeerRPCVersions returns the RPC version supported by the peer.
          	PeerRPCVersions() *altspb.RpcProtocolVersions
          }

            AuthInfo exposes security information from the ALTS handshake to the application. This interface is to be implemented by ALTS. Users should not need a brand new implementation of this interface. For situations like testing, any new implementation should embed this interface. This allows ALTS to add new methods to this interface.

            func AuthInfoFromContext

            func AuthInfoFromContext(ctx context.Context) (AuthInfo, error)

              AuthInfoFromContext extracts the alts.AuthInfo object from the given context, if it exists. This API should be used by gRPC server RPC handlers to get information about the communicating peer. For client-side, use grpc.Peer() CallOption.

              func AuthInfoFromPeer

              func AuthInfoFromPeer(p *peer.Peer) (AuthInfo, error)

                AuthInfoFromPeer extracts the alts.AuthInfo object from the given peer, if it exists. This API should be used by gRPC clients after obtaining a peer object using the grpc.Peer() CallOption.

                type ClientOptions

                type ClientOptions struct {
                	// TargetServiceAccounts contains a list of expected target service
                	// accounts.
                	TargetServiceAccounts []string
                	// HandshakerServiceAddress represents the ALTS handshaker gRPC service
                	// address to connect to.
                	HandshakerServiceAddress string
                }

                  ClientOptions contains the client-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker.

                  func DefaultClientOptions

                  func DefaultClientOptions() *ClientOptions

                    DefaultClientOptions creates a new ClientOptions object with the default values.

                    type ServerOptions

                    type ServerOptions struct {
                    	// HandshakerServiceAddress represents the ALTS handshaker gRPC service
                    	// address to connect to.
                    	HandshakerServiceAddress string
                    }

                      ServerOptions contains the server-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker.

                      func DefaultServerOptions

                      func DefaultServerOptions() *ServerOptions

                        DefaultServerOptions creates a new ServerOptions object with the default values.

                        GOOS=linux, GOARCH=amd64

                        Source Files

                        Directories

                        Path Synopsis
                        Package internal contains common core functionality for ALTS.
                        Package internal contains common core functionality for ALTS.
                        authinfo
                        Package authinfo provide authentication information returned by handshakers.
                        Package authinfo provide authentication information returned by handshakers.
                        conn
                        Package conn contains an implementation of a secure channel created by gRPC handshakers.
                        Package conn contains an implementation of a secure channel created by gRPC handshakers.
                        handshaker
                        Package handshaker provides ALTS handshaking functionality for GCP.
                        Package handshaker provides ALTS handshaking functionality for GCP.
                        handshaker/service
                        Package service manages connections between the VM application and the ALTS handshaker service.
                        Package service manages connections between the VM application and the ALTS handshaker service.
                        testutil
                        Package testutil include useful test utilities for the handshaker.
                        Package testutil include useful test utilities for the handshaker.