▽

Package alts

Variables

var (

    // ErrUntrustedPlatform is returned from ClientHandshake and
    // ServerHandshake is running on a platform where the trustworthiness of
    // the handshaker service is not guaranteed.
    ErrUntrustedPlatform = errors.New("ALTS: untrusted platform. ALTS is only supported on GCP")
)

func ClientAuthorizationCheck ¶

func ClientAuthorizationCheck(ctx context.Context, expectedServiceAccounts []string) error

ClientAuthorizationCheck checks whether the client is authorized to access the requested resources based on the given expected client service accounts. This API should be used by gRPC server RPC handlers. This API should not be used by clients.

func NewClientCreds ¶

func NewClientCreds(opts *ClientOptions) credentials.TransportCredentials

NewClientCreds constructs a client-side ALTS TransportCredentials object.

func NewServerCreds ¶

func NewServerCreds(opts *ServerOptions) credentials.TransportCredentials

NewServerCreds constructs a server-side ALTS TransportCredentials object.

type AuthInfo ¶

AuthInfo exposes security information from the ALTS handshake to the application. This interface is to be implemented by ALTS. Users should not need a brand new implementation of this interface. For situations like testing, any new implementation should embed this interface. This allows ALTS to add new methods to this interface.

type AuthInfo interface {
    // ApplicationProtocol returns application protocol negotiated for the
    // ALTS connection.
    ApplicationProtocol() string
    // RecordProtocol returns the record protocol negotiated for the ALTS
    // connection.
    RecordProtocol() string
    // SecurityLevel returns the security level of the created ALTS secure
    // channel.
    SecurityLevel() altspb.SecurityLevel
    // PeerServiceAccount returns the peer service account.
    PeerServiceAccount() string
    // LocalServiceAccount returns the local service account.
    LocalServiceAccount() string
    // PeerRPCVersions returns the RPC version supported by the peer.
    PeerRPCVersions() *altspb.RpcProtocolVersions
}

func AuthInfoFromContext ¶

func AuthInfoFromContext(ctx context.Context) (AuthInfo, error)

AuthInfoFromContext extracts the alts.AuthInfo object from the given context, if it exists. This API should be used by gRPC server RPC handlers to get information about the communicating peer. For client-side, use grpc.Peer() CallOption.

func AuthInfoFromPeer ¶

func AuthInfoFromPeer(p *peer.Peer) (AuthInfo, error)

AuthInfoFromPeer extracts the alts.AuthInfo object from the given peer, if it exists. This API should be used by gRPC clients after obtaining a peer object using the grpc.Peer() CallOption.

type ClientOptions ¶

ClientOptions contains the client-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker.

type ClientOptions struct {
    // TargetServiceAccounts contains a list of expected target service
    // accounts.
    TargetServiceAccounts []string
    // HandshakerServiceAddress represents the ALTS handshaker gRPC service
    // address to connect to.
    HandshakerServiceAddress string
}

func DefaultClientOptions ¶

func DefaultClientOptions() *ClientOptions

DefaultClientOptions creates a new ClientOptions object with the default values.

type ServerOptions ¶

ServerOptions contains the server-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker.

type ServerOptions struct {
    // HandshakerServiceAddress represents the ALTS handshaker gRPC service
    // address to connect to.
    HandshakerServiceAddress string
}

func DefaultServerOptions ¶

func DefaultServerOptions() *ServerOptions

DefaultServerOptions creates a new ServerOptions object with the default values.

Subdirectories