IamGrpcStore implements CredentialStore by calling the filer's IAM gRPC service. The filer requires an admin-signed Bearer token on every RPC (see weed/server/filer_server_handlers_iam_grpc.go); SetAdminSigning must be called with the same jwt.filer_signing.key value that the filer reads from securi
| 24 | // be called with the same jwt.filer_signing.key value that the filer reads |
| 25 | // from security.toml, or every call will fail with Unauthenticated. |
| 26 | type IamGrpcStore struct { |
| 27 | filerAddressFunc func() pb.ServerAddress // Function to get current active filer |
| 28 | grpcDialOption grpc.DialOption |
| 29 | // adminSigningKey is the HS256 secret used to mint Bearer tokens that the |
| 30 | // filer's IAM gRPC service validates. Must match jwt.filer_signing.key on |
| 31 | // the filer side. Empty means no token is sent (the filer will reject). |
| 32 | adminSigningKey security.SigningKey |
| 33 | adminSigningExpiresAfterSec int |
| 34 | mu sync.RWMutex // Protects filerAddressFunc, grpcDialOption, adminSigningKey, and adminSigningExpiresAfterSec |
| 35 | } |
| 36 | |
| 37 | func (store *IamGrpcStore) GetName() credential.CredentialStoreTypeName { |
| 38 | return credential.StoreTypeGrpc |
nothing calls this directly
no outgoing calls
no test coverage detected