Documentation
¶
Index ¶
- Constants
- type AwsEc2ICSshServiceConfiguration
- type AwsEksKubectlExecTargetConfiguration
- type AwsRdsDatabaseServiceConfiguration
- type AwsRdsIamAuthConfiguration
- type AwsRdsUsernameAndPasswordAuthConfiguration
- type AwsSsmEc2TargetConfiguration
- type AwsSsmEcsTargetConfiguration
- type AwsSsmSshServiceConfiguration
- type BaseKubectlExecTargetConfiguration
- type Border0CertificateAuthConfiguration
- type BuiltInSshServiceConfiguration
- type Configuration
- type ConnectorServiceConfiguration
- type DatabaseServiceConfiguration
- type DatabaseTlsAuthConfiguration
- type DatabaseUsernameAndPasswordAuthConfiguration
- type FileServerHttpServiceConfiguration
- type GcpCloudSqlConnectorConfiguration
- type GcpCloudSqlDatabaseServiceConfiguration
- type GcpCloudSqlIamAuthConfiguration
- type GcpCloudSqlStandardConfiguration
- type GcpCloudSqlUsernameAndPasswordAuthConfiguration
- type HostnameAndPort
- type HttpProxyTlsServiceConfiguration
- type HttpServiceConfiguration
- type KubectlExecSshServiceConfiguration
- type PrivateKeyAuthConfiguration
- type SshServiceConfiguration
- type StandardDatabaseServiceConfiguration
- type StandardHttpServiceConfiguration
- type StandardKubectlExecTargetConfiguration
- type StandardSshServiceConfiguration
- type StandardTlsServiceConfiguration
- type TlsConfig
- type TlsServiceConfiguration
- type UsernameAndPassword
- type UsernameAndPasswordAuthConfiguration
- type VpnTlsServiceConfiguration
Constants ¶
const ( // ServiceTypeDatabase is the service type for database services (fka sockets). ServiceTypeDatabase = "database" // ServiceTypeHttp is the service type for http services (fka sockets). ServiceTypeHttp = "http" // ServiceTypeSsh is the service type for ssh services (fka sockets). ServiceTypeSsh = "ssh" // ServiceTypeTls is the service type for tls services (fka sockets). ServiceTypeTls = "tls" )
const ( DatabaseServiceTypeStandard = "standard" // standard MySQL or PostgreSQL, supports TLS and password auth DatabaseServiceTypeAwsRds = "aws_rds" // AWS RDS database, supports IAM and password auth DatabaseServiceTypeGcpCloudSql = "gcp_cloudsql" // Google Cloud SQL database, supports IAM, TLS and password auth )
Database service types supported by Border0. Choose `standard` for self-managed databases. Use `aws_rds` for AWS RDS databases, and select `gcp_cloudsql` for Google Cloud SQL databases.
const ( // DatabaseProtocolTypeMySql is the database service protocol for mysql databases. DatabaseProtocolMySql = "mysql" // DatabaseServiceTypePostgres is the database service protocol for postgresql databases. DatabaseProtocolPostgres = "postgres" )
const ( // DatabaseAuthenticationTypeIam is the authentication type for databases // that use IAM credentials for authentication. DatabaseAuthenticationTypeIam = "iam" // DatabaseAuthenticationTypeTls is the authentication type for databases // that use TLS certificates for authentication. When using this type of // authentication, the client must provide a TLS certificate and a TLS key. DatabaseAuthenticationTypeTls = "tls" // DatabaseAuthenticationTypeUsernameAndPassword is the authentication type // for databases that use username and password for authentication. DatabaseAuthenticationTypeUsernameAndPassword = "username_and_password" )
const ( // HttpServiceTypeStandard is the http // service type for standard http services. HttpServiceTypeStandard = "standard" // HttpServiceTypeConnectorFileServer is the http service // type for the connector's built-in file webserver. HttpServiceTypeConnectorFileServer = "connector_file_server" )
const ( // SshServiceTypeStandard is the ssh // service type for standard ssh services. SshServiceTypeStandard = "standard" // SshServiceTypeAwsSsm is the ssh service // type for aws session manager ssh services. SshServiceTypeAwsSsm = "aws_ssm" // SshServiceTypeAwsEc2InstanceConnect is the ssh service // type for aws ec2 instance connect ssh services. SshServiceTypeAwsEc2InstanceConnect = "aws_ec2_instance_connect" // SshServiceTypeKubectlExec is the ssh service // type for kubectl exec ssh services. SshServiceTypeKubectlExec = "kubectl_exec" // SshServiceTypeConnectorBuiltIn is the ssh service // type for the connector's built-in ssh service. SshServiceTypeConnectorBuiltIn = "connector_built_in_ssh_service" )
const ( // SsmTargetTypeEc2 is the ssm target type for ec2 targets. SsmTargetTypeEc2 = "ec2" // SsmTargetTypeEcs is the ssm target type for ecs targets. SsmTargetTypeEcs = "ecs" )
const ( // KubectlExecTargetTypeStandard is the kubectl // exec target type for standard k8s clusters. KubectlExecTargetTypeStandard = "standard" // KubectlExecTargetTypeAwsEks is the kubectl // exec target type for aws eks k8s clusters. KubectlExecTargetTypeAwsEks = "aws_eks" )
const ( // StandardSshServiceAuthenticationTypeUsernameAndPassword is the standard ssh // service authentication type for authenticating with a username and password. StandardSshServiceAuthenticationTypeUsernameAndPassword = "username_and_password" // StandardSshServiceAuthenticationTypePrivateKey is the standard ssh // service authentication type for authenticating with a private key. StandardSshServiceAuthenticationTypePrivateKey = "private_key" // StandardSshServiceAuthenticationTypeBorder0Certificate is the standard ssh // service authentication type for authenticating with a border0-signed certificate. StandardSshServiceAuthenticationTypeBorder0Certificate = "border0_certificate" )
const ( // UsernameProviderDefined is the username provider // option for using an admin-defined (static) username. UsernameProviderDefined = "defined" // UsernameProviderPromptClient is username provider option // for prompting connecting clients for the username. UsernameProviderPromptClient = "prompt_client" // UsernameProviderUseConnectorUser is username provider // option for using the connector's OS username. // // NOTE: This option can only be used as the username // provider for connector built-in ssh services. UsernameProviderUseConnectorUser = "use_connector_user" )
const ( // TlsServiceTypeStandard is the tls // service type for standard tls services. TlsServiceTypeStandard = "standard" // TlsServiceTypeVpn is the tls service // type for the connector's built-in vpn. TlsServiceTypeVpn = "vpn" // TlsServiceTypeHttpProxy is the tls service type // for the connector's built-in http (forward) proxy. TlsServiceTypeHttpProxy = "http_proxy" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsEc2ICSshServiceConfiguration ¶
type AwsEc2ICSshServiceConfiguration struct {
HostnameAndPort
UsernameProvider string `json:"username_provider,omitempty"`
Username string `json:"username,omitempty"`
Ec2InstanceId string `json:"ec2_instance_id"`
Ec2InstanceRegion string `json:"ec2_instance_region"`
AwsCredentials *common.AwsCredentials `json:"aws_credentials,omitempty"`
}
AwsEc2ICSshServiceConfiguration represents service configuration for aws ec2 instance connect ssh services (fka sockets).
func (*AwsEc2ICSshServiceConfiguration) Validate ¶ added in v1.3.3
func (c *AwsEc2ICSshServiceConfiguration) Validate() error
Validate validates the AwsEc2ICSshServiceConfiguration.
type AwsEksKubectlExecTargetConfiguration ¶ added in v1.4.0
type AwsEksKubectlExecTargetConfiguration struct {
EksClusterName string `json:"eks_cluster_name"`
EksClusterRegion string `json:"eks_cluster_region"`
AwsCredentials *common.AwsCredentials `json:"aws_credentials,omitempty"`
}
AwsEksKubectlExecTargetConfiguration represents service configuration for aws eks kubectl exec ssh services (fka sockets).
func (*AwsEksKubectlExecTargetConfiguration) Validate ¶ added in v1.4.0
func (c *AwsEksKubectlExecTargetConfiguration) Validate() error
Validate validates a AwsEksKubectlExecTargetConfiguration.
type AwsRdsDatabaseServiceConfiguration ¶
type AwsRdsDatabaseServiceConfiguration struct {
HostnameAndPort
DatabaseProtocol string `json:"protocol"`
AuthenticationType string `json:"authentication_type"`
UsernameAndPasswordAuth *AwsRdsUsernameAndPasswordAuthConfiguration `json:"username_and_password_auth_configuration,omitempty"`
IamAuth *AwsRdsIamAuthConfiguration `json:"iam_auth_configuration,omitempty"`
}
AwsRdsDatabaseServiceConfiguration represents service configuration for AWS RDS databases. AWS RDS databases are cloud managed MySQL or PostgreSQL databases.
Supported database protocols are: `mysql` and `postgres`. For upstream authentication, supported auth types are: `username_password` and `iam`. When using IAM authentication, the client must provide AWS credentials, AWS region and a username. You can provide an optional CA certificate to verify the RDS database server's certificate.
func (AwsRdsDatabaseServiceConfiguration) Validate ¶ added in v1.3.9
func (config AwsRdsDatabaseServiceConfiguration) Validate() error
Validate ensures that the `AwsRdsDatabaseServiceConfiguration` is valid.
type AwsRdsIamAuthConfiguration ¶
type AwsRdsIamAuthConfiguration struct {
AwsCredentials *common.AwsCredentials `json:"aws_credentials,omitempty"`
RdsInstanceRegion string `json:"rds_instance_region"`
Username string `json:"username"`
CaCertificate string `json:"ca_certificate,omitempty"`
}
AwsRdsIamAuthConfiguration represents auth configuration for AWS RDS databases that use IAM authentication. You must provide AWS credentials and a username. Optionally AWS CA bundle can be supplied to verify the server's certificate.
func (AwsRdsIamAuthConfiguration) Validate ¶ added in v1.3.9
func (config AwsRdsIamAuthConfiguration) Validate() error
Validate ensures that the `AwsRdsIamAuthConfiguration` has the required field and that the AWS credentials are valid.
type AwsRdsUsernameAndPasswordAuthConfiguration ¶
type AwsRdsUsernameAndPasswordAuthConfiguration struct {
UsernameAndPassword
CaCertificate string `json:"ca_certificate,omitempty"`
}
AwsRdsUsernameAndPasswordAuthConfiguration represents auth configuration for AWS RDS databases that use username and password. Optionally you can provide AWS CA bundle to verify the server's certificate.
func (AwsRdsUsernameAndPasswordAuthConfiguration) Validate ¶ added in v1.3.9
func (config AwsRdsUsernameAndPasswordAuthConfiguration) Validate() error
Validate ensures that the `AwsRdsUsernameAndPasswordAuthConfiguration` has all the required fields.
type AwsSsmEc2TargetConfiguration ¶
type AwsSsmEc2TargetConfiguration struct {
Ec2InstanceId string `json:"ec2_instance_id"`
Ec2InstanceRegion string `json:"ec2_instance_region"`
AwsCredentials *common.AwsCredentials `json:"aws_credentials,omitempty"`
}
AwsSsmEc2TargetConfiguration represents service configuration for aws ssm ssh services (fka sockets) that have EC2 instances as their ssm target.
func (*AwsSsmEc2TargetConfiguration) Validate ¶ added in v1.3.3
func (c *AwsSsmEc2TargetConfiguration) Validate() error
Validate validates the AwsSsmEc2TargetConfiguration.
type AwsSsmEcsTargetConfiguration ¶
type AwsSsmEcsTargetConfiguration struct {
EcsClusterRegion string `json:"ecs_cluster_region"`
EcsClusterName string `json:"ecs_cluster_name"`
EcsServiceName string `json:"ecs_service_name"`
AwsCredentials *common.AwsCredentials `json:"aws_credentials,omitempty"`
}
AwsSsmEcsTargetConfiguration represents service configuration for aws ssm ssh services (fka sockets) that have ECS services as their ssm target.
func (*AwsSsmEcsTargetConfiguration) Validate ¶ added in v1.3.3
func (c *AwsSsmEcsTargetConfiguration) Validate() error
Validate validates the AwsSsmEcsTargetConfiguration.
type AwsSsmSshServiceConfiguration ¶
type AwsSsmSshServiceConfiguration struct {
SsmTargetType string `json:"ssm_target_type"`
// mutually exclusive fields below
AwsSsmEc2TargetConfiguration *AwsSsmEc2TargetConfiguration `json:"aws_ssm_ec2_target_configuration,omitempty"`
AwsSsmEcsTargetConfiguration *AwsSsmEcsTargetConfiguration `json:"aws_ssm_ecs_target_configuration,omitempty"`
}
AwsSsmSshServiceConfiguration represents service configuration for aws ssm ssh services (fka sockets).
func (*AwsSsmSshServiceConfiguration) Validate ¶ added in v1.3.3
func (c *AwsSsmSshServiceConfiguration) Validate() error
Validate validates the AwsSsmSshServiceConfiguration.
type BaseKubectlExecTargetConfiguration ¶ added in v1.4.0
type BaseKubectlExecTargetConfiguration struct {
// slice of allowed namespaces.
NamespaceAllowlist []string `json:"namespace_allowlist,omitempty"`
// map of namespace to selectors in that namespace.
NamespaceSelectorsAllowlist map[string]map[string][]string `json:"namespace_selectors_allowlist,omitempty"`
}
BaseKubectlExecTargetConfiguration represents base configuration for kubectl exec services (fka sockets), i.e. this configuration is common regardless of how the k8s cluster is hosted (aws, on prem, kind, etc...).
type Border0CertificateAuthConfiguration ¶
type Border0CertificateAuthConfiguration struct {
UsernameProvider string `json:"username_provider,omitempty"`
Username string `json:"username,omitempty"`
}
UsernameAndPasswordAuthConfiguration represents authentication configuration for standard ssh services that require a border0-signed certificate for authentication.
func (*Border0CertificateAuthConfiguration) Validate ¶ added in v1.3.3
func (c *Border0CertificateAuthConfiguration) Validate() error
Validate validates the Border0CertificateAuthConfiguration.
type BuiltInSshServiceConfiguration ¶
type BuiltInSshServiceConfiguration struct {
UsernameProvider string `json:"username_provider,omitempty"`
Username string `json:"username,omitempty"`
}
BuiltInSshServiceConfiguration represents the service configuration for the connector built-in ssh services (fka sockets).
func (*BuiltInSshServiceConfiguration) Validate ¶ added in v1.3.3
func (c *BuiltInSshServiceConfiguration) Validate() error
Validate validates the BuiltInSshServiceConfiguration.
type Configuration ¶
type Configuration struct {
ServiceType string `json:"service_type"`
DatabaseServiceConfiguration *DatabaseServiceConfiguration `json:"database_service_configuration,omitempty"`
HttpServiceConfiguration *HttpServiceConfiguration `json:"http_service_configuration,omitempty"`
SshServiceConfiguration *SshServiceConfiguration `json:"ssh_service_configuration,omitempty"`
TlsServiceConfiguration *TlsServiceConfiguration `json:"tls_service_configuration,omitempty"`
}
Configuration represents upstream service configuration.
func (*Configuration) Validate ¶ added in v1.3.3
func (c *Configuration) Validate(allowExperimentalFeatures bool) error
Validate validates the Configuration.
type ConnectorServiceConfiguration ¶ added in v1.3.10
type ConnectorServiceConfiguration struct {
ConnectorAuthenticationEnabled bool `json:"connector_authentication_enabled"`
EndToEndEncryptionEnabled bool `json:"end_to_end_encryption_enabled"`
RecordingEnabled bool `json:"recording_enabled"`
Upstream Configuration `json:"upstream_configuration"`
}
ConnectorServiceConfiguration includes both the connector socket and upstream service configuration
func (*ConnectorServiceConfiguration) Validate ¶ added in v1.3.10
func (c *ConnectorServiceConfiguration) Validate(allowExperimentalFeatures bool) error
Validate validates the ConnectorServiceConfiguration.
type DatabaseServiceConfiguration ¶
type DatabaseServiceConfiguration struct {
DatabaseServiceType string `json:"database_service_type"`
// mutually exclusive fields below
Standard *StandardDatabaseServiceConfiguration `json:"standard_database_service_configuration,omitempty"`
AwsRds *AwsRdsDatabaseServiceConfiguration `json:"aws_rds_database_service_configuration,omitempty"`
GcpCloudSql *GcpCloudSqlDatabaseServiceConfiguration `json:"gcp_cloudsql_database_service_configuration,omitempty"`
}
DatabaseServiceConfiguration represents service configuration for database services (aka sockets).
func (DatabaseServiceConfiguration) Validate ¶ added in v1.3.3
func (config DatabaseServiceConfiguration) Validate() error
Validate ensures that the `DatabaseServiceConfiguration` is valid.
type DatabaseTlsAuthConfiguration ¶
type DatabaseTlsAuthConfiguration struct {
UsernameAndPassword
TlsConfig
}
DatabaseTlsAuthConfiguration represents auth configuration that uses TLS for securing the connection. You must provide a username, a password, a client certificate and a client key. Optionally you can provide a CA certificate to verify the server's certificate.
func (DatabaseTlsAuthConfiguration) Validate ¶ added in v1.3.9
func (config DatabaseTlsAuthConfiguration) Validate() error
Validate ensures that the `DatabaseTlsAuthConfiguration` has all the required fields.
type DatabaseUsernameAndPasswordAuthConfiguration ¶
type DatabaseUsernameAndPasswordAuthConfiguration struct {
UsernameAndPassword
}
DatabaseUsernameAndPasswordAuthConfiguration represents auth configuration that based on username and password.
func (DatabaseUsernameAndPasswordAuthConfiguration) Validate ¶ added in v1.3.9
func (config DatabaseUsernameAndPasswordAuthConfiguration) Validate() error
Validate ensures that the `DatabaseUsernameAndPasswordAuthConfiguration` has all the required fields.
type FileServerHttpServiceConfiguration ¶ added in v1.3.2
type FileServerHttpServiceConfiguration struct {
TopLevelDirectory string `json:"top_level_directory,omitempty"`
}
FileServerHttpServiceConfiguration represents service configuration for the connector built-in file webserver.
func (*FileServerHttpServiceConfiguration) Validate ¶ added in v1.3.4
func (c *FileServerHttpServiceConfiguration) Validate() error
Validate validates the FileServerHttpServiceConfiguration.
type GcpCloudSqlConnectorConfiguration ¶ added in v1.3.9
type GcpCloudSqlConnectorConfiguration struct {
DatabaseProtocol string `json:"protocol"`
AuthenticationType string `json:"authentication_type"`
UsernameAndPasswordAuth *GcpCloudSqlUsernameAndPasswordAuthConfiguration `json:"username_and_password_auth_configuration,omitempty"`
IamAuth *GcpCloudSqlIamAuthConfiguration `json:"iam_auth_configuration,omitempty"`
}
GcpCloudSqlConnectorConfiguration represents service configuration for Google Cloud SQL databases that will be connected to the upstream using the Cloud SQL Connector.
Supported database protocol is: `mysql`. For upstream authentication, supported auth types are: `username_password`, and `iam`. When using IAM authentication, the client must provide a username and an instance ID. You will need to supply Google credentials that are copied from the JSON credentials file.
func (GcpCloudSqlConnectorConfiguration) Validate ¶ added in v1.3.9
func (config GcpCloudSqlConnectorConfiguration) Validate() error
Validate ensures that the `GcpCloudSqlConnectorConfiguration` is valid.
type GcpCloudSqlDatabaseServiceConfiguration ¶ added in v1.3.9
type GcpCloudSqlDatabaseServiceConfiguration struct {
CloudSqlConnectorEnabled bool `json:"cloudsql_connector_enabled"`
Standard *GcpCloudSqlStandardConfiguration `json:"standard_configuration,omitempty"`
Connector *GcpCloudSqlConnectorConfiguration `json:"connector_configuration,omitempty"`
}
GcpCloudSqlDatabaseServiceConfiguration represents service configuration for Google Cloud SQL databases. Google Cloud SQL databases are cloud managed MySQL or PostgreSQL databases.
Border0 currently supports two ways of connecting to Google Cloud SQL databases: with and without the Cloud SQL Connector. Use the corresponding configuration fields to configure the upstream connection.
func (GcpCloudSqlDatabaseServiceConfiguration) Validate ¶ added in v1.3.9
func (config GcpCloudSqlDatabaseServiceConfiguration) Validate() error
Validate ensures that the `GcpCloudSqlDatabaseServiceConfiguration` is valid.
type GcpCloudSqlIamAuthConfiguration ¶ added in v1.3.9
type GcpCloudSqlIamAuthConfiguration struct {
Username string `json:"username"`
InstanceId string `json:"instance_id"`
GcpCredentialsJson string `json:"gcp_credentials_json"`
}
GcpCloudSqlIamAuthConfiguration represents auth configuration for Google Cloud SQL databases that use IAM authentication, and are connected to the upstream using the Cloud SQL Connector. You must provide a username, an Cloud SQL instance ID and Google credentials that are copied from the JSON credentials file.
func (GcpCloudSqlIamAuthConfiguration) Validate ¶ added in v1.3.9
func (config GcpCloudSqlIamAuthConfiguration) Validate() error
Validate ensures that the `GcpCloudSqlIamAuthConfiguration` has all the required fields.
type GcpCloudSqlStandardConfiguration ¶ added in v1.3.9
type GcpCloudSqlStandardConfiguration struct {
HostnameAndPort
DatabaseProtocol string `json:"protocol"`
AuthenticationType string `json:"authentication_type"`
UsernameAndPasswordAuth *DatabaseUsernameAndPasswordAuthConfiguration `json:"username_and_password_auth_configuration,omitempty"`
TlsAuth *DatabaseTlsAuthConfiguration `json:"tls_auth_configuration,omitempty"`
}
GcpCloudSqlStandardConfiguration represents service configuration for Google Cloud SQL databases that will be connected to the upstream _WITHOUT_ using the Cloud SQL Connector.
Supported database protocol is: `mysql`. For upstream authentication, supported auth types are: `username_password`, and `tls`. When using TLS authentication, the client must provide a username, a password, a client certificate and a client key.
func (GcpCloudSqlStandardConfiguration) Validate ¶ added in v1.3.9
func (config GcpCloudSqlStandardConfiguration) Validate() error
Validate ensures that the `GcpCloudSqlStandardConfiguration` is valid.
type GcpCloudSqlUsernameAndPasswordAuthConfiguration ¶ added in v1.3.9
type GcpCloudSqlUsernameAndPasswordAuthConfiguration struct {
UsernameAndPassword
InstanceId string `json:"instance_id"`
GcpCredentialsJson string `json:"gcp_credentials_json"`
}
GcpCloudSqlUsernameAndPasswordAuthConfiguration represents auth configuration for Google Cloud SQL databases that use username and password for authentication, and are connected to the upstream using the Cloud SQL Connector. You must provide a username, a password, an Cloud SQL instance ID and Google credentials that are copied from the JSON credentials file.
func (GcpCloudSqlUsernameAndPasswordAuthConfiguration) Validate ¶ added in v1.3.9
func (config GcpCloudSqlUsernameAndPasswordAuthConfiguration) Validate() error
Validate ensures that the `GcpCloudSqlUsernameAndPasswordAuthConfiguration` has all the required fields.
type HostnameAndPort ¶
HostnameAndPort represents a host and port.
func (*HostnameAndPort) Validate ¶ added in v1.3.4
func (c *HostnameAndPort) Validate() error
Validate validates the HostnameAndPort.
type HttpProxyTlsServiceConfiguration ¶ added in v1.3.2
type HttpProxyTlsServiceConfiguration struct {
HostAllowlist []string `json:"host_allowlist,omitempty"`
}
HttpProxyTlsServiceConfiguration represents service configuration for http proxy services over the tls socket.
func (*HttpProxyTlsServiceConfiguration) Validate ¶ added in v1.3.4
func (c *HttpProxyTlsServiceConfiguration) Validate() error
Validate validates the HttpProxyTlsServiceConfiguration.
type HttpServiceConfiguration ¶
type HttpServiceConfiguration struct {
HttpServiceType string `json:"http_service_type"`
// mutually exclusive fields below
StandardHttpServiceConfiguration *StandardHttpServiceConfiguration `json:"standard_http_service_configuration,omitempty"`
FileServerHttpServiceConfiguration *FileServerHttpServiceConfiguration `json:"fileserver_http_service_configuration,omitempty"`
}
HttpServiceConfiguration represents service configuration for http services (fka sockets).
func (*HttpServiceConfiguration) Validate ¶ added in v1.3.3
func (c *HttpServiceConfiguration) Validate() error
Validate validates the HttpServiceConfiguration.
type KubectlExecSshServiceConfiguration ¶ added in v1.4.0
type KubectlExecSshServiceConfiguration struct {
KubectlExecTargetType string `json:"kubectl_exec_target_type"`
BaseKubectlExecTargetConfiguration
// mutually exclusive fields below
StandardKubectlExecTargetConfiguration *StandardKubectlExecTargetConfiguration `json:"standard_kubectl_exec_target_configuration,omitempty"`
AwsEksKubectlExecTargetConfiguration *AwsEksKubectlExecTargetConfiguration `json:"aws_eks_kubectl_exec_target_configuration,omitempty"`
}
KubectlExecSshServiceConfiguration represents service configuration for kubectl exec ssh services (fka sockets).
func (*KubectlExecSshServiceConfiguration) Validate ¶ added in v1.4.0
func (c *KubectlExecSshServiceConfiguration) Validate() error
Validate validates a KubectlExecSshServiceConfiguration.
type PrivateKeyAuthConfiguration ¶
type PrivateKeyAuthConfiguration struct {
UsernameProvider string `json:"username_provider,omitempty"`
Username string `json:"username,omitempty"`
PrivateKey string `json:"private_key"`
}
PrivateKeyAuthConfiguration represents authentication configuration for standard ssh services that require a private key for authentication.
func (*PrivateKeyAuthConfiguration) Validate ¶ added in v1.3.3
func (c *PrivateKeyAuthConfiguration) Validate() error
Validate validates the PrivateKeyAuthConfiguration.
type SshServiceConfiguration ¶
type SshServiceConfiguration struct {
SshServiceType string `json:"ssh_service_type"`
// mutually exclusive fields below
StandardSshServiceConfiguration *StandardSshServiceConfiguration `json:"standard_ssh_service_configuration,omitempty"`
AwsSsmSshServiceConfiguration *AwsSsmSshServiceConfiguration `json:"aws_ssm_ssh_service_configuration,omitempty"`
AwsEc2ICSshServiceConfiguration *AwsEc2ICSshServiceConfiguration `json:"aws_ec2ic_ssh_service_configuration,omitempty"`
KubectlExecSshServiceConfiguration *KubectlExecSshServiceConfiguration `json:"kubectl_exec_ssh_service_configuration,omitempty"`
BuiltInSshServiceConfiguration *BuiltInSshServiceConfiguration `json:"built_in_ssh_service_configuration,omitempty"`
}
SshServiceConfiguration represents service configuration for shell services (fka sockets).
func (*SshServiceConfiguration) Validate ¶ added in v1.3.3
func (c *SshServiceConfiguration) Validate(allowExperimentalFeatures bool) error
Validate validates the SshServiceConfiguration.
type StandardDatabaseServiceConfiguration ¶
type StandardDatabaseServiceConfiguration struct {
HostnameAndPort
DatabaseProtocol string `json:"protocol"`
AuthenticationType string `json:"authentication_type"`
UsernameAndPasswordAuth *DatabaseUsernameAndPasswordAuthConfiguration `json:"username_and_password_auth_configuration,omitempty"`
TlsAuth *DatabaseTlsAuthConfiguration `json:"tls_auth_configuration,omitempty"`
}
StandardDatabaseServiceConfiguration represents service configuration for self-managed databases. Self-managed databases are databases that are not managed by a cloud provider. For example, a MySQL or PostgreSQL database running on your laptop, or in a VM running in your data center or in the cloud.
Supported database protocols are: `mysql` and `postgres`. For upstream authentication, supported auth types are: `username_and_password` and `tls`.
func (StandardDatabaseServiceConfiguration) Validate ¶ added in v1.3.9
func (config StandardDatabaseServiceConfiguration) Validate() error
Validate ensures that the `StandardDatabaseServiceConfiguration` is valid.
type StandardHttpServiceConfiguration ¶ added in v1.3.2
type StandardHttpServiceConfiguration struct {
HostnameAndPort // inherited
HostHeader string `json:"host_header"`
}
StandardHttpServiceConfiguration represents service configuration for standard http services (fka sockets).
func (*StandardHttpServiceConfiguration) Validate ¶ added in v1.3.4
func (c *StandardHttpServiceConfiguration) Validate() error
Validate validates the StandardHttpServiceConfiguration.
type StandardKubectlExecTargetConfiguration ¶ added in v1.4.0
type StandardKubectlExecTargetConfiguration struct {
MasterUrl string `json:"master_url,omitempty"`
KubeconfigPath string `json:"kubeconfig_path,omitempty"`
}
StandardKubectlExecTargetConfiguration represents service configuration for standard kubectl exec ssh services (fka sockets).
func (*StandardKubectlExecTargetConfiguration) Validate ¶ added in v1.4.0
func (c *StandardKubectlExecTargetConfiguration) Validate() error
Validate validates a StandardKubectlExecTargetConfiguration.
type StandardSshServiceConfiguration ¶
type StandardSshServiceConfiguration struct {
HostnameAndPort
SshAuthenticationType string `json:"ssh_authentication_type"`
// mutually exclusive fields below
UsernameAndPasswordAuthConfiguration *UsernameAndPasswordAuthConfiguration `json:"username_and_password_auth_configuration,omitempty"`
PrivateKeyAuthConfiguration *PrivateKeyAuthConfiguration `json:"private_key_auth_configuration,omitempty"`
Border0CertificateAuthConfiguration *Border0CertificateAuthConfiguration `json:"border0_certificate_auth_configuration,omitempty"`
}
StandardSshServiceConfiguration represents service configuration for standard ssh services (fka sockets).
func (*StandardSshServiceConfiguration) Validate ¶ added in v1.3.3
func (c *StandardSshServiceConfiguration) Validate() error
type StandardTlsServiceConfiguration ¶ added in v1.3.2
type StandardTlsServiceConfiguration struct {
HostnameAndPort
}
StandardTlsServiceConfiguration represents service configuration for standard tls services (fka sockets).
func (*StandardTlsServiceConfiguration) Validate ¶ added in v1.3.4
func (c *StandardTlsServiceConfiguration) Validate() error
Validate validates the StandardTlsServiceConfiguration.
type TlsConfig ¶
type TlsConfig struct {
CaCertificate string `json:"ca_certificate"`
Certificate string `json:"certificate"`
Key string `json:"key"`
}
TlsConfig represents a TLS configuration. Services can use this to configure TLS for securing connections to upstreams.
type TlsServiceConfiguration ¶
type TlsServiceConfiguration struct {
TlsServiceType string `json:"tls_service_type,omitempty"`
// mutually exclusive fields below
StandardTlsServiceConfiguration *StandardTlsServiceConfiguration `json:"standard_tls_service_configuration,omitempty"`
VpnTlsServiceConfiguration *VpnTlsServiceConfiguration `json:"vpn_tls_service_configuration,omitempty"`
HttpProxyTlsServiceConfiguration *HttpProxyTlsServiceConfiguration `json:"http_proxy_tls_service_configuration,omitempty"`
}
TlsServiceConfiguration represents service configuration for tls services (fka sockets).
func (*TlsServiceConfiguration) Validate ¶ added in v1.3.3
func (c *TlsServiceConfiguration) Validate() error
Validate validates the TlsServiceConfiguration.
type UsernameAndPassword ¶
type UsernameAndPassword struct {
Username string `json:"username"`
Password string `json:"password"`
}
UsernameAndPassword represents a username and password. Used for basic auth, for example, MySQL username and password in a database upstream configuration.
type UsernameAndPasswordAuthConfiguration ¶
type UsernameAndPasswordAuthConfiguration struct {
UsernameProvider string `json:"username_provider,omitempty"`
Username string `json:"username,omitempty"`
Password string `json:"password"`
}
UsernameAndPasswordAuthConfiguration represents authentication configuration for standard ssh services that require a username and password for authentication.
func (*UsernameAndPasswordAuthConfiguration) Validate ¶ added in v1.3.3
func (c *UsernameAndPasswordAuthConfiguration) Validate() error
Validate validates the Border0CertificateAuthConfiguration.
type VpnTlsServiceConfiguration ¶ added in v1.3.2
type VpnTlsServiceConfiguration struct {
VpnSubnet string `json:"vpn_subnet"`
Routes []string `json:"routes,omitempty"`
}
VpnTlsServiceConfiguration represents service configuration for vpn services services over the tls socket.
func (*VpnTlsServiceConfiguration) Validate ¶ added in v1.3.4
func (c *VpnTlsServiceConfiguration) Validate() error
Validate validates the VpnTlsServiceConfiguration.
Source Files