IamGrpcServer implements the IAM gRPC service on the filer. Auth is opt-in: when jwt.filer_signing.key is set in security.toml the service requires a Bearer token in the "authorization" metadata signed with that key; when it is empty every RPC is accepted unauthenticated, matching the rest of Seawee
| 22 | // the rest of SeaweedFS's gRPC surface. Operators who expose the filer gRPC |
| 23 | // port beyond a trusted network should configure the key. |
| 24 | type IamGrpcServer struct { |
| 25 | iam_pb.UnimplementedSeaweedIdentityAccessManagementServer |
| 26 | credentialManager *credential.CredentialManager |
| 27 | adminSigningKey security.SigningKey |
| 28 | } |
| 29 | |
| 30 | // NewIamGrpcServer creates a new IAM gRPC server. If adminSigningKey is empty |
| 31 | // the service runs unauthenticated; otherwise every RPC requires a Bearer |
nothing calls this directly
no outgoing calls
no test coverage detected