-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathoption.go
179 lines (143 loc) · 4.91 KB
/
option.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
package aserto
import (
"net/url"
"github.com/pkg/errors"
"google.golang.org/grpc"
"github.com/aserto-dev/go-aserto/internal/client"
)
var ErrInvalidOptions = errors.New("invalid connection options")
// ConnectionOption functions are used to configure ConnectionOptions instances.
type ConnectionOption func(*ConnectionOptions) error
// WithInsecure disables TLS verification.
func WithInsecure(insecure bool) ConnectionOption {
return func(options *ConnectionOptions) error {
options.Insecure = insecure
return nil
}
}
// WithNoTLS disables transport security. The connection is established in plaintext.
func WithNoTLS(noTLS bool) ConnectionOption {
return func(options *ConnectionOptions) error {
options.NoTLS = noTLS
return nil
}
}
// WithAddr overrides the default authorizer server address.
//
// Note: WithAddr and WithURL are mutually exclusive.
func WithAddr(addr string) ConnectionOption {
return func(options *ConnectionOptions) error {
if options.Address != "" {
return errors.Wrap(ErrInvalidOptions, "address has already been set")
}
options.Address = addr
return nil
}
}
// WithURL overrides the default authorizer server URL.
// Unlike WithAddr, WithURL lets gRPC users to connect to communicate with a locally running authorizer
// over Unix sockets. See https://github.com/grpc/grpc/blob/master/doc/naming.md#grpc-name-resolution for
// more details about gRPC name resolution.
//
// Note: WithURL and WithAddr are mutually exclusive.
func WithURL(svcURL *url.URL) ConnectionOption {
return func(options *ConnectionOptions) error {
if options.Address != "" {
return errors.Wrap(ErrInvalidOptions, "address has already been set")
}
options.Address = svcURL.String()
return nil
}
}
// WithCACertPath treats the specified certificate file as a trusted root CA.
//
// Include it when calling a service that uses a self-issued SSL certificate.
func WithCACertPath(path string) ConnectionOption {
return func(options *ConnectionOptions) error {
options.CACertPath = path
return nil
}
}
// WithClientCert configure the client certificate for mTLS connections.
func WithClientCert(certPath, keyPath string) ConnectionOption {
return func(options *ConnectionOptions) error {
if certPath == "" || keyPath == "" {
return errors.Wrap(ErrInvalidOptions, "both client certificate and private key paths must be specified")
}
options.ClientCertPath = certPath
options.ClientKeyPath = keyPath
return nil
}
}
// WithTokenAuth uses an OAuth2.0 token to authenticate with the authorizer service.
func WithTokenAuth(token string) ConnectionOption {
return func(options *ConnectionOptions) error {
if options.Creds != nil {
return errors.Wrap(ErrInvalidOptions, "only one set of credentials allowed")
}
options.Creds = client.NewTokenAuth(token)
return nil
}
}
// WithAPIKeyAuth uses an Aserto API key to authenticate with the authorizer service.
func WithAPIKeyAuth(key string) ConnectionOption {
return func(options *ConnectionOptions) error {
if options.Creds != nil {
return errors.Wrap(ErrInvalidOptions, "only one set of credentials allowed")
}
options.Creds = client.NewAPIKeyAuth(key)
return nil
}
}
// WithTenantID sets the Aserto tenant ID.
func WithTenantID(tenantID string) ConnectionOption {
return func(options *ConnectionOptions) error {
options.TenantID = tenantID
return nil
}
}
// WithAccountID sets the Aserto account ID.
func WithAccountID(accountID string) ConnectionOption {
return func(options *ConnectionOptions) error {
options.AccountID = accountID
return nil
}
}
// WithNoProxy returns a ConnectionOption that bypasses any configured HTTP proxy.
func WithNoProxy(noProxy bool) ConnectionOption {
return func(options *ConnectionOptions) error {
options.NoProxy = noProxy
return nil
}
}
// WithChainUnaryInterceptor adds a unary interceptor to grpc dial options.
func WithChainUnaryInterceptor(mw ...grpc.UnaryClientInterceptor) ConnectionOption {
return func(options *ConnectionOptions) error {
options.UnaryClientInterceptors = append(options.UnaryClientInterceptors, mw...)
return nil
}
}
// WithChainStreamInterceptor adds a stream interceptor to grpc dial options.
func WithChainStreamInterceptor(mw ...grpc.StreamClientInterceptor) ConnectionOption {
return func(options *ConnectionOptions) error {
options.StreamClientInterceptors = append(options.StreamClientInterceptors, mw...)
return nil
}
}
// WithDialOptions add custom dial options to the grpc connection.
func WithDialOptions(opts ...grpc.DialOption) ConnectionOption {
return func(options *ConnectionOptions) error {
options.DialOptions = append(options.DialOptions, opts...)
return nil
}
}
// WithHeader adds an header to the client config instance.
func WithHeader(key, value string) ConnectionOption {
return func(options *ConnectionOptions) error {
if options.Headers == nil {
options.Headers = map[string]string{}
}
options.Headers[key] = value
return nil
}
}