Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Conf ¶
type Conf struct {
// Credentials holds Cerbos Hub client credentials.
Credentials CredentialsConf `yaml:"credentials"`
// Connection holds advanced connection settings for Cerbos Hub.
Connection ConnectionConf `yaml:"connection" conf:",ignore"`
}
func (*Conf) SetDefaults ¶
func (conf *Conf) SetDefaults()
type ConnectionConf ¶
type ConnectionConf struct {
// TLS defines settings for TLS connections.
TLS TLSConf `yaml:"tls"`
// APIEndpoint is the address of the API server.
APIEndpoint string `yaml:"apiEndpoint" conf:"required,example=https://api.cerbos.cloud"`
// BootstrapEndpoint is the addresses of the server serving the bootstrap configuration.
BootstrapEndpoint string `yaml:"bootstrapEndpoint" conf:"required,example=https://cdn.cerbos.cloud"`
// MinRetryWait is the minimum amount of time to wait between retries.
MinRetryWait time.Duration `yaml:"minRetryWait" conf:",example=1s"`
// MaxRetryWait is the maximum amount of time to wait between retries.
MaxRetryWait time.Duration `yaml:"maxRetryWait" conf:",example=120s"`
// NumRetries is the number of times to retry before giving up.
NumRetries uint `yaml:"numRetries" conf:",example=5"`
// HeartbeatInterval is the interval for sending regular heartbeats.
HeartbeatInterval time.Duration `yaml:"heartbeatInterval" conf:",example=2m"`
}
ConnectionConf holds configuration for the remote connection.
func (ConnectionConf) IsUnset ¶
func (cc ConnectionConf) IsUnset() bool
func (*ConnectionConf) Validate ¶
func (cc *ConnectionConf) Validate() error
type CredentialsConf ¶
type CredentialsConf struct {
// PDPID is the unique identifier for this Cerbos instance. Defaults to the value of the CERBOS_HUB_PDP_ID environment variable.
PDPID string `yaml:"pdpID" conf:",example=crb-004"`
// ClientID of the Cerbos Hub credential. Defaults to the value of the CERBOS_HUB_CLIENT_ID environment variable.
ClientID string `yaml:"clientID" conf:",example=92B0K05B6HOF"`
// ClientSecret of the Cerbos Hub credential. Defaults to the value of the CERBOS_HUB_CLIENT_SECRET environment variable.
ClientSecret string `yaml:"clientSecret" conf:",example=${CERBOS_HUB_CLIENT_SECRET}"`
// WorkspaceSecret used to decrypt the bundles. Defaults to the value of the CERBOS_HUB_WORKSPACE_SECRET environment variable.
WorkspaceSecret string `yaml:"workspaceSecret" conf:",example=${CERBOS_HUB_WORKSPACE_SECRET}"`
// Deprecated: Use PDPID
InstanceID string `yaml:"instanceID" conf:",ignore"`
// Deprecated: Use WorkspaceSecret
SecretKey string `yaml:"secretKey" conf:",ignore"`
}
CredentialsConf holds credentials for accessing Cerbos Hub.
func (*CredentialsConf) LoadFromEnv ¶
func (cc *CredentialsConf) LoadFromEnv()
func (CredentialsConf) ToCredentials ¶
func (cc CredentialsConf) ToCredentials() (*credentials.Credentials, error)
func (*CredentialsConf) Validate ¶
func (cc *CredentialsConf) Validate() (outErr error)
type TLSConf ¶
type TLSConf struct {
// Authority overrides the Cerbos Hub server authority if it is different from what is provided in the API and bootstrap endpoints.
Authority string `yaml:"authority" conf:",example=domain.tld"`
// CACert is the path to the CA certificate chain to use for certificate verification.
CACert string `yaml:"caCert" conf:",example=/path/to/CA_certificate"`
}
TLSConf holds TLS configuration for the remote connection.
Source Files
Click to show internal directories.
Click to hide internal directories.