package credentials

Import Path
	google.golang.org/grpc/credentials (on go.dev)

Dependency Relation
	imports 12 packages, and imported by 14 packages

Involved Source Files

	   d➜ credentials.go
		Package credentials implements various credentials supported by gRPC library,
		which encapsulate all the state needed by a client to authenticate with a
		server and make various assertions, e.g., about the client's identity, role,
		or whether it is authorized to make a particular call.

	      go12.go
	      tls.go
Package-Level Type Names (total 17, in which 14 are exported)

	/* sort exporteds by: alphabet | popularity */
	 type AuthInfo (interface)
		AuthInfo defines the common interface for the auth information the users are interested in.
		A struct that implements AuthInfo should embed CommonAuthInfo by including additional
		information about the credentials in it.

		Methods (only one, which is exported)
			( T) AuthType() string
		Implemented By (at least 2, in which 1 are exported)
			 TLSInfo
			/* at least one unexported ... *//* at least one unexported: */
			*google.golang.org/grpc/credentials/alts/internal/authinfo.altsAuthInfo
		As Outputs Of (at least 6, in which 5 are exported)
			func TransportCredentials.ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error)
			func TransportCredentials.ServerHandshake(net.Conn) (net.Conn, AuthInfo, error)
			func google.golang.org/grpc/credentials/alts/internal.Handshaker.ClientHandshake(ctx context.Context) (net.Conn, AuthInfo, error)
			func google.golang.org/grpc/credentials/alts/internal.Handshaker.ServerHandshake(ctx context.Context) (net.Conn, AuthInfo, error)
			func google.golang.org/grpc/credentials/alts/internal/authinfo.New(result *altspb.HandshakerResult) AuthInfo
			/* at least one unexported ... *//* at least one unexported: */
			func google.golang.org/grpc.(*Server).useTransportAuthenticator(rawConn net.Conn) (net.Conn, AuthInfo, error)
		As Inputs Of (at least one unexported)
			/* at least one unexported ... *//* at least one unexported: */
			func google.golang.org/grpc.(*Server).newHTTP2Transport(c net.Conn, authInfo AuthInfo) transport.ServerTransport

	 type Bundle (interface)
		Bundle is a combination of TransportCredentials and PerRPCCredentials.

		It also contains a mode switching method, so it can be used as a combination
		of different credential policies.

		Bundle cannot be used together with individual TransportCredentials.
		PerRPCCredentials from Bundle will be appended to other PerRPCCredentials.

		This API is experimental.

		Methods (total 3, all are exported)
			( T) NewWithMode(mode string) (Bundle, error)
				NewWithMode should make a copy of Bundle, and switch mode. Modifying the
				existing Bundle may cause races.

				NewWithMode returns nil if the requested mode is not supported.

			( T) PerRPCCredentials() PerRPCCredentials
			( T) TransportCredentials() TransportCredentials
		Implemented By (at least one unexported)
			/* at least one unexported ... *//* at least one unexported: */
			*google.golang.org/grpc/credentials/google.creds
		As Outputs Of (at least 3, all are exported)
			func Bundle.NewWithMode(mode string) (Bundle, error)
			func google.golang.org/grpc/credentials/google.NewComputeEngineCredentials() Bundle
			func google.golang.org/grpc/credentials/google.NewDefaultCredentials() Bundle
		As Inputs Of (at least one exported)
			func google.golang.org/grpc.WithCredentialsBundle(b Bundle) grpc.DialOption

	 type ChannelzSecurityInfo (interface)
		ChannelzSecurityInfo defines the interface that security protocols should implement
		in order to provide security info to channelz.

		This API is experimental.

		Methods (only one, which is exported)
			( T) GetSecurityValue() ChannelzSecurityValue
		Implemented By (at least one exported)
			 TLSInfo

	 type ChannelzSecurityValue (interface)
		ChannelzSecurityValue defines the interface that GetSecurityValue() return value
		should satisfy. This interface should only be satisfied by *TLSChannelzSecurityValue
		and *OtherChannelzSecurityValue.

		This API is experimental.

		Methods (only one, which is unexported)
			/* one unexported ... *//* one unexported: */
			( T) isChannelzSecurityValue()
		Implemented By (at least 2, both are exported)
			 OtherChannelzSecurityValue
			 TLSChannelzSecurityValue
		As Outputs Of (at least 2, both are exported)
			func ChannelzSecurityInfo.GetSecurityValue() ChannelzSecurityValue
			func TLSInfo.GetSecurityValue() ChannelzSecurityValue

	 type ClientHandshakeInfo (struct)
		ClientHandshakeInfo holds data to be passed to ClientHandshake. This makes
		it possible to pass arbitrary data to the handshaker from gRPC, resolver,
		balancer etc. Individual credential implementations control the actual
		format of the data that they are willing to receive.

		This API is experimental.

		Fields (only one, which is exported)
			Attributes *attributes.Attributes
				Attributes contains the attributes for the address. It could be provided
				by the gRPC, resolver, balancer etc.

		As Outputs Of (at least one exported)
			func ClientHandshakeInfoFromContext(ctx context.Context) ClientHandshakeInfo

	 type CommonAuthInfo (struct)
		CommonAuthInfo contains authenticated information common to AuthInfo implementations.
		It should be embedded in a struct implementing AuthInfo to provide additional information
		about the credentials.

		This API is experimental.

		Fields (only one, which is exported)
			SecurityLevel SecurityLevel
		Methods (only one, which is exported)
			(*T) GetCommonAuthInfo() *CommonAuthInfo
				GetCommonAuthInfo returns the pointer to CommonAuthInfo struct.

		As Outputs Of (at least one exported)
			func (*CommonAuthInfo).GetCommonAuthInfo() *CommonAuthInfo

	 type OtherChannelzSecurityValue (struct)
		OtherChannelzSecurityValue defines the struct that non-TLS protocol should return
		from GetSecurityValue(), which contains protocol specific security info. Note
		the Value field will be sent to users of channelz requesting channel info, and
		thus sensitive info should better be avoided.

		This API is experimental.

		Fields (total 3, all are exported)
			ChannelzSecurityValue ChannelzSecurityValue
			Name string
			Value proto.Message
		Methods (only one, which is unexported)
			/* one unexported ... *//* one unexported: */
			( T) isChannelzSecurityValue()
		Implements (at least one exported)
			 T : ChannelzSecurityValue

	 type PerRPCCredentials (interface)
		PerRPCCredentials defines the common interface for the credentials which need to
		attach security information to every RPC (e.g., oauth2).

		Methods (total 2, both are exported)
			( T) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
				GetRequestMetadata gets the current request metadata, refreshing
				tokens if required. This should be called by the transport layer on
				each request, and the data should be populated in headers or other
				context. If a status code is returned, it will be used as the status
				for the RPC. uri is the URI of the entry point for the request.
				When supported by the underlying implementation, ctx can be used for
				timeout and cancellation. Additionally, RequestInfo data will be
				available via ctx to this call.
				TODO(zhaoq): Define the set of the qualified keys instead of leaving
				it as an arbitrary string.

			( T) RequireTransportSecurity() bool
				RequireTransportSecurity indicates whether the credentials requires
				transport security.

		Implemented By (at least 5, in which 1 are exported)
			 google.golang.org/grpc/credentials/oauth.TokenSource
			/* 4+ unexporteds ... *//* 4+ unexporteds: */
			 google.golang.org/grpc/credentials/oauth.jwtAccess
			 google.golang.org/grpc/credentials/oauth.oauthAccess
			*google.golang.org/grpc/credentials/oauth.serviceAccount
			 google.golang.org/api/transport/grpc.grpcTokenSource
		As Outputs Of (at least 8, all are exported)
			func Bundle.PerRPCCredentials() PerRPCCredentials
			func google.golang.org/grpc/credentials/oauth.NewApplicationDefault(ctx context.Context, scope ...string) (PerRPCCredentials, error)
			func google.golang.org/grpc/credentials/oauth.NewComputeEngine() PerRPCCredentials
			func google.golang.org/grpc/credentials/oauth.NewJWTAccessFromFile(keyFile string) (PerRPCCredentials, error)
			func google.golang.org/grpc/credentials/oauth.NewJWTAccessFromKey(jsonKey []byte) (PerRPCCredentials, error)
			func google.golang.org/grpc/credentials/oauth.NewOauthAccess(token *oauth2.Token) PerRPCCredentials
			func google.golang.org/grpc/credentials/oauth.NewServiceAccountFromFile(keyFile string, scope ...string) (PerRPCCredentials, error)
			func google.golang.org/grpc/credentials/oauth.NewServiceAccountFromKey(jsonKey []byte, scope ...string) (PerRPCCredentials, error)
		As Inputs Of (at least 2, both are exported)
			func google.golang.org/grpc.PerRPCCredentials(creds PerRPCCredentials) grpc.CallOption
			func google.golang.org/grpc.WithPerRPCCredentials(creds PerRPCCredentials) grpc.DialOption

	 type ProtocolInfo (struct)
		ProtocolInfo provides information regarding the gRPC wire protocol version,
		security protocol, security protocol version in use, server name, etc.

		Fields (total 4, all are exported)
			ProtocolVersion string
				ProtocolVersion is the gRPC wire protocol version.

			SecurityProtocol string
				SecurityProtocol is the security protocol in use.

			SecurityVersion string
				SecurityVersion is the security protocol version.  It is a static version string from the
				credentials, not a value that reflects per-connection protocol negotiation.  To retrieve
				details about the credentials used for a connection, use the Peer's AuthInfo field instead.

				Deprecated: please use Peer.AuthInfo.

			ServerName string
				ServerName is the user-configured server name.

		As Outputs Of (at least one exported)
			func TransportCredentials.Info() ProtocolInfo

	 type RequestInfo (struct)
		RequestInfo contains request data attached to the context passed to GetRequestMetadata calls.

		This API is experimental.

		Fields (total 2, both are exported)
			AuthInfo AuthInfo
				AuthInfo contains the information from a security handshake (TransportCredentials.ClientHandshake, TransportCredentials.ServerHandshake)

			Method string
				The method passed to Invoke or NewStream for this RPC. (For proto methods, this has the format "/some.Service/Method")

		As Outputs Of (at least one exported)
			func RequestInfoFromContext(ctx context.Context) (ri RequestInfo, ok bool)

	 type SecurityLevel int (basic type)
		SecurityLevel defines the protection level on an established connection.

		This API is experimental.

		Methods (only one, which is exported)
			( T) String() string
				String returns SecurityLevel in a string format.

		Implements (at least 4, in which 2 are exported)
			 T : expvar.Var
			 T : fmt.Stringer
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			 T : context.stringer
			 T : runtime.stringer
		As Inputs Of (at least one exported)
			func CheckSecurityLevel(ctx context.Context, level SecurityLevel) error
		As Types Of (total 4, all are exported)
			const IntegrityOnly
			const Invalid
			const NoSecurity
			const PrivacyAndIntegrity

	 type TLSChannelzSecurityValue (struct)
		TLSChannelzSecurityValue defines the struct that TLS protocol should return
		from GetSecurityValue(), containing security info like cipher and certificate used.

		This API is EXPERIMENTAL.

		Fields (total 4, all are exported)
			ChannelzSecurityValue ChannelzSecurityValue
			LocalCertificate []byte
			RemoteCertificate []byte
			StandardName string
		Methods (only one, which is unexported)
			/* one unexported ... *//* one unexported: */
			( T) isChannelzSecurityValue()
		Implements (at least one exported)
			 T : ChannelzSecurityValue

	 type TLSInfo (struct)
		TLSInfo contains the auth information for a TLS authenticated connection.
		It implements the AuthInfo interface.

		Fields (total 4, all are exported)
			CommonAuthInfo CommonAuthInfo
			CommonAuthInfo.SecurityLevel SecurityLevel
			SPIFFEID *url.URL
				This API is experimental.

			State tls.ConnectionState
		Methods (total 3, all are exported)
			( T) AuthType() string
				AuthType returns the type of TLSInfo as a string.

			(*T) GetCommonAuthInfo() *CommonAuthInfo
				GetCommonAuthInfo returns the pointer to CommonAuthInfo struct.

			( T) GetSecurityValue() ChannelzSecurityValue
				GetSecurityValue returns security info requested by channelz.

		Implements (at least 2, both are exported)
			 T : AuthInfo
			 T : ChannelzSecurityInfo

	 type TransportCredentials (interface)
		TransportCredentials defines the common interface for all the live gRPC wire
		protocols and supported transport security protocols (e.g., TLS, SSL).

		Methods (total 5, all are exported)
			( T) ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error)
				ClientHandshake does the authentication handshake specified by the
				corresponding authentication protocol on rawConn for clients. It returns
				the authenticated connection and the corresponding auth information
				about the connection.  The auth information should embed CommonAuthInfo
				to return additional information about the credentials. Implementations
				must use the provided context to implement timely cancellation.  gRPC
				will try to reconnect if the error returned is a temporary error
				(io.EOF, context.DeadlineExceeded or err.Temporary() == true).  If the
				returned error is a wrapper error, implementations should make sure that
				the error implements Temporary() to have the correct retry behaviors.
				Additionally, ClientHandshakeInfo data will be available via the context
				passed to this call.

				If the returned net.Conn is closed, it MUST close the net.Conn provided.

			( T) Clone() TransportCredentials
				Clone makes a copy of this TransportCredentials.

			( T) Info() ProtocolInfo
				Info provides the ProtocolInfo of this TransportCredentials.

			( T) OverrideServerName(string) error
				OverrideServerName overrides the server name used to verify the hostname on the returned certificates from the server.
				gRPC internals also use it to override the virtual hosting name if it is set.
				It must be called before dialing. Currently, this is only used by grpclb.

			( T) ServerHandshake(net.Conn) (net.Conn, AuthInfo, error)
				ServerHandshake does the authentication handshake for servers. It returns
				the authenticated connection and the corresponding auth information about
				the connection. The auth information should embed CommonAuthInfo to return additional information
				about the credentials.

				If the returned net.Conn is closed, it MUST close the net.Conn provided.

		Implemented By (at least 2, neither is exported)
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			*tlsCreds
			*google.golang.org/grpc/credentials/alts.altsTC
		As Outputs Of (at least 10, in which 9 are exported)
			func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials
			func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error)
			func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials
			func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error)
			func NewTLS(c *tls.Config) TransportCredentials
			func Bundle.TransportCredentials() TransportCredentials
			func TransportCredentials.Clone() TransportCredentials
			func google.golang.org/grpc/credentials/alts.NewClientCreds(opts *alts.ClientOptions) TransportCredentials
			func google.golang.org/grpc/credentials/alts.NewServerCreds(opts *alts.ServerOptions) TransportCredentials
			/* at least one unexported ... *//* at least one unexported: */
			func google.golang.org/grpc/credentials/alts.newALTS(side core.Side, accounts []string, hsAddress string) TransportCredentials
		As Inputs Of (at least 2, both are exported)
			func google.golang.org/grpc.Creds(c TransportCredentials) grpc.ServerOption
			func google.golang.org/grpc.WithTransportCredentials(creds TransportCredentials) grpc.DialOption

	/* 3 unexporteds ... *//* 3 unexporteds: */
	 type clientHandshakeInfoKey (struct)
		clientHandshakeInfoKey is a struct used as the key to store
		ClientHandshakeInfo in a context.


	 type requestInfoKey (struct)
		requestInfoKey is a struct to be used as the key when attaching a RequestInfo to a context object.


	 type tlsCreds (struct)
		tlsCreds is the credentials required for authenticating a connection using TLS.

		Fields (only one, which is unexported)
			/* one unexported ... *//* one unexported: */
			config *tls.Config
				TLS configuration

		Methods (total 5, all are exported)
			(*T) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (_ net.Conn, _ AuthInfo, err error)
			(*T) Clone() TransportCredentials
			( T) Info() ProtocolInfo
			(*T) OverrideServerName(serverNameOverride string) error
			(*T) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error)
		Implements (at least one exported)
			*T : TransportCredentials


Package-Level Functions (total 10, in which 8 are exported)

	 func CheckSecurityLevel(ctx context.Context, level SecurityLevel) error
		CheckSecurityLevel checks if a connection's security level is greater than or equal to the specified one.
		It returns success if 1) the condition is satisified or 2) AuthInfo struct does not implement GetCommonAuthInfo() method
		or 3) CommonAuthInfo.SecurityLevel has an invalid zero value. For 2) and 3), it is for the purpose of backward-compatibility.

		This API is experimental.

	 func ClientHandshakeInfoFromContext(ctx context.Context) ClientHandshakeInfo
		ClientHandshakeInfoFromContext returns the ClientHandshakeInfo struct stored
		in ctx.

		This API is experimental.

	 func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials
		NewClientTLSFromCert constructs TLS credentials from the provided root
		certificate authority certificate(s) to validate server connections. If
		certificates to establish the identity of the client need to be included in
		the credentials (eg: for mTLS), use NewTLS instead, where a complete
		tls.Config can be specified.
		serverNameOverride is for testing only. If set to a non empty string,
		it will override the virtual host name of authority (e.g. :authority header
		field) in requests.

	 func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error)
		NewClientTLSFromFile constructs TLS credentials from the provided root
		certificate authority certificate file(s) to validate server connections. If
		certificates to establish the identity of the client need to be included in
		the credentials (eg: for mTLS), use NewTLS instead, where a complete
		tls.Config can be specified.
		serverNameOverride is for testing only. If set to a non empty string,
		it will override the virtual host name of authority (e.g. :authority header
		field) in requests.

	 func NewServerTLSFromCert(cert *tls.Certificate) TransportCredentials
		NewServerTLSFromCert constructs TLS credentials from the input certificate for server.

	 func NewServerTLSFromFile(certFile, keyFile string) (TransportCredentials, error)
		NewServerTLSFromFile constructs TLS credentials from the input certificate file and key
		file for server.

	 func NewTLS(c *tls.Config) TransportCredentials
		NewTLS uses c to construct a TransportCredentials based on TLS.

	 func RequestInfoFromContext(ctx context.Context) (ri RequestInfo, ok bool)
		RequestInfoFromContext extracts the RequestInfo from the context if it exists.

		This API is experimental.

	/* 2 unexporteds ... *//* 2 unexporteds: */
	 func init()
		This init function adds cipher suite constants only defined in Go 1.12.

	 func init()
Package-Level Variables (total 2, in which 1 are exported)

	  var ErrConnDispatched error
		ErrConnDispatched indicates that rawConn has been dispatched out of gRPC
		and the caller should not close rawConn.

	/* one unexported ... *//* one unexported: */
	  var cipherSuiteLookup map[uint16]string
Package-Level Constants (total 4, all are exported)

	const IntegrityOnly SecurityLevel = 2
		IntegrityOnly indicates a connection only provides integrity protection.

	const Invalid SecurityLevel = 0
		Invalid indicates an invalid security level.
		The zero SecurityLevel value is invalid for backward compatibility.

	const NoSecurity SecurityLevel = 1
		NoSecurity indicates a connection is insecure.

	const PrivacyAndIntegrity SecurityLevel = 3
		PrivacyAndIntegrity indicates a connection provides both privacy and integrity protection.

The pages are generated with Golds v0.3.2-preview. (GOOS=darwin GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.