MCPcopy
hub / github.com/seaweedfs/seaweedfs / IamGrpcStore

Struct IamGrpcStore

weed/credential/grpc/grpc_store.go:26–35  ·  view source on GitHub ↗

IamGrpcStore implements CredentialStore by calling the filer's IAM gRPC service. The filer requires an admin-signed Bearer token on every RPC (see weed/server/filer_server_handlers_iam_grpc.go); SetAdminSigning must be called with the same jwt.filer_signing.key value that the filer reads from securi

Source from the content-addressed store, hash-verified

24// be called with the same jwt.filer_signing.key value that the filer reads
25// from security.toml, or every call will fail with Unauthenticated.
26type IamGrpcStore struct {
27 filerAddressFunc func() pb.ServerAddress // Function to get current active filer
28 grpcDialOption grpc.DialOption
29 // adminSigningKey is the HS256 secret used to mint Bearer tokens that the
30 // filer's IAM gRPC service validates. Must match jwt.filer_signing.key on
31 // the filer side. Empty means no token is sent (the filer will reject).
32 adminSigningKey security.SigningKey
33 adminSigningExpiresAfterSec int
34 mu sync.RWMutex // Protects filerAddressFunc, grpcDialOption, adminSigningKey, and adminSigningExpiresAfterSec
35}
36
37func (store *IamGrpcStore) GetName() credential.CredentialStoreTypeName {
38 return credential.StoreTypeGrpc

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected