Documentation ¶
Index ¶
- Constants
- Variables
- func EncryptDecrypt(rawStr string, decrypt, strip bool, wrapper wrapping.Wrapper) (string, error)
- func GetAEADKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)
- func GetAliCloudKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)
- func GetAzureKeyVaultKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)
- func GetGCPCKMSKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)
- func GetOCIKMSKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)
- func IsValidStatusCode(sc string) bool
- func ParseCustomResponseHeaders(responseHeaders interface{}) (map[string]map[string]string, error)
- func ParseEntropy(result *SharedConfig, list *ast.ObjectList, blockName string) error
- func ParseListeners(result *SharedConfig, list *ast.ObjectList) error
- func ParseSingleIPTemplate(ipTmpl string) (string, error)
- func SetupTelemetry(opts *SetupTelemetryOpts) (*metrics.InmemSink, *metricsutil.ClusterMetricSink, bool, error)
- type ConfigError
- type EntSharedConfig
- type Entropy
- type EntropyMode
- type KMS
- type Listener
- type ListenerProfiling
- type ListenerTelemetry
- type SetupTelemetryOpts
- type SharedConfig
- type Telemetry
- type UnusedKeyMap
- type ValidatableConfig
Constants ¶
const ( PrometheusDefaultRetentionTime = 24 * time.Hour UsageGaugeDefaultPeriod = 10 * time.Minute MaximumGaugeCardinalityDefault = 500 LeaseMetricsEpsilonDefault = time.Hour NumLeaseMetricsTimeBucketsDefault = 168 )
const StrictTransportSecurity = "max-age=31536000; includeSubDomains"
Variables ¶
var ( ConfigureWrapper = configureWrapper CreateSecureRandomReaderFunc = createSecureRandomReader )
var GetAWSKMSFunc = func(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error) { wrapper := awskms.NewWrapper(opts) wrapperInfo, err := wrapper.SetConfig(kms.Config) if err != nil { if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) { return nil, nil, err } } info := make(map[string]string) if wrapperInfo != nil { info["AWS KMS Region"] = wrapperInfo["region"] info["AWS KMS KeyID"] = wrapperInfo["kms_key_id"] if endpoint, ok := wrapperInfo["endpoint"]; ok { info["AWS KMS Endpoint"] = endpoint } } return wrapper, info, nil }
var GetTransitKMSFunc = func(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error) { wrapper := transit.NewWrapper(opts) wrapperInfo, err := wrapper.SetConfig(kms.Config) if err != nil { if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) { return nil, nil, err } } info := make(map[string]string) if wrapperInfo != nil { info["Transit Address"] = wrapperInfo["address"] info["Transit Mount Path"] = wrapperInfo["mount_path"] info["Transit Key Name"] = wrapperInfo["key_name"] if namespace, ok := wrapperInfo["namespace"]; ok { info["Transit Namespace"] = namespace } } return wrapper, info, nil }
var ValidCustomStatusCodeCollection = []string{
"default",
"1xx",
"2xx",
"3xx",
"4xx",
"5xx",
}
Functions ¶
func EncryptDecrypt ¶
func GetAEADKMSFunc ¶
func GetAliCloudKMSFunc ¶
func GetAzureKeyVaultKMSFunc ¶
func GetGCPCKMSKMSFunc ¶
func GetOCIKMSKMSFunc ¶
func IsValidStatusCode ¶ added in v1.9.0
IsValidStatusCode checking for status codes outside the boundary
func ParseCustomResponseHeaders ¶ added in v1.9.0
ParseCustomResponseHeaders takes a raw config values for the "custom_response_headers". It makes sure the config entry is passed in as a map of status code to a map of header name and header values. It verifies the validity of the status codes, and header values. It also adds the default headers values.
func ParseEntropy ¶
func ParseEntropy(result *SharedConfig, list *ast.ObjectList, blockName string) error
func ParseListeners ¶
func ParseListeners(result *SharedConfig, list *ast.ObjectList) error
func ParseSingleIPTemplate ¶ added in v1.9.0
ParseSingleIPTemplate is used as a helper function to parse out a single IP address from a config parameter.
func SetupTelemetry ¶
func SetupTelemetry(opts *SetupTelemetryOpts) (*metrics.InmemSink, *metricsutil.ClusterMetricSink, bool, error)
SetupTelemetry is used to setup the telemetry sub-systems and returns the in-memory sink to be used in http configuration
Types ¶
type ConfigError ¶ added in v1.8.0
func ValidateUnusedFields ¶ added in v1.8.0
func ValidateUnusedFields(unusedKeyPositions UnusedKeyMap, sourceFilePath string) []ConfigError
Creates the ConfigErrors for unused fields, which occur in various structs
func (*ConfigError) String ¶ added in v1.8.0
func (c *ConfigError) String() string
type EntSharedConfig ¶
type EntSharedConfig struct{}
func (*EntSharedConfig) ParseConfig ¶
func (ec *EntSharedConfig) ParseConfig(list *ast.ObjectList) error
type Entropy ¶
type Entropy struct {
Mode EntropyMode
}
type EntropyMode ¶
type EntropyMode int
Entropy contains Entropy configuration for the server
const ( EntropyUnknown EntropyMode = iota EntropyAugmentation )
type KMS ¶
type KMS struct { UnusedKeys []string `hcl:",unusedKeys"` Type string // Purpose can be used to allow a string-based specification of what this // KMS is designated for, in situations where we want to allow more than // one KMS to be specified Purpose []string `hcl:"-"` Disabled bool Config map[string]string }
KMS contains KMS configuration for the server
func LoadConfigKMSes ¶
func ParseKMSes ¶
type Listener ¶
type Listener struct { UnusedKeys UnusedKeyMap `hcl:",unusedKeyPositions"` RawConfig map[string]interface{} Type string Purpose []string `hcl:"-"` PurposeRaw interface{} `hcl:"purpose"` Address string `hcl:"address"` ClusterAddress string `hcl:"cluster_address"` MaxRequestSize int64 `hcl:"-"` MaxRequestSizeRaw interface{} `hcl:"max_request_size"` MaxRequestDuration time.Duration `hcl:"-"` MaxRequestDurationRaw interface{} `hcl:"max_request_duration"` RequireRequestHeader bool `hcl:"-"` RequireRequestHeaderRaw interface{} `hcl:"require_request_header"` TLSDisable bool `hcl:"-"` TLSDisableRaw interface{} `hcl:"tls_disable"` TLSCertFile string `hcl:"tls_cert_file"` TLSKeyFile string `hcl:"tls_key_file"` TLSMinVersion string `hcl:"tls_min_version"` TLSMaxVersion string `hcl:"tls_max_version"` TLSCipherSuites []uint16 `hcl:"-"` TLSCipherSuitesRaw string `hcl:"tls_cipher_suites"` TLSPreferServerCipherSuites bool `hcl:"-"` TLSPreferServerCipherSuitesRaw interface{} `hcl:"tls_prefer_server_cipher_suites"` TLSRequireAndVerifyClientCert bool `hcl:"-"` TLSRequireAndVerifyClientCertRaw interface{} `hcl:"tls_require_and_verify_client_cert"` TLSClientCAFile string `hcl:"tls_client_ca_file"` TLSDisableClientCerts bool `hcl:"-"` TLSDisableClientCertsRaw interface{} `hcl:"tls_disable_client_certs"` HTTPReadTimeout time.Duration `hcl:"-"` HTTPReadTimeoutRaw interface{} `hcl:"http_read_timeout"` HTTPReadHeaderTimeout time.Duration `hcl:"-"` HTTPReadHeaderTimeoutRaw interface{} `hcl:"http_read_header_timeout"` HTTPWriteTimeout time.Duration `hcl:"-"` HTTPWriteTimeoutRaw interface{} `hcl:"http_write_timeout"` HTTPIdleTimeout time.Duration `hcl:"-"` HTTPIdleTimeoutRaw interface{} `hcl:"http_idle_timeout"` ProxyProtocolBehavior string `hcl:"proxy_protocol_behavior"` ProxyProtocolAuthorizedAddrs []*sockaddr.SockAddrMarshaler `hcl:"-"` ProxyProtocolAuthorizedAddrsRaw interface{} `hcl:"proxy_protocol_authorized_addrs,alias:ProxyProtocolAuthorizedAddrs"` XForwardedForAuthorizedAddrs []*sockaddr.SockAddrMarshaler `hcl:"-"` XForwardedForAuthorizedAddrsRaw interface{} `hcl:"x_forwarded_for_authorized_addrs,alias:XForwardedForAuthorizedAddrs"` XForwardedForHopSkips int64 `hcl:"-"` XForwardedForHopSkipsRaw interface{} `hcl:"x_forwarded_for_hop_skips,alias:XForwardedForHopSkips"` XForwardedForRejectNotPresent bool `hcl:"-"` XForwardedForRejectNotPresentRaw interface{} `hcl:"x_forwarded_for_reject_not_present,alias:XForwardedForRejectNotPresent"` XForwardedForRejectNotAuthorized bool `hcl:"-"` XForwardedForRejectNotAuthorizedRaw interface{} `hcl:"x_forwarded_for_reject_not_authorized,alias:XForwardedForRejectNotAuthorized"` SocketMode string `hcl:"socket_mode"` SocketUser string `hcl:"socket_user"` SocketGroup string `hcl:"socket_group"` Telemetry ListenerTelemetry `hcl:"telemetry"` Profiling ListenerProfiling `hcl:"profiling"` // RandomPort is used only for some testing purposes RandomPort bool `hcl:"-"` CorsEnabledRaw interface{} `hcl:"cors_enabled"` CorsEnabled bool `hcl:"-"` CorsAllowedOrigins []string `hcl:"cors_allowed_origins"` CorsAllowedHeaders []string `hcl:"-"` CorsAllowedHeadersRaw []string `hcl:"cors_allowed_headers,alias:cors_allowed_headers"` // Custom Http response headers CustomResponseHeaders map[string]map[string]string `hcl:"-"` CustomResponseHeadersRaw interface{} `hcl:"custom_response_headers"` }
Listener is the listener configuration for the server.
func (*Listener) Validate ¶ added in v1.8.0
func (l *Listener) Validate(path string) []ConfigError
type ListenerProfiling ¶ added in v1.6.4
type ListenerProfiling struct { UnusedKeys UnusedKeyMap `hcl:",unusedKeyPositions"` UnauthenticatedPProfAccess bool `hcl:"-"` UnauthenticatedPProfAccessRaw interface{} `hcl:"unauthenticated_pprof_access,alias:UnauthenticatedPProfAccessRaw"` }
type ListenerTelemetry ¶
type ListenerTelemetry struct { UnusedKeys UnusedKeyMap `hcl:",unusedKeyPositions"` UnauthenticatedMetricsAccess bool `hcl:"-"` UnauthenticatedMetricsAccessRaw interface{} `hcl:"unauthenticated_metrics_access,alias:UnauthenticatedMetricsAccess"` }
type SetupTelemetryOpts ¶
type SharedConfig ¶
type SharedConfig struct { // LogFormat specifies the log format. Valid values are "standard" and // "json". The values are case-insenstive. If no log format is specified, // then standard format will be used. }
SharedConfig contains some shared values
func LoadConfigFile ¶
func LoadConfigFile(path string) (*SharedConfig, error)
LoadConfigFile loads the configuration from the given file.
func ParseConfig ¶
func ParseConfig(d string) (*SharedConfig, error)
func (*SharedConfig) Merge ¶
func (c *SharedConfig) Merge(c2 *SharedConfig) *SharedConfig
func (*SharedConfig) Sanitized ¶
func (c *SharedConfig) Sanitized() map[string]interface{}
Sanitized returns a copy of the config with all values that are considered sensitive stripped. It also strips all `*Raw` values that are mainly used for parsing.
Specifically, the fields that this method strips are: - KMS.Config - Telemetry.CirconusAPIToken
type Telemetry ¶
type Telemetry struct { FoundKeys []string `hcl:",decodedFields"` UnusedKeys UnusedKeyMap `hcl:",unusedKeyPositions"` StatsiteAddr string `hcl:"statsite_address"` StatsdAddr string `hcl:"statsd_address"` DisableHostname bool `hcl:"disable_hostname"` EnableHostnameLabel bool `hcl:"enable_hostname_label"` MetricsPrefix string `hcl:"metrics_prefix"` UsageGaugePeriod time.Duration UsageGaugePeriodRaw interface{} `hcl:"usage_gauge_period,alias:UsageGaugePeriod"` MaximumGaugeCardinality int `hcl:"maximum_gauge_cardinality"` // CirconusAPIToken is a valid API Token used to create/manage check. If provided, // metric management is enabled. // Default: none CirconusAPIToken string `hcl:"circonus_api_token"` // CirconusAPIApp is an app name associated with API token. // Default: "consul" CirconusAPIApp string `hcl:"circonus_api_app"` // CirconusAPIURL is the base URL to use for contacting the Circonus API. // Default: "https://api.circonus.com/v2" CirconusAPIURL string `hcl:"circonus_api_url"` // CirconusSubmissionInterval is the interval at which metrics are submitted to Circonus. // Default: 10s CirconusSubmissionInterval string `hcl:"circonus_submission_interval"` // CirconusCheckSubmissionURL is the check.config.submission_url field from a // previously created HTTPTRAP check. // Default: none CirconusCheckSubmissionURL string `hcl:"circonus_submission_url"` // CirconusCheckID is the check id (not check bundle id) from a previously created // HTTPTRAP check. The numeric portion of the check._cid field. // Default: none CirconusCheckID string `hcl:"circonus_check_id"` // CirconusCheckForceMetricActivation will force enabling metrics, as they are encountered, // if the metric already exists and is NOT active. If check management is enabled, the default // behavior is to add new metrics as they are encountered. If the metric already exists in the // check, it will *NOT* be activated. This setting overrides that behavior. // Default: "false" CirconusCheckForceMetricActivation string `hcl:"circonus_check_force_metric_activation"` // CirconusCheckInstanceID serves to uniquely identify the metrics coming from this "instance". // It can be used to maintain metric continuity with transient or ephemeral instances as // they move around within an infrastructure. // Default: hostname:app CirconusCheckInstanceID string `hcl:"circonus_check_instance_id"` // CirconusCheckSearchTag is a special tag which, when coupled with the instance id, helps to // narrow down the search results when neither a Submission URL or Check ID is provided. // Default: service:app (e.g. service:consul) CirconusCheckSearchTag string `hcl:"circonus_check_search_tag"` // CirconusCheckTags is a comma separated list of tags to apply to the check. Note that // the value of CirconusCheckSearchTag will always be added to the check. // Default: none CirconusCheckTags string `hcl:"circonus_check_tags"` // CirconusCheckDisplayName is the name for the check which will be displayed in the Circonus UI. // Default: value of CirconusCheckInstanceID CirconusCheckDisplayName string `hcl:"circonus_check_display_name"` // CirconusBrokerID is an explicit broker to use when creating a new check. The numeric portion // of broker._cid. If metric management is enabled and neither a Submission URL nor Check ID // is provided, an attempt will be made to search for an existing check using Instance ID and // Search Tag. If one is not found, a new HTTPTRAP check will be created. // Default: use Select Tag if provided, otherwise, a random Enterprise Broker associated // with the specified API token or the default Circonus Broker. // Default: none CirconusBrokerID string `hcl:"circonus_broker_id"` // CirconusBrokerSelectTag is a special tag which will be used to select a broker when // a Broker ID is not provided. The best use of this is to as a hint for which broker // should be used based on *where* this particular instance is running. // (e.g. a specific geo location or datacenter, dc:sfo) // Default: none CirconusBrokerSelectTag string `hcl:"circonus_broker_select_tag"` // Dogstats: // DogStatsdAddr is the address of a dogstatsd instance. If provided, // metrics will be sent to that instance DogStatsDAddr string `hcl:"dogstatsd_addr"` // DogStatsdTags are the global tags that should be sent with each packet to dogstatsd // It is a list of strings, where each string looks like "my_tag_name:my_tag_value" DogStatsDTags []string `hcl:"dogstatsd_tags"` // Prometheus: // PrometheusRetentionTime is the retention time for prometheus metrics if greater than 0. // Default: 24h PrometheusRetentionTime time.Duration `hcl:"-"` PrometheusRetentionTimeRaw interface{} `hcl:"prometheus_retention_time"` // Stackdriver: // StackdriverProjectID is the project to publish stackdriver metrics to. StackdriverProjectID string `hcl:"stackdriver_project_id"` // StackdriverLocation is the GCP or AWS region of the monitored resource. StackdriverLocation string `hcl:"stackdriver_location"` // StackdriverNamespace is the namespace identifier, such as a cluster name. StackdriverNamespace string `hcl:"stackdriver_namespace"` // StackdriverDebugLogs will write additional stackdriver related debug logs to stderr. StackdriverDebugLogs bool `hcl:"stackdriver_debug_logs"` // How often metrics for lease expiry will be aggregated LeaseMetricsEpsilon time.Duration LeaseMetricsEpsilonRaw interface{} `hcl:"lease_metrics_epsilon"` // Number of buckets by time that will be used in lease aggregation NumLeaseMetricsTimeBuckets int `hcl:"num_lease_metrics_buckets"` // Whether or not telemetry should add labels for namespaces LeaseMetricsNameSpaceLabels bool `hcl:"add_lease_metrics_namespace_labels"` // FilterDefault is the default for whether to allow a metric that's not // covered by the prefix filter. FilterDefault *bool `hcl:"filter_default"` // PrefixFilter is a list of filter rules to apply for allowing // or blocking metrics by prefix. PrefixFilter []string `hcl:"prefix_filter"` }
Telemetry is the telemetry configuration for the server
func (*Telemetry) Validate ¶ added in v1.8.0
func (t *Telemetry) Validate(source string) []ConfigError
type UnusedKeyMap ¶ added in v1.8.0
func UnusedFieldDifference ¶ added in v1.8.0
func UnusedFieldDifference(a, b UnusedKeyMap, foundKeys []string) UnusedKeyMap
UnusedFieldDifference returns all the keys in map a that are not present in map b, and also not present in foundKeys.
type ValidatableConfig ¶ added in v1.8.0
type ValidatableConfig interface {
Validate() []ConfigError
}