Documentation ¶
Index ¶
- Constants
- Variables
- func FlagSet(name string) *flag.FlagSet
- func IsURLEmpty(url *url.URL) bool
- func StringToTemplateHookFunc() mapstructure.DecodeHookFuncType
- func StringToURLHookFunc() mapstructure.DecodeHookFuncType
- func Validate(mode int, conf Config) error
- type Config
- type Debug
- type HTTP
- type HTTPCheck
- type Log
- type OAuth2
- type OAuth2AuthStyle
- type OAuth2Client
- type OAuth2Endpoints
- type OAuth2Refresh
- type OAuth2Validate
- type OpenVPNCommonName
- type OpenVPNCommonNameMode
- type OpenVPNPassthrough
- type OpenVpn
- type OpenVpnBypass
- type Secret
- type StringSlice
Constants ¶
const ( Plugin = iota ManagementClient )
Variables ¶
var Defaults = Config{ Debug: Debug{ Listen: ":9001", }, Log: Log{ Format: "console", Level: slog.LevelInfo, VPNClientIP: true, }, HTTP: HTTP{ BaseURL: &url.URL{ Scheme: "http", Host: "localhost:9000", }, Listen: ":9000", TLS: false, Check: HTTPCheck{ IPAddr: false, }, CallbackTemplate: template.Must(template.New("index.gohtml").ParseFS(ui.Template, "index.gohtml")), }, OpenVpn: OpenVpn{ Addr: &url.URL{ Scheme: "unix", Path: "/run/openvpn/server.sock", OmitHost: true, }, AuthTokenUser: true, AuthPendingTimeout: 3 * time.Minute, CommonName: OpenVPNCommonName{ EnvironmentVariableName: "common_name", Mode: CommonNameModePlain, }, Bypass: OpenVpnBypass{ CommonNames: make([]string, 0), }, Passthrough: OpenVPNPassthrough{ Enabled: false, Address: &url.URL{ Scheme: "unix", Path: "/run/openvpn-auth-oauth2/server.sock", OmitHost: true, }, SocketMode: 660, SocketGroup: "", }, }, OAuth2: OAuth2{ AuthStyle: OAuth2AuthStyle(oauth2.AuthStyleInParams), Client: OAuth2Client{}, Endpoints: OAuth2Endpoints{ Auth: &url.URL{Scheme: "", Host: ""}, Discovery: &url.URL{Scheme: "", Host: ""}, Token: &url.URL{Scheme: "", Host: ""}, }, Issuer: &url.URL{Scheme: "", Host: ""}, Nonce: true, PKCE: true, Provider: "generic", Refresh: OAuth2Refresh{ Expires: time.Hour * 8, ValidateUser: true, }, Scopes: []string{}, Validate: OAuth2Validate{ Groups: make([]string, 0), IPAddr: false, Issuer: true, Roles: make([]string, 0), }, }, }
var ErrRequired = errors.New("required")
Functions ¶
func IsURLEmpty ¶
func StringToTemplateHookFunc ¶
func StringToTemplateHookFunc() mapstructure.DecodeHookFuncType
StringToTemplateHookFunc parse a string to template.Template.
func StringToURLHookFunc ¶
func StringToURLHookFunc() mapstructure.DecodeHookFuncType
StringToURLHookFunc parse a string to url.URL.
Types ¶
type Config ¶
type HTTP ¶
type HTTP struct { Listen string `koanf:"listen"` CertFile string `koanf:"cert"` KeyFile string `koanf:"key"` TLS bool `koanf:"tls"` Ciphers string `koanf:"ciphers"` BaseURL *url.URL `koanf:"baseurl"` Secret Secret `koanf:"secret"` CallbackTemplate *template.Template `koanf:"template"` Check HTTPCheck `koanf:"check"` EnableProxyHeaders bool `koanf:"enable-proxy-headers"` AssetPath string `koanf:"assets-path"` }
type OAuth2 ¶
type OAuth2 struct { AuthStyle OAuth2AuthStyle `koanf:"auth-style"` AuthorizeParams string `koanf:"authorize-params"` Client OAuth2Client `koanf:"client"` Endpoints OAuth2Endpoints `koanf:"endpoint"` Issuer *url.URL `koanf:"issuer"` Nonce bool `koanf:"nonce"` PKCE bool `koanf:"pkce"` Provider string `koanf:"provider"` Refresh OAuth2Refresh `koanf:"refresh"` Scopes StringSlice `koanf:"scopes"` Validate OAuth2Validate `koanf:"validate"` }
type OAuth2AuthStyle ¶
func (OAuth2AuthStyle) AuthStyle ¶
func (s OAuth2AuthStyle) AuthStyle() oauth2.AuthStyle
func (OAuth2AuthStyle) MarshalText ¶
func (s OAuth2AuthStyle) MarshalText() ([]byte, error)
func (OAuth2AuthStyle) String ¶
func (s OAuth2AuthStyle) String() string
func (*OAuth2AuthStyle) UnmarshalText ¶
func (s *OAuth2AuthStyle) UnmarshalText(text []byte) error
type OAuth2Client ¶
type OAuth2Endpoints ¶
type OAuth2Refresh ¶
type OAuth2Validate ¶
type OAuth2Validate struct { Acr StringSlice `koanf:"acr"` Groups StringSlice `koanf:"groups"` Roles StringSlice `koanf:"roles"` IPAddr bool `koanf:"ipaddr"` Issuer bool `koanf:"issuer"` CommonName string `koanf:"common-name"` CommonNameCaseSensitive bool `koanf:"common-name-case-sensitive"` }
type OpenVPNCommonName ¶
type OpenVPNCommonName struct { EnvironmentVariableName string `koanf:"environment-variable-name"` Mode OpenVPNCommonNameMode `koanf:"mode"` }
type OpenVPNCommonNameMode ¶
type OpenVPNCommonNameMode int
const ( CommonNameModePlain OpenVPNCommonNameMode = iota CommonNameModeOmit CommonNameModeOmitValue = "-" )
func (OpenVPNCommonNameMode) MarshalText ¶
func (s OpenVPNCommonNameMode) MarshalText() ([]byte, error)
func (OpenVPNCommonNameMode) String ¶
func (s OpenVPNCommonNameMode) String() string
func (*OpenVPNCommonNameMode) UnmarshalText ¶
func (s *OpenVPNCommonNameMode) UnmarshalText(text []byte) error
type OpenVPNPassthrough ¶
type OpenVpn ¶
type OpenVpn struct { Addr *url.URL `koanf:"addr"` Password Secret `koanf:"password"` Bypass OpenVpnBypass `koanf:"bypass"` AuthTokenUser bool `koanf:"auth-token-user"` AuthPendingTimeout time.Duration `koanf:"auth-pending-timeout"` CommonName OpenVPNCommonName `koanf:"common-name"` Passthrough OpenVPNPassthrough `koanf:"pass-through"` }
type OpenVpnBypass ¶
type OpenVpnBypass struct {
CommonNames StringSlice `koanf:"common-names"`
}
type Secret ¶
type Secret string
Secret represents a secret value that can be a plain string or a file path. If the value starts with "file://", it is treated as a file path, and the secret value is read from the file. The "file://" syntax supports environment variables. For example, "file://$HOME/my_secret.txt" would read the secret from the "my_secret.txt" file in the user's home directory.
func (Secret) MarshalText ¶
MarshalText implements encoding.TextMarshaler interface for Secret
func (*Secret) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface for Secret
type StringSlice ¶
type StringSlice []string
func (StringSlice) MarshalText ¶
func (stringSlice StringSlice) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler interface for StringSlice
func (*StringSlice) UnmarshalText ¶
func (stringSlice *StringSlice) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface for StringSlice