Documentation ¶
Overview ¶
Package access provides primitives for implementing authentication and authorization.
Index ¶
- Constants
- func ContextWithIAP(ctx context.Context, iap IAPFields) context.Context
- func FakeContextWithOutgoingIAPAuth(ctx context.Context, iap IAPFields) context.Context
- func FakeIAPAuthFunc() grpcauth.AuthFunc
- func FakeIAPAuthInterceptorOptions() []grpc.ServerOption
- func IAPAudienceAppEngine(projectNumber int64, projectID string) string
- func IAPAudienceGCE(projectNumber int64, serviceID string) string
- func RequireIAPAuthHandler(h http.Handler, audience string) http.Handler
- func RequireIAPAuthStreamInterceptor(audience string) grpc.StreamServerInterceptor
- func RequireIAPAuthUnaryInterceptor(audience string) grpc.UnaryServerInterceptor
- type IAPFields
Constants ¶
const ( // IAPSkipAudienceValidation is the audience string used when the validation is not // necessary. https://pkg.go.dev/google.golang.org/api/idtoken#Validate IAPSkipAudienceValidation = "" )
Variables ¶
This section is empty.
Functions ¶
func ContextWithIAP ¶
ContextWithIAP adds the iap fields to the context.
func FakeContextWithOutgoingIAPAuth ¶
FakeContextWithOutgoingIAPAuth adds the iap fields to the metadata of an outgoing GRPC request and should only be used for testing.
func FakeIAPAuthFunc ¶
FakeIAPAuthFunc provides a fake IAP authentication validation and should only be used for testing.
func FakeIAPAuthInterceptorOptions ¶
func FakeIAPAuthInterceptorOptions() []grpc.ServerOption
FakeIAPAuthInterceptorOptions provides the GRPC server options for fake IAP authentication and should only be used for testing.
func IAPAudienceAppEngine ¶
IAPAudienceAppEngine returns the JWT audience for App Engine services. The project number is the numerical GCP project number the service is deployed in. The project ID is the textual identifier for the GCP project that the App Engine instance is deployed in. https://cloud.google.com/iap/docs/signed-headers-howto
func IAPAudienceGCE ¶
IAPAudienceGCE returns the jwt audience for GCE and GKE services. The project number is the numerical GCP project number the service is deployed in. The service ID is the identifier for the backend service used to route IAP requests. https://cloud.google.com/iap/docs/signed-headers-howto
func RequireIAPAuthHandler ¶
func RequireIAPAuthStreamInterceptor ¶
func RequireIAPAuthStreamInterceptor(audience string) grpc.StreamServerInterceptor
RequireIAPAuthStreamInterceptor creates an authentication interceptor for a GRPC streaming server. This requires Identity Aware Proxy authentication. Upon a successful authentication the associated headers will be copied into the request context.
func RequireIAPAuthUnaryInterceptor ¶
func RequireIAPAuthUnaryInterceptor(audience string) grpc.UnaryServerInterceptor
RequireIAPAuthUnaryInterceptor creates an authentication interceptor for a GRPC server. This requires Identity Aware Proxy authentication. Upon a successful authentication the associated headers will be copied into the request context.
Types ¶
type IAPFields ¶
type IAPFields struct { // Email contains the user's email address // For example, "accounts.google.com:[email protected]" Email string // ID contains a unique identifier for the user // For example, "accounts.google.com:userIDvalue" ID string }
IAPFields contains the values for the headers retrieved from Identity Aware Proxy.