Package: google.golang.org/grpc/credentials/alts

package alts Import Path google.golang.org/grpc/credentials/alts (on go.dev) Dependency Relation imports 23 packages, and imported by one package

Involved Source Files d➜ alts.go Package alts implements the ALTS credential support by gRPC library, which encapsulates all the state needed by a client to authenticate with a server using ALTS and make various assertions, e.g., about the client's identity, role, or whether it is authorized to make a particular call. This package is experimental. utils.go

Package-Level Type Names (total 5, in which 3 are exported)

/* sort exporteds by: alphabet | popularity */

type AuthInfo (interface) AuthInfo exposes security information from the ALTS handshake to the application. This interface is to be implemented by ALTS. Users should not need a brand new implementation of this interface. For situations like testing, any new implementation should embed this interface. This allows ALTS to add new methods to this interface. Methods (total 6, all are exported) ( T) ApplicationProtocol() string ApplicationProtocol returns application protocol negotiated for the ALTS connection. ( T) LocalServiceAccount() string LocalServiceAccount returns the local service account. ( T) PeerRPCVersions() *altspb.RpcProtocolVersions PeerRPCVersions returns the RPC version supported by the peer. ( T) PeerServiceAccount() string PeerServiceAccount returns the peer service account. ( T) RecordProtocol() string RecordProtocol returns the record protocol negotiated for the ALTS connection. ( T) SecurityLevel() altspb.SecurityLevel SecurityLevel returns the security level of the created ALTS secure channel. Implemented By (at least one unexported) /* at least one unexported ... *//* at least one unexported: */ *google.golang.org/grpc/credentials/alts/internal/authinfo.altsAuthInfo As Outputs Of (at least 2, both are exported) func AuthInfoFromContext(ctx context.Context) (AuthInfo, error) func AuthInfoFromPeer(p *peer.Peer) (AuthInfo, error)

type ClientOptions (struct) ClientOptions contains the client-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker. Fields (total 2, both are exported) HandshakerServiceAddress string HandshakerServiceAddress represents the ALTS handshaker gRPC service address to connect to. TargetServiceAccounts []string TargetServiceAccounts contains a list of expected target service accounts. As Outputs Of (at least one exported) func DefaultClientOptions() *ClientOptions As Inputs Of (at least one exported) func NewClientCreds(opts *ClientOptions) credentials.TransportCredentials

type ServerOptions (struct) ServerOptions contains the server-side options of an ALTS channel. These options will be passed to the underlying ALTS handshaker. Fields (only one, which is exported) HandshakerServiceAddress string HandshakerServiceAddress represents the ALTS handshaker gRPC service address to connect to. As Outputs Of (at least one exported) func DefaultServerOptions() *ServerOptions As Inputs Of (at least one exported) func NewServerCreds(opts *ServerOptions) credentials.TransportCredentials

/* 2 unexporteds ... *//* 2 unexporteds: */

type altsTC (struct) altsTC is the credentials required for authenticating a connection using ALTS. It implements credentials.TransportCredentials interface. Fields (total 4, none are exported) /* 4 unexporteds ... *//* 4 unexporteds: */ accounts []string hsAddress string info *credentials.ProtocolInfo side core.Side Methods (total 5, all are exported) (*T) ClientHandshake(ctx context.Context, addr string, rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) ClientHandshake implements the client side handshake protocol. (*T) Clone() credentials.TransportCredentials (*T) Info() credentials.ProtocolInfo (*T) OverrideServerName(serverNameOverride string) error (*T) ServerHandshake(rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) ServerHandshake implements the server side ALTS handshaker. Implements (at least one exported) *T : google.golang.org/grpc/credentials.TransportCredentials

type platformError string (basic type) Methods (only one, which is exported) ( T) Error() string Implements (at least one exported) T : error

Package-Level Functions (total 12, in which 7 are exported)

func AuthInfoFromContext(ctx context.Context) (AuthInfo, error) AuthInfoFromContext extracts the alts.AuthInfo object from the given context, if it exists. This API should be used by gRPC server RPC handlers to get information about the communicating peer. For client-side, use grpc.Peer() CallOption.

func AuthInfoFromPeer(p *peer.Peer) (AuthInfo, error) AuthInfoFromPeer extracts the alts.AuthInfo object from the given peer, if it exists. This API should be used by gRPC clients after obtaining a peer object using the grpc.Peer() CallOption.

func ClientAuthorizationCheck(ctx context.Context, expectedServiceAccounts []string) error ClientAuthorizationCheck checks whether the client is authorized to access the requested resources based on the given expected client service accounts. This API should be used by gRPC server RPC handlers. This API should not be used by clients.

func DefaultClientOptions() *ClientOptions DefaultClientOptions creates a new ClientOptions object with the default values.

func DefaultServerOptions() *ServerOptions DefaultServerOptions creates a new ServerOptions object with the default values.

func NewClientCreds(opts *ClientOptions) credentials.TransportCredentials NewClientCreds constructs a client-side ALTS TransportCredentials object.

func NewServerCreds(opts *ServerOptions) credentials.TransportCredentials NewServerCreds constructs a server-side ALTS TransportCredentials object.

/* 5 unexporteds ... *//* 5 unexporteds: */

func checkRPCVersions(local, peer *altspb.RpcProtocolVersions) (bool, *altspb.RpcProtocolVersions_Version) checkRPCVersions performs a version check between local and peer rpc protocol versions. This function returns true if the check passes which means both parties agreed on a common rpc protocol to use, and false otherwise. The function also returns the highest common RPC protocol version both parties agreed on.

func compareRPCVersions(v1, v2 *altspb.RpcProtocolVersions_Version) int compareRPCVersion returns 0 if v1 == v2, 1 if v1 > v2 and -1 if v1 < v2.

func isRunningOnGCP() bool isRunningOnGCP checks whether the local system, without doing a network request is running on GCP.

func newALTS(side core.Side, accounts []string, hsAddress string) credentials.TransportCredentials

func readManufacturer() ([]byte, error)

Package-Level Variables (total 8, in which 1 are exported)

var ErrUntrustedPlatform error ErrUntrustedPlatform is returned from ClientHandshake and ServerHandshake is running on a platform where the trustworthiness of the handshaker service is not guaranteed.

/* 7 unexporteds ... *//* 7 unexporteds: */

var logger grpclog.DepthLoggerV2

var manufacturerReader func() (io.Reader, error)

var maxRPCVersion *grpc_gcp.RpcProtocolVersions_Version

var minRPCVersion *grpc_gcp.RpcProtocolVersions_Version

var once sync.Once

var runningOS string The following two variables will be reassigned in tests.

var vmOnGCP bool

Package-Level Constants (total 11, none are exported) /* 11 unexporteds ... *//* 11 unexporteds: */

const defaultTimeout time.Duration = 30000000000 defaultTimeout specifies the server handshake timeout.

const hypervisorHandshakerServiceAddress = "metadata.google.internal.:8080" hypervisorHandshakerServiceAddress represents the default ALTS gRPC handshaker service address in the hypervisor.

const linuxProductNameFile = "/sys/class/dmi/id/product_name"

const powershellOutputFilter = "Manufacturer"

const protocolVersionMaxMajor = 2 The following constants specify the minimum and maximum acceptable protocol versions.

const protocolVersionMaxMinor = 1

const protocolVersionMinMajor = 2

const protocolVersionMinMinor = 1

const windowsCheckCommand = "powershell.exe"

const windowsCheckCommandArgs = "Get-WmiObject -Class Win32_BIOS"

const windowsManufacturerRegex = ":(.*)"