package alts

import "google.golang.org/grpc/credentials/alts"

Package alts implements the ALTS credential support by gRPC library, which encapsulates all the state needed by a client to authenticate with a server using ALTS and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call. This package is experimental.

Index

Variables 

var (

	// ErrUntrustedPlatform is returned from ClientHandshake and
	// ServerHandshake is running on a platform where the trustworthiness of
	// the handshaker service is not guaranteed.
	ErrUntrustedPlatform = errors.New("untrusted platform")
)

Functions

func NewClientCreds 

func NewClientCreds(opts *ClientOptions) credentials.TransportCredentials

NewClientCreds constructs a client-side ALTS TransportCredentials object.

func NewServerCreds 

func NewServerCreds(opts *ServerOptions) credentials.TransportCredentials

NewServerCreds constructs a server-side ALTS TransportCredentials object.

Types

type AuthInfo 

type AuthInfo interface {
	// ApplicationProtocol returns application protocol negotiated for the
	// ALTS connection.
	ApplicationProtocol() string
	// RecordProtocol returns the record protocol negotiated for the ALTS
	// connection.
	RecordProtocol() string
	// SecurityLevel returns the security level of the created ALTS secure
	// channel.
	SecurityLevel() altspb.SecurityLevel
	// PeerServiceAccount returns the peer service account.
	PeerServiceAccount() string
	// LocalServiceAccount returns the local service account.
	LocalServiceAccount() string
	// PeerRPCVersions returns the RPC version supported by the peer.
	PeerRPCVersions() *altspb.RpcProtocolVersions
}

AuthInfo exposes security information from the ALTS handshake to the application. This interface is to be implemented by ALTS. Users should not need a brand new implementation of this interface. For situations like testing, any new implementation should embed this interface. This allows ALTS to add new methods to this interface.

type ClientOptions 

type ClientOptions struct {
	// TargetServiceAccounts contains a list of expected target service
	// accounts.
	TargetServiceAccounts []string
	// HandshakerServiceAddress represents the ALTS handshaker gRPC service
	// address to connect to.
	HandshakerServiceAddress string
}

ClientOptions contains the client-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker.

func DefaultClientOptions 

func DefaultClientOptions() *ClientOptions

DefaultClientOptions creates a new ClientOptions object with the default values.

type ServerOptions 

type ServerOptions struct {
	// HandshakerServiceAddress represents the ALTS handshaker gRPC service
	// address to connect to.
	HandshakerServiceAddress string
}

ServerOptions contains the server-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker.

func DefaultServerOptions 

func DefaultServerOptions() *ServerOptions

DefaultServerOptions creates a new ServerOptions object with the default values.

Source Files

alts.go utils.go

Directories

PathSynopsis
credentials/alts/corePackage core contains common core functionality for ALTS.
credentials/alts/core/authinfoPackage authinfo provide authentication information returned by handshakers.
credentials/alts/core/connPackage conn contains an implementation of a secure channel created by gRPC handshakers.
credentials/alts/core/handshakerPackage handshaker provides ALTS handshaking functionality for GCP.
credentials/alts/core/handshaker/servicePackage service manages connections between the VM application and the ALTS handshaker service.
credentials/alts/core/proto
credentials/alts/core/proto/grpc_gcpPackage grpc_gcp is a generated protocol buffer package.
credentials/alts/core/testutilPackage testutil include useful test utilities for the handshaker.
Version
v1.12.1
Published
Jun 6, 2018
Platform
darwin/amd64
Imports
20 packages
Last checked
5 minutes ago

Tools for package owners.