package authz

import "google.golang.org/grpc/authz"

Package authz exposes methods to manage authorization within gRPC.

Experimental

Notice: This package is EXPERIMENTAL and may be changed or removed in a later release.

Index

Types

type FileWatcherInterceptor 

type FileWatcherInterceptor struct {
	// contains filtered or unexported fields
}

FileWatcherInterceptor contains details used to make authorization decisions by watching a file path that contains authorization policy in JSON format.

func NewFileWatcher 

func NewFileWatcher(file string, duration time.Duration) (*FileWatcherInterceptor, error)

NewFileWatcher returns a new FileWatcherInterceptor from a policy file that contains JSON string of authorization policy and a refresh duration to specify the amount of time between policy refreshes.

func (*FileWatcherInterceptor) Close 

func (i *FileWatcherInterceptor) Close()

Close cleans up resources allocated by the interceptor.

func (*FileWatcherInterceptor) StreamInterceptor 

func (i *FileWatcherInterceptor) StreamInterceptor(srv any, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

StreamInterceptor intercepts incoming Stream RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.

func (*FileWatcherInterceptor) UnaryInterceptor 

func (i *FileWatcherInterceptor) UnaryInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

UnaryInterceptor intercepts incoming Unary RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.

type StaticInterceptor 

type StaticInterceptor struct {
	// contains filtered or unexported fields
}

StaticInterceptor contains engines used to make authorization decisions. It either contains two engines deny engine followed by an allow engine or only one allow engine.

func NewStatic 

func NewStatic(authzPolicy string) (*StaticInterceptor, error)

NewStatic returns a new StaticInterceptor from a static authorization policy JSON string.

func (*StaticInterceptor) StreamInterceptor 

func (i *StaticInterceptor) StreamInterceptor(srv any, ss grpc.ServerStream, _ *grpc.StreamServerInfo, handler grpc.StreamHandler) error

StreamInterceptor intercepts incoming Stream RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.

func (*StaticInterceptor) UnaryInterceptor 

func (i *StaticInterceptor) UnaryInterceptor(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

UnaryInterceptor intercepts incoming Unary RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.

Source Files

grpc_authz_server_interceptors.go rbac_translator.go

Directories

PathSynopsis
authz/auditPackage audit contains interfaces for audit logging during authorization.
authz/audit/stdoutPackage stdout defines an stdout audit logger.
Version
v1.70.0 (latest)
Published
Jan 23, 2025
Platform
linux/amd64
Imports
21 packages
Last checked
17 hours ago

Tools for package owners.