yahoojapan
diff --git a/‎.circleci/config.yml‎
Lines changed: 1 addition & 1 deletion b/‎.circleci/config.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/config.go‎
Lines changed: 1 addition & 1 deletion b/‎config/config.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/config_test.go‎
Lines changed: 1 addition & 1 deletion b/‎config/config_test.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/grpc-design-brief.md‎
Lines changed: 166 additions & 0 deletions b/‎docs/grpc-design-brief.md‎
Lines changed: 166 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 10 additions & 4 deletions b/‎go.mod‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎go.sum‎
Lines changed: 19 additions & 7 deletions b/‎go.sum‎
Lines changed: 19 additions & 7 deletions
diff --git a/‎handler/error.go‎
Lines changed: 6 additions & 0 deletions b/‎handler/error.go‎
Lines changed: 6 additions & 0 deletions
@@ -13,7 +13,7 @@ alias:
           GITHUB_API: "https://api.github.com/"
           DOCKER_USER: "tatyano"
   setup_remote_docker: &setup_remote_docker
-    version: 19.03.8
+    version: 20.10.14
 
 version: 2
 jobs:
 
@@ -290,7 +290,7 @@ type Transport struct {
 
 // New returns the decoded configuration YAML file as *Config struct. Returns non-nil error if any.
 func New(path string) (*Config, error) {
-	f, err := os.OpenFile(path, os.O_RDONLY, 0600)
+	f, err := os.OpenFile(path, os.O_RDONLY, 0o600)
 	if err != nil {
 		return nil, errors.Wrap(err, "OpenFile failed")
 	}
 
@@ -60,7 +60,7 @@ func TestNew(t *testing.T) {
 				}
 				defer f.Close()
 
-				err = f.Chmod(0000)
+				err = f.Chmod(0o000)
 				if err != nil {
 					return err
 				}
 
@@ -0,0 +1,166 @@
+# Athenz provider sidecar with gRPC support
+
+## How do we implement this feature?
+
+Since provider sidecar is implemented in go, we decided to find a library that supports like reverse proxy feature in gRPC interface, and we found [this library](https://github.com/mwitkow/grpc-proxy).
+
+## Making code changes
+
+We implemented the feature with the below attention:
+
+1. Match the current code structure
+2. No breakable changes from the user side
+
+For 2, it is mainly focusing on the provider sidecar configuration.
+
+When the user uses the legacy provider sidecar configuration file with the new version, it will still work without any update on the configuration file.
+
+### Implementation
+
+File changes:
+
+https://github.com/yahoojapan/authorization-proxy/pull/83/files
+
+We have updated/changed the implementation in the following layers:
+
+- usecase
+- service
+- handler
+
+#### Usecase layer
+
+In this layer, we create gRPC handler and pass it to service layer.
+
+[Reference](https://github.com/yahoojapan/authorization-proxy/blob/1e14186eb1dd959e246a18be98c92d40a677a56e/usecase/authz_proxyd.go#L71-L84)
+
+#### Service layer
+
+In service layer, we implemented server startup logic. When the handler created from usecase layer is nil, the HTTP mode will be started like before.
+
+#### Handler layer
+
+In this layer, we implemented gRPC reverse proxy handler.
+
+When the value of the configuration `proxy.scheme` is set to `grpc`, the gRPC handler will be created, and the server will start with gRPC mode.
+
+[Reference](https://github.com/yahoojapan/authorization-proxy/blob/1e14186eb1dd959e246a18be98c92d40a677a56e/config/config.go#L133)
+
+If it is not `grpc`, nil will be returned, and the service layer will start with HTTP mode.
+
+[Reference](https://github.com/yahoojapan/authorization-proxy/blob/1e14186eb1dd959e246a18be98c92d40a677a56e/handler/grpc.go)
+
+It retrieves the role token from the gRPC metadata, and authorize it using the athenz-authorizer.
+
+If authorization succeeded, the gRPC request will proxy to the backend.
+
+## Configuration
+
+In handler layer, the gRPC call will be authenticated and authorized by athenz policy.
+
+Setting the athenz policy is almost the same as before, other than the resource set on the resource.
+
+The resource name is defined in the proto files [here](https://github.com/vdaas/vald/tree/master/apis/proto/v1/vald), following by the following scheme.
+
+`/<package name>.<service name>/<rpc name>`
+
+For example, Vald provides an interface for users to insert vector. Here is the proto file:
+
+https://github.com/vdaas/vald/blob/master/apis/proto/v1/vald/insert.proto
+
+```proto
+syntax = "proto3";
+
+package vald.v1;
+
+import "apis/proto/v1/payload/payload.proto";
+import "github.com/googleapis/googleapis/google/api/annotations.proto";
+
+option go_package = "github.com/vdaas/vald/apis/grpc/v1/vald";
+option java_multiple_files = true;
+option java_package = "org.vdaas.vald.api.v1.vald";
+option java_outer_classname = "ValdInsert";
+
+service Insert {
+
+  rpc Insert(payload.v1.Insert.Request) returns (payload.v1.Object.Location) {
+    option (google.api.http) = {
+      post : "/insert"
+      body : "*"
+    };
+  }
+
+  rpc StreamInsert(stream payload.v1.Insert.Request)
+      returns (stream payload.v1.Object.StreamLocation) {}
+
+  rpc MultiInsert(payload.v1.Insert.MultiRequest)
+      returns (payload.v1.Object.Locations) {
+    option (google.api.http) = {
+      post : "/insert/multiple"
+      body : "*"
+    };
+  }
+}
+```
+
+Following the syntax, to configure the resource in policy should be `/vald.v1.insert/insert`.
+
+For another gRPC interfaces, it should be the same.
+
+The policy action is `grpc`, which is hardcoded in the source code.
+
+## Design
+
+### Athenz Provider Sidecar
+
+Athenz provider sidecar can start with either gRPC mode and HTTP mode at the same time. The reasons are:
+
+- We wanted to make minimal changes to it
+- Supporting both gRPC and HTTP mode at the same time causes big changes on configuration file, and it may lead to breaking changes
+- Also there are no such requirement from users
+
+### Athenz Policy
+
+To design Athenz policy configuration, there are 2 fields we need to think about:
+
+- Action
+- Resources
+
+#### Policy Action
+
+In the world of HTTP, different HTTP methods are supported, like `GET` and `POST`, and these value is used in action field.
+
+But in gRPC, there are no such concept.
+For each RPC endpoint, only 1 resource is supported.
+
+But [gRPC supports 4 different types](https://grpc.io/docs/what-is-grpc/core-concepts/#rpc-life-cycle):
+
+- Unary RPC
+- Server streaming RPC
+- Client streaming RPC
+- Bidirectional streaming RPC
+
+Due to the limitation of gRPC, each RPC endpoint support only 1 resource, a separate endpoint is required for each RPC type.
+
+For the reasons above, currently Vald team decided to hardcode `grpc` in the action field and use the when performing authentication and authorization check.
+
+[Reference](https://github.com/yahoojapan/authorization-proxy/blob/1e14186eb1dd959e246a18be98c92d40a677a56e/handler/grpc.go#L67)
+
+#### Policy Resources
+
+For HTTP mode of the provider sidecar, the HTTP url is set as the policy resources.
+
+In gRPC, each RPC is differentiate with the gRPC method.
+
+Like explained above, the gRPC method name is named by the following rule.
+
+`/<package name>.<service name>/<rpc name>`
+
+In Vald, each functionality is divided into different service. For example insert service, update service, delete service and etc.
+
+For each services, each types (4 types explained above, e.g. unary, server streaming, etc.) are configured into different RPC.
+
+We can easily control the authorization rule for each functionality by using wildcard resource in Vald.
+
+For example we can easily enable or disable all insert resources for the user by configuring the Athenz policy like:
+
+`ALLOW	grpc	<athenz.domain>:<role.name>	<athenz.domain>:/vald.v1.insert/*`
@@ -4,9 +4,12 @@ go 1.18
 
 require (
 	github.com/kpango/glg v1.6.12
+	github.com/mwitkow/grpc-proxy v0.0.0-20220126150247-db34e7bfee32
 	github.com/pkg/errors v0.9.1
 	github.com/yahoojapan/athenz-authorizer/v5 v5.3.2
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/sync v0.0.0-20220513210516-0976fa681c29
+	google.golang.org/grpc v1.46.2
+	google.golang.org/protobuf v1.28.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
@@ -16,6 +19,7 @@ require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d // indirect
 	github.com/goccy/go-json v0.9.10 // indirect
 	github.com/golang-jwt/jwt/v4 v4.3.0 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
 	github.com/kpango/fastime v1.1.4 // indirect
 	github.com/kpango/gache v1.2.7 // indirect
@@ -27,8 +31,10 @@ require (
 	github.com/lestrrat-go/option v1.0.0 // indirect
 	github.com/zeebo/xxh3 v1.0.1 // indirect
 	golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
+	golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d // indirect
+	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1 // indirect
 )
 
-replace golang.org/x/text v0.3.0 => golang.org/x/text v0.3.3
-
-replace golang.org/x/text v0.3.2 => golang.org/x/text v0.3.3
+replace golang.org/x/text => golang.org/x/text v0.3.7
@@ -90,6 +90,7 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
+github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -145,6 +146,7 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -160,6 +162,7 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -240,6 +243,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/mwitkow/grpc-proxy v0.0.0-20220126150247-db34e7bfee32 h1:CC9KzU7WPrK6DTppkUGiwmttoHCNwOLT7Z+stp1eIpU=
+github.com/mwitkow/grpc-proxy v0.0.0-20220126150247-db34e7bfee32/go.mod h1:MvMXoufZAtqExNexqi4cjrNYE9MefKddKylxjS+//n0=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
@@ -378,10 +383,12 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
+golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs=
 golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -405,8 +412,9 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220513210516-0976fa681c29 h1:w8s32wxx3sY+OjLlv9qltkLU5yvJzxjjgiHWLjdIcw4=
+golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -450,19 +458,16 @@ golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -592,6 +597,8 @@ google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210401141331-865547bb08e2/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1 h1:E7wSQBXkH3T3diucK+9Z1kjn4+/9tNG7lZLr75oOhh8=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -613,6 +620,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.46.2 h1:u+MLGgVf7vRdjEYZ8wDFhAVNmhkbJ5hmrA1LMWK1CAQ=
+google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -626,6 +635,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -656,6 +667,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
 inet.af/peercred v0.0.0-20210906144145-0893ea02156a/go.mod h1:FjawnflS/udxX+SvpsMgZfdqx2aykOlkISeAsADi5IU=
 k8s.io/api v0.23.3/go.mod h1:w258XdGyvCmnBj/vGzQMj6kzdufJZVUwEM1U2fRJwSQ=
 k8s.io/apimachinery v0.23.3/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
 
@@ -42,4 +42,10 @@ const (
 
 	// ErrMsgUnverified "unauthenticated/unauthorized"
 	ErrMsgUnverified = "unauthenticated/unauthorized"
+
+	// ErrGRPCMetadataNotFound "grpc metadata not found"
+	ErrGRPCMetadataNotFound = "grpc metadata not found"
+
+	// ErrRoleTokenNotFound "role token not found"
+	ErrRoleTokenNotFound = "role token not found"
 )
Original file line number	Diff line number	Diff line change
`@@ -290,7 +290,7 @@ type Transport struct {`
`290`	`290`
`291`	`291`	`// New returns the decoded configuration YAML file as *Config struct. Returns non-nil error if any.`
`292`	`292`	`func New(path string) (*Config, error) {`
`293`		`- f, err := os.OpenFile(path, os.O_RDONLY, 0600)`
	`293`	`+ f, err := os.OpenFile(path, os.O_RDONLY, 0o600)`
`294`	`294`	`if err != nil {`
`295`	`295`	`return nil, errors.Wrap(err, "OpenFile failed")`
`296`	`296`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ func TestNew(t *testing.T) {`
`60`	`60`	`}`
`61`	`61`	`defer f.Close()`
`62`	`62`
`63`		`- err = f.Chmod(0000)`
	`63`	`+ err = f.Chmod(0o000)`
`64`	`64`	`if err != nil {`
`65`	`65`	`return err`
`66`	`66`	`}`