package authz
import "google.golang.org/grpc/authz"
Package authz exposes methods to manage authorization within gRPC.
Experimental
Notice: This package is EXPERIMENTAL and may be changed or removed in a later release.
Index ¶
- type FileWatcherInterceptor
- func NewFileWatcher(file string, duration time.Duration) (*FileWatcherInterceptor, error)
- func (i *FileWatcherInterceptor) Close()
- func (i *FileWatcherInterceptor) StreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
- func (i *FileWatcherInterceptor) UnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
- type StaticInterceptor
- func NewStatic(authzPolicy string) (*StaticInterceptor, error)
- func (i *StaticInterceptor) StreamInterceptor(srv interface{}, ss grpc.ServerStream, _ *grpc.StreamServerInfo, handler grpc.StreamHandler) error
- func (i *StaticInterceptor) UnaryInterceptor(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
Types ¶
type FileWatcherInterceptor ¶
type FileWatcherInterceptor struct {
// contains filtered or unexported fields
}
FileWatcherInterceptor contains details used to make authorization decisions by watching a file path that contains authorization policy in JSON format.
func NewFileWatcher ¶
func NewFileWatcher(file string, duration time.Duration) (*FileWatcherInterceptor, error)
NewFileWatcher returns a new FileWatcherInterceptor from a policy file that contains JSON string of authorization policy and a refresh duration to specify the amount of time between policy refreshes.
func (*FileWatcherInterceptor) Close ¶
func (i *FileWatcherInterceptor) Close()
Close cleans up resources allocated by the interceptor.
func (*FileWatcherInterceptor) StreamInterceptor ¶
func (i *FileWatcherInterceptor) StreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
StreamInterceptor intercepts incoming Stream RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.
func (*FileWatcherInterceptor) UnaryInterceptor ¶
func (i *FileWatcherInterceptor) UnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
UnaryInterceptor intercepts incoming Unary RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.
type StaticInterceptor ¶
type StaticInterceptor struct {
// contains filtered or unexported fields
}
StaticInterceptor contains engines used to make authorization decisions. It either contains two engines deny engine followed by an allow engine or only one allow engine.
func NewStatic ¶
func NewStatic(authzPolicy string) (*StaticInterceptor, error)
NewStatic returns a new StaticInterceptor from a static authorization policy JSON string.
func (*StaticInterceptor) StreamInterceptor ¶
func (i *StaticInterceptor) StreamInterceptor(srv interface{}, ss grpc.ServerStream, _ *grpc.StreamServerInfo, handler grpc.StreamHandler) error
StreamInterceptor intercepts incoming Stream RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.
func (*StaticInterceptor) UnaryInterceptor ¶
func (i *StaticInterceptor) UnaryInterceptor(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
UnaryInterceptor intercepts incoming Unary RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.
Source Files ¶
rbac_translator.go sdk_server_interceptors.go
- Version
- v1.44.0-dev
- Published
- Dec 6, 2021
- Platform
- js/wasm
- Imports
- 17 packages
- Last checked
- 8 minutes ago –
Tools for package owners.