/
border0_grpc_tunnel_credentials.go
91 lines (77 loc) · 3.32 KB
/
border0_grpc_tunnel_credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package connectorv2
import (
"context"
"google.golang.org/grpc/credentials"
)
// FIXME: this should be part of the Border0 Go SDK
const (
// ConnectorControlStreamMetadataKeyToken is the GRPC
// stream metadata key for the authorization token.
ConnectorControlStreamMetadataKeyToken = "token"
// ConnectorControlStreamMetadataKeyConnectorId is
// the GRPC stream metadata key for the connector id.
ConnectorControlStreamMetadataKeyConnectorId = "connector_id"
)
// ConnectorControlStreamCredentials represents the authentication mechanism
// against the Border0 API's connector-control-plain (GRPC) server.
type ConnectorControlStreamCredentials struct {
token string
connectorId string
insecureTransport bool
}
// ensures border0GrpcTunnelCredentials implements credentials.PerRPCCredentials
// (the generic authentication interface for GRPC) at compile-time.
var _ credentials.PerRPCCredentials = (*ConnectorControlStreamCredentials)(nil)
// CredentialOption is the constructor option type for ConnectorControlStreamCredentials.
type CredentialOption func(*ConnectorControlStreamCredentials)
// WithToken is the CredentialOption to set the token.
func WithToken(token string) CredentialOption {
return func(c *ConnectorControlStreamCredentials) { c.token = token }
}
// WithConnectorId is the CredentialOption to set the connector id.
func WithConnectorId(connectorId string) CredentialOption {
return func(c *ConnectorControlStreamCredentials) { c.connectorId = connectorId }
}
// WithInsecureTransport is the CredentialOption to toggle insecure transport.
func WithInsecureTransport(insecureTransport bool) CredentialOption {
return func(c *ConnectorControlStreamCredentials) { c.insecureTransport = insecureTransport }
}
// NewConnectorControlStreamCredentials returns a new ConnectorControlStreamCredentials
// object initialized with the given options.
func NewConnectorControlStreamCredentials(opts ...CredentialOption) *ConnectorControlStreamCredentials {
creds := &ConnectorControlStreamCredentials{
insecureTransport: false,
}
for _, opt := range opts {
opt(creds)
}
return creds
}
// GetRequestMetadata gets the current request metadata, refreshing tokens
// if required. This should be called by the transport layer on each
// request, and the data should be populated in headers or other
// context. If a status code is returned, it will be used as the status for
// the RPC (restricted to an allowable set of codes as defined by gRFC
// A54). uri is the URI of the entry point for the request. When supported
// by the underlying implementation, ctx can be used for timeout and
// cancellation. Additionally, RequestInfo data will be available via ctx
// to this call.
//
// ^ copied straight from the interface defintion.
func (c *ConnectorControlStreamCredentials) GetRequestMetadata(ctx context.Context, in ...string) (map[string]string, error) {
md := map[string]string{}
if c.token != "" {
md[ConnectorControlStreamMetadataKeyToken] = c.token
}
if c.connectorId != "" {
md[ConnectorControlStreamMetadataKeyConnectorId] = c.connectorId
}
return md, nil
}
// RequireTransportSecurity indicates whether the credentials requires
// transport security.
//
// ^ copied straight from the interface defintion.
func (c *ConnectorControlStreamCredentials) RequireTransportSecurity() bool {
return !c.insecureTransport
}