config

package
v0.2.15 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2022 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RefreshRDSTargets 

func RefreshRDSTargets(ctx context.Context, cfg *ConfigFile, rdsClient aws.RDSClient) (err error)

RefreshRDSTargets searches AWS for allowed dbs updates the target list

func RefreshRedshiftTargets 

func RefreshRedshiftTargets(ctx context.Context, cfg *ConfigFile, redshiftClient aws.RedshiftClient) (err error)

RefreshRedshiftTargets searches AWS for allowed dbs updates the target list

func RefreshTargets 

func RefreshTargets(ctx context.Context, cfg *ConfigFile, rdsClient aws.RDSClient, redshiftClient aws.RedshiftClient, period time.Duration)

RefreshTargets refreshes the proxy target list on an interval

Types

type ACL 

type ACL struct {
	AllowedRDSTags TagList `mapstructure:"allowed_rds_tags"`
	BlockedRDSTags TagList `mapstructure:"blocked_rds_tags"`
}

ACL represents rds instance tags allowed, or blocked by the proxy

func (*ACL) Init 

func (a *ACL) Init()

Init finishes initializing the ACL struct

func (*ACL) IsAllowed 

func (a *ACL) IsAllowed(tagList []types.Tag) error

IsAllowed returns an error if the instance tags are either not allowed, or explicitly blocked.

type ConfigFile 

type ConfigFile struct {
	Proxy           Proxy                   `mapstructure:"proxy"`
	Targets         map[string]*Target      `mapstructure:"targets"`
	ProxyTargets    map[string]*ProxyTarget `mapstructure:"upstream_proxies"`
	RDSTargets      map[string]*Target
	RedshiftTargets map[string]*Target
	HostMap         map[string]*Target
}

func LoadConfig 

func LoadConfig(ctx context.Context, rdsClient aws.RDSClient, redshiftClient aws.RedshiftClient, filepath string) (ConfigFile, error)

func (*ConfigFile) Init 

func (c *ConfigFile) Init()

Init sets up defaults for the config file

func (*ConfigFile) RefreshHostMap 

func (c *ConfigFile) RefreshHostMap()

RefreshHostMap updates the list of hosts the proxy knows about

type PortForward 

type PortForward struct {
	Namespace      string `mapstructure:"namespace"`
	DeploymentName string `mapstructure:"deployment"`
	RemotePort     string `mapstructure:"remote_port"`
	// Optional, if not set "0" is used
	LocalPort          *string `mapstructure:"local_port"`
	Context            string  `mapstructure:"context"`
	KubeConfigFilePath string  `mapstructure:"kube_config"`
}

PortForward represents kubernetes port-forward config for tunneling a connection to the server-side proxy

func (*PortForward) GetLocalPort 

func (p *PortForward) GetLocalPort() string

GetLocalPort returns the local port to be used for the port-forward

type Proxy 

type Proxy struct {
	ListenAddr string    `mapstructure:"listen_addr"`
	SSL        ServerSSL `mapstructure:"ssl"`
	ACL        ACL       `mapstructure:"target_acl"`
}

type ProxyTarget 

type ProxyTarget struct {
	Name string
	Host string `mapstructure:"host"`
	SSL  SSL    `mapstructure:"ssl"`
	// For tunneling the connection through a kubernetes port-forward, only useful
	// for client-side proxy targets
	PortForward *PortForward `mapstructure:"port_forward,omitempty"`
	AwsAuthOnly bool         `mapstructure:"aws_auth_only", default:false`
}

ProxyTarget is a config block specifying an upstream proxy

func (*ProxyTarget) GetHost 

func (p *ProxyTarget) GetHost() string

GetHost returns the correct host + port combo for the proxy target if the target is port-forwarded, this is a localhost address otherwise, it's exposed over a VPN or by some other means.

func (*ProxyTarget) IsPortForward 

func (p *ProxyTarget) IsPortForward() bool

IsPortForward returns true if this proxy target requires a port-forward connection

type SSL 

type SSL struct {
	// Optional client certificate to use
	ClientCertificatePath *string `mapstructure:"client_certificate,omitempty"`
	// Optional client private key to use
	ClientPrivateKeyPath *string `mapstructure:"client_private_key,omitempty"`
	// SSL mode to verify upstream connection, defaults to "verify-full"
	Mode pg.SSLMode `mapstructure:"mode,omitempty"`
	// Path to a root certificate if the certificate is
	// not already in the system roots
	RootCertificatePath *string `mapstructure:"root_certificate"`
}

SSL represents settings for upstream (RDS instances, pg instances)

type ServerSSL 

type ServerSSL struct {
	Enabled               bool    `mapstructure:"enabled"`
	CertificatePath       *string `mapstructure:"certificate,omitempty"`
	PrivateKeyPath        *string `mapstructure:"private_key,omitempty"`
	ClientCertificatePath *string `mapstructure:"client_certificate,omitempty"`
	ClientPrivateKeyPath  *string `mapstructure:"client_private_key,omitempty"`
}

ServerSSL is SSL settings for the proxy server

type Tag 

type Tag struct {
	Name  string `mapstructure:"name"`
	Value string `mapstructure:"value"`
}

Tag is an RDS tag

type TagList 

type TagList []*Tag

TagList is a list of tags

func (TagList) Find 

func (t TagList) Find(key string) *Tag

Find returns a tag by name

type Target 

type Target struct {
	Host string `mapstructure:"host"`
	SSL  SSL    `mapstructure:"ssl"`
	// Hint for showing the default database in the connection string
	DefaultDatabase *string `mapstructure:"database,omitempty"`
	// LocalPort to use instead of the proxy's default ListenAddr port
	LocalPort *string `mapstructure:"local_port,omitempty"`
	// Name in target list, or RDS db instance identifier
	Name string
	// Only set for RDS instances
	Region string
}

Target is the ultimate DB instance we're connecting to

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.