Package credentials
Overview ▹
Index ▹
Variables
var ( // ErrConnDispatched indicates that rawConn has been dispatched out of gRPC // and the caller should not close rawConn. ErrConnDispatched = errors.New("credentials: rawConn is dispatched out of gRPC") )
type AuthInfo ¶
AuthInfo defines the common interface for the auth information the users are interested in.
type AuthInfo interface { AuthType() string }
type PerRPCCredentials ¶
PerRPCCredentials defines the common interface for the credentials which need to attach security information to every RPC (e.g., oauth2).
type PerRPCCredentials interface { // GetRequestMetadata gets the current request metadata, refreshing // tokens if required. This should be called by the transport layer on // each request, and the data should be populated in headers or other // context. uri is the URI of the entry point for the request. When // supported by the underlying implementation, ctx can be used for // timeout and cancellation. // TODO(zhaoq): Define the set of the qualified keys instead of leaving // it as an arbitrary string. GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) // RequireTransportSecurity indicates whether the credentials requires // transport security. RequireTransportSecurity() bool }
type ProtocolInfo ¶
ProtocolInfo provides information regarding the gRPC wire protocol version, security protocol, security protocol version in use, server name, etc.
type ProtocolInfo struct { // ProtocolVersion is the gRPC wire protocol version. ProtocolVersion string // SecurityProtocol is the security protocol in use. SecurityProtocol string // SecurityVersion is the security protocol version. SecurityVersion string // ServerName is the user-configured server name. ServerName string }
type TLSInfo ¶
TLSInfo contains the auth information for a TLS authenticated connection. It implements the AuthInfo interface.
type TLSInfo struct { State tls.ConnectionState }
func (TLSInfo) AuthType ¶
func (t TLSInfo) AuthType() string
AuthType returns the type of TLSInfo as a string.
type TransportCredentials ¶
TransportCredentials defines the common interface for all the live gRPC wire protocols and supported transport security protocols (e.g., TLS, SSL).
type TransportCredentials interface { // ClientHandshake does the authentication handshake specified by the corresponding // authentication protocol on rawConn for clients. It returns the authenticated // connection and the corresponding auth information about the connection. // Implementations must use the provided context to implement timely cancellation. // gRPC will try to reconnect if the error returned is a temporary error // (io.EOF, context.DeadlineExceeded or err.Temporary() == true). // If the returned error is a wrapper error, implementations should make sure that // the error implements Temporary() to have the correct retry behaviors. ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error) // ServerHandshake does the authentication handshake for servers. It returns // the authenticated connection and the corresponding auth information about // the connection. ServerHandshake(net.Conn) (net.Conn, AuthInfo, error) // Info provides the ProtocolInfo of this TransportCredentials. Info() ProtocolInfo // Clone makes a copy of this TransportCredentials. Clone() TransportCredentials // OverrideServerName overrides the server name used to verify the hostname on the returned certificates from the server. // gRPC internals also use it to override the virtual hosting name if it is set. // It must be called before dialing. Currently, this is only used by grpclb. OverrideServerName(string) error }
func NewClientTLSFromCert ¶
func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials
NewClientTLSFromCert constructs TLS credentials from the input certificate for client. serverNameOverride is for testing only. If set to a non empty string, it will override the virtual host name of authority (e.g. :authority header field) in requests.
func NewClientTLSFromFile ¶
func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error)
NewClientTLSFromFile constructs TLS credentials from the input certificate file for client. serverNameOverride is for testing only. If set to a non empty string, it will override the virtual host name of authority (e.g. :authority header field) in requests.
func NewServerTLSFromCert ¶
func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials
NewServerTLSFromCert constructs TLS credentials from the input certificate for server.
func NewServerTLSFromFile ¶
func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error)
NewServerTLSFromFile constructs TLS credentials from the input certificate file and key file for server.
func NewTLS ¶
func NewTLS(c *tls.Config) TransportCredentials
NewTLS uses c to construct a TransportCredentials based on TLS.