MCPcopy
hub / github.com/grpc/grpc-go / ClientAuthorizationCheck

Function ClientAuthorizationCheck

credentials/alts/utils.go:58–70  ·  view source on GitHub ↗

ClientAuthorizationCheck checks whether the client is authorized to access the requested resources based on the given expected client service accounts. This API should be used by gRPC server RPC handlers. This API should not be used by clients.

(ctx context.Context, expectedServiceAccounts []string)

Source from the content-addressed store, hash-verified

56// This API should be used by gRPC server RPC handlers. This API should not be
57// used by clients.
58func ClientAuthorizationCheck(ctx context.Context, expectedServiceAccounts []string) error {
59 authInfo, err := AuthInfoFromContext(ctx)
60 if err != nil {
61 return status.Errorf(codes.PermissionDenied, "The context is not an ALTS-compatible context: %v", err)
62 }
63 peer := authInfo.PeerServiceAccount()
64 for _, sa := range expectedServiceAccounts {
65 if strings.EqualFold(peer, sa) {
66 return nil
67 }
68 }
69 return status.Errorf(codes.PermissionDenied, "Client %v is not authorized", peer)
70}

Callers 1

Calls 3

ErrorfFunction · 0.92
AuthInfoFromContextFunction · 0.85
PeerServiceAccountMethod · 0.65

Tested by 1