api

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2026 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package api provides the main gRPC server and shared authentication logic.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateTestJWT 

func GenerateTestJWT(privateKey ed25519.PrivateKey, kind, subject string, expiry time.Duration) (string, error)

GenerateTestJWT generates a JWT for testing purposes with default cluster/shard/tenant

func GenerateTestJWTWithClaims 

func GenerateTestJWTWithClaims(privateKey ed25519.PrivateKey, kind, subject, clusterID, shard, group, tenant string, onDemand bool, expiry time.Duration) (string, error)

GenerateTestJWTWithClaims generates a JWT for testing purposes with all claims

func ParseCertificateFromPEM 

func ParseCertificateFromPEM(certPEM []byte) (*x509.Certificate, error)

parseCertificateFromPEM parses a PEM-encoded certificate

Types

type AuthInterceptor 

type AuthInterceptor struct {
	// contains filtered or unexported fields
}

AuthInterceptor provides gRPC interceptors for client certificate authentication

func NewAuthInterceptor 

func NewAuthInterceptor(caCert *x509.Certificate, requiredRole string, logger *slog.Logger) (*AuthInterceptor, error)

NewAuthInterceptor creates a new authentication interceptor

func (*AuthInterceptor) StreamServerInterceptor 

func (a *AuthInterceptor) StreamServerInterceptor() grpc.StreamServerInterceptor

StreamServerInterceptor returns a stream server interceptor for authentication

func (*AuthInterceptor) UnaryServerInterceptor 

func (a *AuthInterceptor) UnaryServerInterceptor() grpc.UnaryServerInterceptor

UnaryServerInterceptor returns a unary server interceptor for authentication

type ClientInfo 

type ClientInfo struct {
	ClientID string            // Instance ID or Cluster ID
	Role     string            // "agent" or "operator"
	Tenant   string            // Tenant identifier (from certificate Organization field)
	Cert     *x509.Certificate // Full client certificate
}

ClientInfo contains information about an authenticated client

func GetClientInfo 

func GetClientInfo(ctx context.Context) (*ClientInfo, error)

GetClientInfo extracts client information from the request context

type ContextKey 

type ContextKey string

ContextKey for storing client info in request context 

const ClientInfoKey ContextKey = "client_info"

type JWTValidator 

type JWTValidator struct {
	// contains filtered or unexported fields
}

JWTValidator handles validation of registration nonce JWTs

func NewJWTValidator 

func NewJWTValidator(publicKey ed25519.PublicKey) *JWTValidator

NewJWTValidator creates a new JWT validator with the given public key

func (*JWTValidator) ValidateRegistrationNonce 

func (v *JWTValidator) ValidateRegistrationNonce(tokenString string, expectedKind string) (*RegistrationNonceClaims, error)

ValidateRegistrationNonce validates a registration nonce JWT and extracts claims

type RegistrationNonceClaims 

type RegistrationNonceClaims struct {
	jwt.RegisteredClaims
	Kind       string `json:"kind"`        // "agent" or "operator"
	Sub        string `json:"sub"`         // instance ID for agents, or cluster ID for operators
	ConfigHash string `json:"config_hash"` // group runtime config hash at provision time
	ClusterID  string `json:"cluster_id"`  // cluster ID
	Shard      string `json:"shard"`       // shard/zone
	Group      string `json:"group"`       // group key
	OnDemand   bool   `json:"on_demand"`   // is on-demand instance
	Tenant     string `json:"tenant"`      // tenant identifier
}

RegistrationNonceClaims represents the claims in a registration nonce JWT

type Server 

type Server struct {

	// Listeners
	RegistrationListener net.Listener
	AgentListener        net.Listener
	OperatorListener     net.Listener
	// contains filtered or unexported fields
}

Server manages the three gRPC servers and reconciler for Nstance services

func NewServer 

func NewServer(opts ServerOptions) (*Server, error)

NewServer creates a new gRPC server manager

func (*Server) IsStarted 

func (s *Server) IsStarted() bool

IsStarted returns whether the server is currently started

func (*Server) Start 

func (s *Server) Start(ctx context.Context) error

Start starts all three gRPC servers

func (*Server) Stop 

func (s *Server) Stop(ctx context.Context) error

Stop gracefully stops all gRPC servers

type ServerOptions 

type ServerOptions struct {
	Config              *config.Config
	Logger              *slog.Logger
	RegistrationService proto.RegistrationServiceServer
	AgentService        proto.AgentServiceServer
	OperatorService     proto.OperatorServiceServer
	Reconciler          *reconciler.Reconciler
	CACertPEM           []byte // CA certificate PEM for client authentication
	ServerCertPEM       []byte // Server certificate PEM for TLS
	ServerKeyPEM        []byte // Server private key PEM for TLS
	Debug               bool   // Enable debug features (gRPC reflection)
}

ServerOptions contains options for creating a new Server

Source Files

View all Source files

Directories

Path Synopsis
Package agent provides the Agent gRPC service implementation.
 Package agent provides the Agent gRPC service implementation.
Package operator provides the Operator gRPC service implementation.
 Package operator provides the Operator gRPC service implementation.
Package registration provides the Registration gRPC service implementation.
 Package registration provides the Registration gRPC service implementation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.