mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-10-19 15:55:08 +00:00
96 lines
3.1 KiB
Go
96 lines
3.1 KiB
Go
|
/*
|
||
|
*
|
||
|
* Copyright 2018 gRPC authors.
|
||
|
*
|
||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
* you may not use this file except in compliance with the License.
|
||
|
* You may obtain a copy of the License at
|
||
|
*
|
||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||
|
*
|
||
|
* Unless required by applicable law or agreed to in writing, software
|
||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
* See the License for the specific language governing permissions and
|
||
|
* limitations under the License.
|
||
|
*
|
||
|
*/
|
||
|
|
||
|
// Package authinfo provide authentication information returned by handshakers.
|
||
|
package authinfo
|
||
|
|
||
|
import (
|
||
|
"google.golang.org/grpc/credentials"
|
||
|
altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
|
||
|
)
|
||
|
|
||
|
var _ credentials.AuthInfo = (*altsAuthInfo)(nil)
|
||
|
|
||
|
// altsAuthInfo exposes security information from the ALTS handshake to the
|
||
|
// application. altsAuthInfo is immutable and implements credentials.AuthInfo.
|
||
|
type altsAuthInfo struct {
|
||
|
p *altspb.AltsContext
|
||
|
credentials.CommonAuthInfo
|
||
|
}
|
||
|
|
||
|
// New returns a new altsAuthInfo object given handshaker results.
|
||
|
func New(result *altspb.HandshakerResult) credentials.AuthInfo {
|
||
|
return newAuthInfo(result)
|
||
|
}
|
||
|
|
||
|
func newAuthInfo(result *altspb.HandshakerResult) *altsAuthInfo {
|
||
|
return &altsAuthInfo{
|
||
|
p: &altspb.AltsContext{
|
||
|
ApplicationProtocol: result.GetApplicationProtocol(),
|
||
|
RecordProtocol: result.GetRecordProtocol(),
|
||
|
// TODO: assign security level from result.
|
||
|
SecurityLevel: altspb.SecurityLevel_INTEGRITY_AND_PRIVACY,
|
||
|
PeerServiceAccount: result.GetPeerIdentity().GetServiceAccount(),
|
||
|
LocalServiceAccount: result.GetLocalIdentity().GetServiceAccount(),
|
||
|
PeerRpcVersions: result.GetPeerRpcVersions(),
|
||
|
PeerAttributes: result.GetPeerIdentity().GetAttributes(),
|
||
|
},
|
||
|
CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity},
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// AuthType identifies the context as providing ALTS authentication information.
|
||
|
func (s *altsAuthInfo) AuthType() string {
|
||
|
return "alts"
|
||
|
}
|
||
|
|
||
|
// ApplicationProtocol returns the context's application protocol.
|
||
|
func (s *altsAuthInfo) ApplicationProtocol() string {
|
||
|
return s.p.GetApplicationProtocol()
|
||
|
}
|
||
|
|
||
|
// RecordProtocol returns the context's record protocol.
|
||
|
func (s *altsAuthInfo) RecordProtocol() string {
|
||
|
return s.p.GetRecordProtocol()
|
||
|
}
|
||
|
|
||
|
// SecurityLevel returns the context's security level.
|
||
|
func (s *altsAuthInfo) SecurityLevel() altspb.SecurityLevel {
|
||
|
return s.p.GetSecurityLevel()
|
||
|
}
|
||
|
|
||
|
// PeerServiceAccount returns the context's peer service account.
|
||
|
func (s *altsAuthInfo) PeerServiceAccount() string {
|
||
|
return s.p.GetPeerServiceAccount()
|
||
|
}
|
||
|
|
||
|
// LocalServiceAccount returns the context's local service account.
|
||
|
func (s *altsAuthInfo) LocalServiceAccount() string {
|
||
|
return s.p.GetLocalServiceAccount()
|
||
|
}
|
||
|
|
||
|
// PeerRPCVersions returns the context's peer RPC versions.
|
||
|
func (s *altsAuthInfo) PeerRPCVersions() *altspb.RpcProtocolVersions {
|
||
|
return s.p.GetPeerRpcVersions()
|
||
|
}
|
||
|
|
||
|
// PeerAttributes returns the context's peer attributes.
|
||
|
func (s *altsAuthInfo) PeerAttributes() map[string]string {
|
||
|
return s.p.GetPeerAttributes()
|
||
|
}
|