Documentation
¶
Index ¶
- type Config
- func (r *Config) GetAllowedQueryParams() map[string]string
- func (r *Config) GetDefaultAllowedQueryParams() map[string]string
- func (r *Config) GetHeaders() map[string]string
- func (r *Config) GetMatchClaims() map[string]string
- func (r *Config) GetResources() []*authorization.Resource
- func (r *Config) GetTags() map[string]string
- func (r *Config) HasCustomErrorPage() bool
- func (r *Config) HasCustomForbiddenPage() bool
- func (r *Config) HasCustomSignInPage() bool
- func (r *Config) IsValid() error
- func (r *Config) ReadConfigFile(filename string) error
- func (r *Config) SetResources(resources []*authorization.Resource)
- func (r *Config) Update() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
CommonConfig core.CommonConfig
Scopes []string `json:"scopes" usage:"list of scopes requested when authenticating the user" yaml:"scopes"`
Resources []*authorization.Resource `json:"resources" usage:"list of resources 'uri=/admin*|methods=GET,PUT|roles=role1,role2'" yaml:"resources"`
CustomHTTPMethods []string `json:"custom-http-methods" usage:"list of additional non-standard http methods" yaml:"custom-http-methods"`
SelfSignedTLSHostnames []string `` /* 133-byte string literal not displayed */
AddClaims []string `` /* 132-byte string literal not displayed */
CorsOrigins []string `json:"cors-origins" usage:"origins to add to the CORE origins control (Access-Control-Allow-Origin)" yaml:"cors-origins"`
CorsMethods []string `json:"cors-methods" usage:"methods permitted in the access control (Access-Control-Allow-Methods)" yaml:"cors-methods"`
CorsHeaders []string `` /* 127-byte string literal not displayed */
CorsExposedHeaders []string `` /* 130-byte string literal not displayed */
Hostnames []string `json:"hostnames" usage:"list of hostnames the service will respond to" yaml:"hostnames"`
ForwardingDomains []string `` /* 135-byte string literal not displayed */
ConfigFile string `env:"CONFIG_FILE" json:"config" usage:"path the a configuration file" yaml:"config"`
Listen string `` /* 167-byte string literal not displayed */
ListenHTTP string `env:"LISTEN_HTTP" json:"listen-http" usage:"interface we should be listening to for HTTP traffic" yaml:"listen-http"`
ListenAdmin string `` /* 222-byte string literal not displayed */
ListenAdminScheme string `` /* 140-byte string literal not displayed */
DiscoveryURL string `env:"DISCOVERY_URL" json:"discovery-url" usage:"discovery url to retrieve the openid configuration" yaml:"discovery-url"`
ClientID string `env:"CLIENT_ID" json:"client-id" usage:"client id used to authenticate to the oauth service" yaml:"client-id"`
ClientSecret string `env:"CLIENT_SECRET" json:"client-secret" usage:"client secret used to authenticate to the oauth service" yaml:"client-secret"`
RedirectionURL string `` /* 153-byte string literal not displayed */
PostLogoutRedirectURI string `` /* 160-byte string literal not displayed */
PostLoginRedirectPath string `` /* 183-byte string literal not displayed */
RevocationEndpoint string `` /* 128-byte string literal not displayed */
OpenIDProviderProxy string `` /* 142-byte string literal not displayed */
UpstreamProxy string `env:"UPSTREAM_PROXY" json:"upstream-proxy" usage:"proxy for communication with upstream" yaml:"upstream-proxy"`
UpstreamNoProxy string `` /* 139-byte string literal not displayed */
BaseURI string `env:"BASE_URI" json:"base-uri" usage:"common prefix for all URIs" yaml:"base-uri"`
OAuthURI string `env:"OAUTH_URI" json:"oauth-uri" usage:"the uri for proxy oauth endpoints" yaml:"oauth-uri"`
Upstream string `env:"UPSTREAM_URL" json:"upstream-url" usage:"url for the upstream endpoint you wish to proxy" yaml:"upstream-url"`
UpstreamCA string `` /* 147-byte string literal not displayed */
RequestIDHeader string `env:"REQUEST_ID_HEADER" json:"request-id-header" usage:"the http header name for request id" yaml:"request-id-header"`
ContentSecurityPolicy string `` /* 135-byte string literal not displayed */
OpaAuthzURI string `` /* 191-byte string literal not displayed */
CookieDomain string `` /* 132-byte string literal not displayed */
CookieAccessName string `` /* 133-byte string literal not displayed */
CookieIDTokenName string `` /* 131-byte string literal not displayed */
CookieRefreshName string `` /* 147-byte string literal not displayed */
CookieOAuthStateName string `` /* 155-byte string literal not displayed */
CookieRequestURIName string `` /* 147-byte string literal not displayed */
CookiePKCEName string `` /* 129-byte string literal not displayed */
CookieUMAName string `env:"COOKIE_UMA_NAME" json:"cookie-uma-name" usage:"name of the cookie used to hold the UMA RPT token" yaml:"cookie-uma-name"`
SameSiteCookie string `` /* 182-byte string literal not displayed */
TLSCertificate string `env:"TLS_CERTIFICATE" json:"tls-cert" usage:"path to ths TLS certificate" yaml:"tls-cert"`
TLSPrivateKey string `env:"TLS_PRIVATE_KEY" json:"tls-private-key" usage:"path to the private key for TLS" yaml:"tls-private-key"`
TLSCaCertificate string `` /* 137-byte string literal not displayed */
TLSCaPrivateKey string `` /* 127-byte string literal not displayed */
TLSClientCertificate string `` /* 190-byte string literal not displayed */
TLSMinVersion string `` /* 133-byte string literal not displayed */
TLSAdminCertificate string `env:"TLS_ADMIN_CERTIFICATE" json:"tls-admin-cert" usage:"path to ths TLS certificate" yaml:"tls-admin-cert"`
TLSAdminPrivateKey string `env:"TLS_ADMIN_PRIVATE_KEY" json:"tls-admin-private-key" usage:"path to the private key for TLS" yaml:"tls-admin-private-key"`
TLSAdminCaCertificate string `` /* 155-byte string literal not displayed */
TLSAdminClientCertificate string `` /* 208-byte string literal not displayed */
StoreURL string `` /* 185-byte string literal not displayed */
EncryptionKey string `env:"ENCRYPTION_KEY" json:"encryption-key" usage:"encryption key used to encryption the session state" yaml:"encryption-key"`
LetsEncryptCacheDir string `` /* 148-byte string literal not displayed */
SignInPage string `env:"SIGN_IN_PAGE" json:"sign-in-page" usage:"path to custom template displayed for signin" yaml:"sign-in-page"`
ForbiddenPage string `env:"FORBIDDEN_PAGE" json:"forbidden-page" usage:"path to custom template used for access forbidden" yaml:"forbidden-page"`
ErrorPage string `env:"ERROR_PAGE" json:"error-page" usage:"path to custom template displayed for http.StatusBadRequest" yaml:"error-page"`
ForwardingGrantType string `` /* 193-byte string literal not displayed */
ForwardingUsername string `` /* 141-byte string literal not displayed */
ForwardingPassword string `` /* 141-byte string literal not displayed */
Realm string
OpenIDProviderTimeout time.Duration `` /* 168-byte string literal not displayed */
OpenIDProviderRetryCount int `` /* 165-byte string literal not displayed */
OpenIDProviderHeaders map[string]string `json:"openid-provider-headers" usage:"http headers sent to idp provider" yaml:"openid-provider-headers"`
Headers map[string]string `json:"headers" usage:"custom headers to the upstream request, key=value" yaml:"headers"`
ResponseHeaders map[string]string `json:"response-headers" usage:"custom headers to added to the http response key=value" yaml:"response-headers"`
AllowedQueryParams map[string]string `json:"allowed-query-params" usage:"allowed query params, sent to IDP key=optional value" yaml:"allowed-query-params"`
DefaultAllowedQueryParams map[string]string `` /* 131-byte string literal not displayed */
SelfSignedTLSExpiration time.Duration `` /* 158-byte string literal not displayed */
OpaTimeout time.Duration `` /* 189-byte string literal not displayed */
PatRetryCount int `env:"PAT_RETRY_COUNT" json:"pat-retry-count" usage:"number of retries to get PAT" yaml:"pat-retry-count"`
PatRetryInterval time.Duration `env:"PAT_RETRY_INTERVAL" json:"pat-retry-interval" usage:"interval between retries to get PAT" yaml:"pat-retry-interval"`
AccessTokenDuration time.Duration `` /* 165-byte string literal not displayed */
MatchClaims map[string]string `` /* 132-byte string literal not displayed */
CorsMaxAge time.Duration `env:"CORS_MAX_AGE" json:"cors-max-age" usage:"max age applied to cors headers (Access-Control-Max-Age)" yaml:"cors-max-age"`
UpstreamTimeout time.Duration `` /* 144-byte string literal not displayed */
UpstreamKeepaliveTimeout time.Duration `` /* 173-byte string literal not displayed */
UpstreamTLSHandshakeTimeout time.Duration `` /* 173-byte string literal not displayed */
UpstreamResponseHeaderTimeout time.Duration `` /* 181-byte string literal not displayed */
UpstreamExpectContinueTimeout time.Duration `` /* 181-byte string literal not displayed */
MaxIdleConns int `` /* 156-byte string literal not displayed */
MaxIdleConnsPerHost int `` /* 169-byte string literal not displayed */
ServerGraceTimeout time.Duration `` /* 132-byte string literal not displayed */
ServerReadTimeout time.Duration `` /* 130-byte string literal not displayed */
ServerWriteTimeout time.Duration `` /* 134-byte string literal not displayed */
ServerIdleTimeout time.Duration `` /* 130-byte string literal not displayed */
Tags map[string]string `json:"tags" usage:"keypairs passed to the templates at render,e.g title=Page" yaml:"tags"`
DiscoveryURI *url.URL
OpaAuthzURL *url.URL
SkipOpenIDProviderTLSVerify bool `` /* 194-byte string literal not displayed */
PreserveHost bool `` /* 141-byte string literal not displayed */
EnabledSelfSignedTLS bool `` /* 142-byte string literal not displayed */
EnableRequestID bool `` /* 132-byte string literal not displayed */
EnableLogoutRedirect bool `` /* 166-byte string literal not displayed */
EnableDefaultDeny bool `` /* 240-byte string literal not displayed */
EnableDefaultDenyStrict bool `` /* 210-byte string literal not displayed */
EnableEncryptedToken bool `` /* 136-byte string literal not displayed */
ForceEncryptedCookie bool `` /* 146-byte string literal not displayed */
EnableLogging bool `env:"ENABLE_LOGGING" json:"enable-logging" usage:"enable http logging of the requests" yaml:"enable-logging"`
EnableJSONLogging bool `` /* 127-byte string literal not displayed */
EnableForwarding bool `` /* 141-byte string literal not displayed */
EnableSecurityFilter bool `` /* 132-byte string literal not displayed */
EnableRefreshTokens bool `` /* 135-byte string literal not displayed */
EnableSessionCookies bool `` /* 166-byte string literal not displayed */
EnableLoginHandler bool `` /* 133-byte string literal not displayed */
EnableTokenHeader bool `` /* 152-byte string literal not displayed */
EnableAuthorizationHeader bool `` /* 162-byte string literal not displayed */
EnableAuthorizationCookies bool `` /* 174-byte string literal not displayed */
EnableHTTPSRedirect bool `` /* 156-byte string literal not displayed */
EnableProfiling bool `` /* 161-byte string literal not displayed */
EnableMetrics bool `` /* 130-byte string literal not displayed */
EnableBrowserXSSFilter bool `` /* 151-byte string literal not displayed */
EnableContentNoSniff bool `` /* 159-byte string literal not displayed */
EnableFrameDeny bool `env:"ENABLE_FRAME_DENY" json:"filter-frame-deny" usage:"enable to the frame deny header" yaml:"filter-frame-deny"`
LocalhostMetrics bool `` /* 146-byte string literal not displayed */
EnableCompression bool `env:"ENABLE_COMPRESSION" json:"enable-compression" usage:"enable gzip compression for response" yaml:"enable-compression"`
EnablePKCE bool `` /* 189-byte string literal not displayed */
EnableIDPSessionCheck bool `` /* 202-byte string literal not displayed */
EnableUma bool `` /* 188-byte string literal not displayed */
EnableOpa bool `` /* 188-byte string literal not displayed */
SecureCookie bool `env:"SECURE_COOKIE" json:"secure-cookie" usage:"enforces the cookie to be secure" yaml:"secure-cookie"`
HTTPOnlyCookie bool `env:"HTTP_ONLY_COOKIE" json:"http-only-cookie" usage:"enforces the cookie is in http only mode" yaml:"http-only-cookie"`
EnableIDTokenCookie bool `env:"ENABLE_IDTOKEN_COOKIE" json:"enable-id-token-cookie" usage:"enable id token cookie" yaml:"enable-id-token-cookie"`
EnableUmaMethodScope bool `` /* 182-byte string literal not displayed */
SkipUpstreamTLSVerify bool `` /* 144-byte string literal not displayed */
CorsCredentials bool `` /* 147-byte string literal not displayed */
EnableHmac bool `` /* 126-byte string literal not displayed */
NoProxy bool `` /* 141-byte string literal not displayed */
NoRedirects bool `` /* 137-byte string literal not displayed */
SkipTokenVerification bool `` /* 175-byte string literal not displayed */
SkipAccessTokenIssuerCheck bool `` /* 216-byte string literal not displayed */
SkipAccessTokenClientIDCheck bool `` /* 226-byte string literal not displayed */
SkipAuthorizationHeaderIdentity bool `` /* 311-byte string literal not displayed */
UpstreamKeepalives bool `` /* 155-byte string literal not displayed */
Verbose bool `env:"VERBOSE" json:"verbose" usage:"switch on debug / verbose logging" yaml:"verbose"`
EnableProxyProtocol bool `env:"ENABLE_PROXY_PROTOCOL" json:"enabled-proxy-protocol" usage:"enable proxy protocol" yaml:"enabled-proxy-protocol"`
UseLetsEncrypt bool `env:"USE_LETS_ENCRYPT" json:"use-letsencrypt" usage:"use letsencrypt for certificates" yaml:"use-letsencrypt"`
DisableAllLogging bool `` /* 129-byte string literal not displayed */
EnableLoA bool `env:"ENABLE_LOA" json:"enable-loa" usage:"enables level of authentication" yaml:"enable-loa"`
IsDiscoverURILegacy bool
}
func NewDefaultConfig ¶
func NewDefaultConfig() *Config
NewDefaultConfig returns a initialized config
func (*Config) GetAllowedQueryParams ¶
func (*Config) GetDefaultAllowedQueryParams ¶
func (*Config) GetHeaders ¶
func (*Config) GetMatchClaims ¶
func (*Config) GetResources ¶
func (r *Config) GetResources() []*authorization.Resource
func (*Config) HasCustomErrorPage ¶
HasCustomErrorPage checks if there is a custom error page
func (*Config) HasCustomForbiddenPage ¶
HasForbiddenPage checks if there is a custom forbidden page
func (*Config) HasCustomSignInPage ¶
HasCustomSignInPage checks if there is a custom sign in page
func (*Config) ReadConfigFile ¶
readConfigFile reads and parses the configuration file
func (*Config) SetResources ¶
func (r *Config) SetResources(resources []*authorization.Resource)
Source Files
Click to show internal directories.
Click to hide internal directories.