Documentation
¶
Index ¶
- Variables
- type BakeRequest
- type InterceptorChain
- func (r *InterceptorChain) AddMacaroonService(svc *macaroons.Service)
- func (r *InterceptorChain) AddPermission(method string, ops []bakery.Op) error
- func (r *InterceptorChain) CreateServerOpts(opts *InterceptorsOpts) []grpc.ServerOption
- func (r *InterceptorChain) MacaroonService() *macaroons.Service
- func (r *InterceptorChain) MacaroonStreamServerInterceptor() grpc.StreamServerInterceptor
- func (r *InterceptorChain) MacaroonUnaryServerInterceptor() grpc.UnaryServerInterceptor
- func (r *InterceptorChain) Permissions() map[string][]bakery.Op
- func (r *InterceptorChain) SetRPCActive()
- func (r *InterceptorChain) SetServerActive()
- func (r *InterceptorChain) Start() error
- func (r *InterceptorChain) Stop() error
- type InterceptorsOpts
- type MacBaker
- type MacBakerConfig
- type MacaroonBaker
- type Permission
Constants ¶
This section is empty.
Variables ¶
var ( // ErrWaitingToStart is returned if LND is still waiting to start, // possibly blocked until elected as the leader. ErrWaitingToStart = fmt.Errorf("waiting to start, RPC services not " + "available") // ErrRPCStarting is returned if the wallet has been unlocked but the // RPC server is not yet ready to accept calls. ErrRPCStarting = fmt.Errorf("the RPC server is in the process of " + "starting up, but not yet ready to accept calls") )
Functions ¶
This section is empty.
Types ¶
type BakeRequest ¶ added in v0.8.0
type BakeRequest struct {
// Permissions is the list of permissions for the baked macaroon.
Permissions []Permission
// RootKeyID is the root key identifier used for baking.
RootKeyID uint64
// AllowExternalPermissions allows permissions that are not in the
// registered permission map.
AllowExternalPermissions bool
}
BakeRequest contains the permissions and options for a new macaroon.
type InterceptorChain ¶
InterceptorChain is a struct that can be added to the running GRPC server, intercepting API calls. This is useful for logging, enforcing permissions, supporting middleware etc. The following diagram shows the order of each interceptor in the chain and when exactly requests/responses are intercepted and forwarded to external middleware for approval/modification. Middleware in general can only intercept gRPC requests/responses that are sent by the client with a macaroon that contains a custom caveat that is supported by one of the registered middlewares.
|
| gRPC request from client
|
+---v--------------------------------+
| InterceptorChain |
+-+----------------------------------+
| Log Interceptor |
+----------------------------------+
| RPC State Interceptor |
+----------------------------------+
| Macaroon Interceptor |
+----------------------------------+
| Prometheus Interceptor |
+-+--------------------------------+
| validated gRPC request from client
+---v--------------------------------+
| main gRPC server |
+---+--------------------------------+
|
| original gRPC request to client
|
v
func NewInterceptorChain ¶
func NewInterceptorChain(log btclog.Logger, noMacaroons bool, mandatoryMiddleware []string, macaroonWhitelist map[string]struct{}) *InterceptorChain
NewInterceptorChain creates a new InterceptorChain.
func (*InterceptorChain) AddMacaroonService ¶
func (r *InterceptorChain) AddMacaroonService(svc *macaroons.Service)
AddMacaroonService adds a macaroon service to the interceptor. After this is done every RPC call made will have to pass a valid macaroon to be accepted.
func (*InterceptorChain) AddPermission ¶
func (r *InterceptorChain) AddPermission(method string, ops []bakery.Op) error
AddPermission adds a new macaroon rule for the given method.
func (*InterceptorChain) CreateServerOpts ¶
func (r *InterceptorChain) CreateServerOpts( opts *InterceptorsOpts) []grpc.ServerOption
CreateServerOpts creates the GRPC server options that can be added to a GRPC server in order to add this InterceptorChain.
func (*InterceptorChain) MacaroonService ¶
func (r *InterceptorChain) MacaroonService() *macaroons.Service
MacaroonService returns the currently registered macaroon service. This might be nil if none was registered (yet).
func (*InterceptorChain) MacaroonStreamServerInterceptor ¶
func (r *InterceptorChain) MacaroonStreamServerInterceptor() grpc.StreamServerInterceptor
MacaroonStreamServerInterceptor is a GRPC interceptor that checks whether the request is authorized by the included macaroons.
func (*InterceptorChain) MacaroonUnaryServerInterceptor ¶
func (r *InterceptorChain) MacaroonUnaryServerInterceptor() grpc.UnaryServerInterceptor
MacaroonUnaryServerInterceptor is a GRPC interceptor that checks whether the request is authorized by the included macaroons.
func (*InterceptorChain) Permissions ¶
func (r *InterceptorChain) Permissions() map[string][]bakery.Op
Permissions returns the current set of macaroon permissions.
func (*InterceptorChain) SetRPCActive ¶
func (r *InterceptorChain) SetRPCActive()
SetRPCActive moves the RPC state from walletUnlocked to rpcActive.
func (*InterceptorChain) SetServerActive ¶
func (r *InterceptorChain) SetServerActive()
SetServerActive moves the RPC state from walletUnlocked to rpcActive.
func (*InterceptorChain) Start ¶
func (r *InterceptorChain) Start() error
Start starts the InterceptorChain, which is needed to start the state subscription server it powers.
func (*InterceptorChain) Stop ¶
func (r *InterceptorChain) Stop() error
Stop stops the InterceptorChain and its internal state subscription server.
type InterceptorsOpts ¶ added in v0.3.0
type InterceptorsOpts struct {
Prometheus *monitoring.PrometheusConfig
}
InterceptorsOpts holds the options that need to be set in some server interceptors.
type MacBaker ¶ added in v0.8.0
type MacBaker struct {
// contains filtered or unexported fields
}
MacBaker is a macaroon baker implementation.
func (*MacBaker) BakeMacaroon ¶ added in v0.8.0
BakeMacaroon allows the creation of a new macaroon with custom permissions. No first-party caveats are added since this can be done offline.
type MacBakerConfig ¶ added in v0.8.0
type MacBakerConfig struct {
// MacaroonService is the macaroon service used to mint new macaroons.
MacaroonService *lndclient.MacaroonService
// RequiredPermissions holds the known RPC permission map for URI
// checks.
RequiredPermissions map[string][]bakery.Op
}
MacBakerConfig contains the configuration for the macaroon baker.
type MacaroonBaker ¶ added in v0.8.0
type MacaroonBaker interface {
// BakeMacaroon creates a new macaroon with the given permissions.
BakeMacaroon(ctx context.Context, req BakeRequest) (macaroon.Macaroon,
error)
}
MacaroonBaker validates bake requests and mints new macaroons.
func NewMacaroonBaker ¶ added in v0.8.0
func NewMacaroonBaker(macaroonService *lndclient.MacaroonService, requiredPermissions map[string][]bakery.Op) MacaroonBaker
NewMacaroonBaker returns a MacaroonBaker backed by tapd's macaroon service and permission map.
type Permission ¶ added in v0.8.0
type Permission struct {
// Entity is the permission entity to bake.
Entity string
// Action is the permission action to bake.
Action string
}
Permission is an entity/action pair that can be baked into a macaroon.