credentials.go

Documentation: go.etcd.io/etcd/client/v3/credentials

     1  // Copyright 2019 The etcd Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package credentials implements gRPC credential interface with etcd specific logic.
    16  // e.g., client handshake with custom authority parameter
    17  package credentials
    18  
    19  import (
    20  	"context"
    21  	"crypto/tls"
    22  	"net"
    23  	"sync"
    24  
    25  	"go.etcd.io/etcd/api/v3/v3rpc/rpctypes"
    26  	grpccredentials "google.golang.org/grpc/credentials"
    27  )
    28  
    29  // Config defines gRPC credential configuration.
    30  type Config struct {
    31  	TLSConfig *tls.Config
    32  }
    33  
    34  // Bundle defines gRPC credential interface.
    35  type Bundle interface {
    36  	grpccredentials.Bundle
    37  	UpdateAuthToken(token string)
    38  }
    39  
    40  // NewBundle constructs a new gRPC credential bundle.
    41  func NewBundle(cfg Config) Bundle {
    42  	return &bundle{
    43  		tc: newTransportCredential(cfg.TLSConfig),
    44  		rc: newPerRPCCredential(),
    45  	}
    46  }
    47  
    48  // bundle implements "grpccredentials.Bundle" interface.
    49  type bundle struct {
    50  	tc *transportCredential
    51  	rc *perRPCCredential
    52  }
    53  
    54  func (b *bundle) TransportCredentials() grpccredentials.TransportCredentials {
    55  	return b.tc
    56  }
    57  
    58  func (b *bundle) PerRPCCredentials() grpccredentials.PerRPCCredentials {
    59  	return b.rc
    60  }
    61  
    62  func (b *bundle) NewWithMode(mode string) (grpccredentials.Bundle, error) {
    63  	// no-op
    64  	return nil, nil
    65  }
    66  
    67  // transportCredential implements "grpccredentials.TransportCredentials" interface.
    68  type transportCredential struct {
    69  	gtc grpccredentials.TransportCredentials
    70  }
    71  
    72  func newTransportCredential(cfg *tls.Config) *transportCredential {
    73  	return &transportCredential{
    74  		gtc: grpccredentials.NewTLS(cfg),
    75  	}
    76  }
    77  
    78  func (tc *transportCredential) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, grpccredentials.AuthInfo, error) {
    79  	return tc.gtc.ClientHandshake(ctx, authority, rawConn)
    80  }
    81  
    82  func (tc *transportCredential) ServerHandshake(rawConn net.Conn) (net.Conn, grpccredentials.AuthInfo, error) {
    83  	return tc.gtc.ServerHandshake(rawConn)
    84  }
    85  
    86  func (tc *transportCredential) Info() grpccredentials.ProtocolInfo {
    87  	return tc.gtc.Info()
    88  }
    89  
    90  func (tc *transportCredential) Clone() grpccredentials.TransportCredentials {
    91  	return &transportCredential{
    92  		gtc: tc.gtc.Clone(),
    93  	}
    94  }
    95  
    96  func (tc *transportCredential) OverrideServerName(serverNameOverride string) error {
    97  	return tc.gtc.OverrideServerName(serverNameOverride)
    98  }
    99  
   100  // perRPCCredential implements "grpccredentials.PerRPCCredentials" interface.
   101  type perRPCCredential struct {
   102  	authToken   string
   103  	authTokenMu sync.RWMutex
   104  }
   105  
   106  func newPerRPCCredential() *perRPCCredential { return &perRPCCredential{} }
   107  
   108  func (rc *perRPCCredential) RequireTransportSecurity() bool { return false }
   109  
   110  func (rc *perRPCCredential) GetRequestMetadata(ctx context.Context, s ...string) (map[string]string, error) {
   111  	rc.authTokenMu.RLock()
   112  	authToken := rc.authToken
   113  	rc.authTokenMu.RUnlock()
   114  	if authToken == "" {
   115  		return nil, nil
   116  	}
   117  	return map[string]string{rpctypes.TokenFieldNameGRPC: authToken}, nil
   118  }
   119  
   120  func (b *bundle) UpdateAuthToken(token string) {
   121  	if b.rc == nil {
   122  		return
   123  	}
   124  	b.rc.UpdateAuthToken(token)
   125  }
   126  
   127  func (rc *perRPCCredential) UpdateAuthToken(token string) {
   128  	rc.authTokenMu.Lock()
   129  	rc.authToken = token
   130  	rc.authTokenMu.Unlock()
   131  }
   132
View as plain text