Documentation
¶
Overview ¶
Package credentials implements various credentials supported by gRPC library, which encapsulate all the state needed by a client to authenticate with a server and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call.
Index ¶
- Variables
- type AuthInfo
- type PerRPCCredentials
- type ProtocolInfo
- type TLSInfo
- type TransportCredentials
- func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials
- func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error)
- func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials
- func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error)
- func NewTLS(c *tls.Config) TransportCredentials
Constants ¶
This section is empty.
Variables ¶
var ErrConnDispatched = errors.New("credentials: rawConn is dispatched out of gRPC")
ErrConnDispatched indicates that rawConn has been dispatched out of gRPC and the caller should not close rawConn.
Functions ¶
This section is empty.
Types ¶
type AuthInfo ¶
type AuthInfo interface {
AuthType() string
}
AuthInfo defines the common interface for the auth information the users are interested in.
type PerRPCCredentials ¶
type PerRPCCredentials interface {
// GetRequestMetadata gets the current request metadata, refreshing
// tokens if required. This should be called by the transport layer on
// each request, and the data should be populated in headers or other
// context. uri is the URI of the entry point for the request. When
// supported by the underlying implementation, ctx can be used for
// timeout and cancellation.
// TODO(zhaoq): Define the set of the qualified keys instead of leaving
// it as an arbitrary string.
GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
// RequireTransportSecurity indicates whether the credentials requires
// transport security.
RequireTransportSecurity() bool
}
PerRPCCredentials defines the common interface for the credentials which need to attach security information to every RPC (e.g., oauth2).
type ProtocolInfo ¶
type ProtocolInfo struct {
// ProtocolVersion is the gRPC wire protocol version.
ProtocolVersion string
// SecurityProtocol is the security protocol in use.
SecurityProtocol string
// SecurityVersion is the security protocol version.
SecurityVersion string
// ServerName is the user-configured server name.
ServerName string
}
ProtocolInfo provides information regarding the gRPC wire protocol version, security protocol, security protocol version in use, server name, etc.
type TLSInfo ¶
type TLSInfo struct {
State tls.ConnectionState
}
TLSInfo contains the auth information for a TLS authenticated connection. It implements the AuthInfo interface.
type TransportCredentials ¶
type TransportCredentials interface {
// ClientHandshake does the authentication handshake specified by the corresponding
// authentication protocol on rawConn for clients. It returns the authenticated
// connection and the corresponding auth information about the connection.
// Implementations must use the provided context to implement timely cancellation.
// gRPC will try to reconnect if the error returned is a temporary error
// (io.EOF, context.DeadlineExceeded or err.Temporary() == true).
// If the returned error is a wrapper error, implementations should make sure that
// the error implements Temporary() to have the correct retry behaviors.
//
// If the returned net.Conn is closed, it MUST close the net.Conn provided.
ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error)
// ServerHandshake does the authentication handshake for servers. It returns
// the authenticated connection and the corresponding auth information about
// the connection.
//
// If the returned net.Conn is closed, it MUST close the net.Conn provided.
ServerHandshake(net.Conn) (net.Conn, AuthInfo, error)
// Info provides the ProtocolInfo of this TransportCredentials.
Info() ProtocolInfo
// Clone makes a copy of this TransportCredentials.
Clone() TransportCredentials
// OverrideServerName overrides the server name used to verify the hostname on the returned certificates from the server.
// gRPC internals also use it to override the virtual hosting name if it is set.
// It must be called before dialing. Currently, this is only used by grpclb.
OverrideServerName(string) error
}
TransportCredentials defines the common interface for all the live gRPC wire protocols and supported transport security protocols (e.g., TLS, SSL).
func NewClientTLSFromCert ¶
func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials
NewClientTLSFromCert constructs TLS credentials from the input certificate for client. serverNameOverride is for testing only. If set to a non empty string, it will override the virtual host name of authority (e.g. :authority header field) in requests.
func NewClientTLSFromFile ¶
func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error)
NewClientTLSFromFile constructs TLS credentials from the input certificate file for client. serverNameOverride is for testing only. If set to a non empty string, it will override the virtual host name of authority (e.g. :authority header field) in requests.
func NewServerTLSFromCert ¶
func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials
NewServerTLSFromCert constructs TLS credentials from the input certificate for server.
func NewServerTLSFromFile ¶
func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error)
NewServerTLSFromFile constructs TLS credentials from the input certificate file and key file for server.
func NewTLS ¶
func NewTLS(c *tls.Config) TransportCredentials
NewTLS uses c to construct a TransportCredentials based on TLS.
Source Files
Directories