server

package

v0.10.0 Latest Latest Go to latest Published: Apr 7, 2022 License: Apache-2.0 Imports: 57 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/infrahq/infra

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Asset(name string) ([]byte, error)
func AssetDigest(name string) ([sha256.Size]byte, error)
func AssetDir(name string) ([]string, error)
func AssetInfo(name string) (os.FileInfo, error)
func AssetNames() []string
func AssetString(name string) (string, error)
func AuthenticationMiddleware() gin.HandlerFunc
func DatabaseMiddleware(db *gorm.DB) gin.HandlerFunc
func Digests() (map[string][sha256.Size]byte, error)
func MustAsset(name string) []byte
func MustAssetString(name string) string
func RequestTimeoutMiddleware() gin.HandlerFunc
func RequireAccessKey(c *gin.Context) error
func RestoreAsset(dir, name string) error
func RestoreAssets(dir, name string) error
func SetupMetrics(db *gorm.DB) *prometheus.Registry
func WriteOpenAPISpecToFile(filename string) error
type API
- func (a *API) CreateAccessKey(c *gin.Context, r *api.CreateAccessKeyRequest) (*api.CreateAccessKeyResponse, error)
- func (a *API) CreateDestination(c *gin.Context, r *api.CreateDestinationRequest) (*api.Destination, error)
- func (a *API) CreateGrant(c *gin.Context, r *api.CreateGrantRequest) (*api.Grant, error)
- func (a *API) CreateGroup(c *gin.Context, r *api.CreateGroupRequest) (*api.Group, error)
- func (a *API) CreateIdentity(c *gin.Context, r *api.CreateIdentityRequest) (*api.CreateIdentityResponse, error)
- func (a *API) CreateProvider(c *gin.Context, r *api.CreateProviderRequest) (*api.Provider, error)
- func (a *API) CreateToken(c *gin.Context, r *api.EmptyRequest) (*api.CreateTokenResponse, error)
- func (a *API) DeleteAccessKey(c *gin.Context, r *api.Resource) error
- func (a *API) DeleteDestination(c *gin.Context, r *api.Resource) error
- func (a *API) DeleteGrant(c *gin.Context, r *api.Resource) error
- func (a *API) DeleteIdentity(c *gin.Context, r *api.Resource) error
- func (a *API) DeleteProvider(c *gin.Context, r *api.Resource) error
- func (a *API) GetDestination(c *gin.Context, r *api.Resource) (*api.Destination, error)
- func (a *API) GetGrant(c *gin.Context, r *api.Resource) (*api.Grant, error)
- func (a *API) GetGroup(c *gin.Context, r *api.Resource) (*api.Group, error)
- func (a *API) GetIdentity(c *gin.Context, r *api.Resource) (*api.Identity, error)
- func (a *API) GetProvider(c *gin.Context, r *api.Resource) (*api.Provider, error)
- func (a *API) Introspect(c *gin.Context, r *api.EmptyRequest) (*api.Introspect, error)
- func (a *API) ListAccessKeys(c *gin.Context, r *api.ListAccessKeysRequest) ([]api.AccessKey, error)
- func (a *API) ListDestinations(c *gin.Context, r *api.ListDestinationsRequest) ([]api.Destination, error)
- func (a *API) ListGrants(c *gin.Context, r *api.ListGrantsRequest) ([]api.Grant, error)
- func (a *API) ListGroupGrants(c *gin.Context, r *api.Resource) ([]api.Grant, error)
- func (a *API) ListGroups(c *gin.Context, r *api.ListGroupsRequest) ([]api.Group, error)
- func (a *API) ListIdentities(c *gin.Context, r *api.ListIdentitiesRequest) ([]api.Identity, error)
- func (a *API) ListIdentityGrants(c *gin.Context, r *api.Resource) ([]api.Grant, error)
- func (a *API) ListIdentityGroups(c *gin.Context, r *api.Resource) ([]api.Group, error)
- func (a *API) ListProviders(c *gin.Context, r *api.ListProvidersRequest) ([]api.Provider, error)
- func (a *API) Login(c *gin.Context, r *api.LoginRequest) (*api.LoginResponse, error)
- func (a *API) Logout(c *gin.Context, r *api.EmptyRequest) (*api.EmptyResponse, error)
- func (a *API) Setup(c *gin.Context, _ *api.EmptyRequest) (*api.CreateAccessKeyResponse, error)
- func (a *API) SetupRequired(c *gin.Context, _ *api.EmptyRequest) (*api.SetupRequiredResponse, error)
- func (a *API) UpdateDestination(c *gin.Context, r *api.UpdateDestinationRequest) (*api.Destination, error)
- func (a *API) UpdateIdentity(c *gin.Context, r *api.UpdateIdentityRequest) (*api.Identity, error)
- func (a *API) UpdateIdentityInfo(c *gin.Context) error
- func (a *API) UpdateProvider(c *gin.Context, r *api.UpdateProviderRequest) (*api.Provider, error)
- func (a *API) Version(c *gin.Context, r *api.EmptyRequest) (*api.Version, error)
type Addrs
type Config
type Grant
type KeyProvider
- func (sp *KeyProvider) UnmarshalYAML(unmarshal func(interface{}) error) error
type ListenerOptions
type Options
type Provider
type ReqHandlerFunc
type ReqResHandlerFunc
type ResHandlerFunc
type SecretProvider
- func (sp *SecretProvider) UnmarshalYAML(unmarshal func(interface{}) error) error
type Server
- func New(options Options) (*Server, error)
- func (s *Server) GenerateRoutes(promRegistry prometheus.Registerer) (*gin.Engine, error)
- func (s *Server) Run(ctx context.Context) error
type StaticFileSystem
- func (sfs StaticFileSystem) Exists(prefix string, filepath string) bool
- func (sfs StaticFileSystem) Open(name string) (http.File, error)
type Telemetry
- func NewTelemetry(db *gorm.DB) (*Telemetry, error)
- func (t *Telemetry) Close()
- func (t *Telemetry) Enqueue(track analytics.Track) error
- func (t *Telemetry) EnqueueHeartbeat() error

Constants ¶

View Source

const AssetDebug = false

AssetDebug is true if the assets were built with the debug flag enabled.

Variables ¶

View Source

var (
	CookieAuthorizationName = "auth"
	CookieLoginName         = "login"
	CookieDomain            = ""
	CookiePath              = "/"
	// while these vars look goofy, they avoid "magic number" arguments to SetCookie
	CookieHTTPOnlyNotJavascriptAccessible = true    // setting HttpOnly to true means JS can't access it.
	CookieSecureHTTPSOnly                 = true    // setting Secure to true means the cookie is only sent over https connections
	CookieMaxAgeDeleteImmediately         = int(-1) // <0: delete immediately
	CookieMaxAgeNoExpiry                  = int(0)  // zero has special meaning of "no expiry"
)

Functions ¶

func Asset ¶

func Asset(name string) ([]byte, error)

Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetDigest ¶ added in v0.5.8

func AssetDigest(name string) ([sha256.Size]byte, error)

AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.

func AssetDir ¶

func AssetDir(name string) ([]string, error)

AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:

data/
  foo.txt
  img/
    a.png
    b.png

then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.

func AssetInfo ¶

func AssetInfo(name string) (os.FileInfo, error)

AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetNames ¶

func AssetNames() []string

AssetNames returns the names of the assets.

func AssetString ¶ added in v0.5.8

func AssetString(name string) (string, error)

AssetString returns the asset contents as a string (instead of a []byte).

func AuthenticationMiddleware ¶ added in v0.5.4

func AuthenticationMiddleware() gin.HandlerFunc

AuthenticationMiddleware validates the incoming token

func DatabaseMiddleware ¶ added in v0.5.4

func DatabaseMiddleware(db *gorm.DB) gin.HandlerFunc

DatabaseMiddleware injects a `db` object into the Gin context.

func Digests ¶ added in v0.5.8

func Digests() (map[string][sha256.Size]byte, error)

Digests returns a map of all known files and their checksums.

func MustAsset ¶

func MustAsset(name string) []byte

MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.

func MustAssetString ¶ added in v0.5.8

func MustAssetString(name string) string

MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.

func RequestTimeoutMiddleware ¶ added in v0.5.4

func RequestTimeoutMiddleware() gin.HandlerFunc

RequestTimeoutMiddleware adds a timeout to the request context within the Gin context. To correctly abort long-running requests, this depends on the users of the context to stop working when the context cancels. Note: The goroutine for the request is never halted; if the context is not passed down to lower packages and long-running tasks, then the app will not magically stop working on the request. No effort should be made to write an early http response here; it's up to the users of the context to watch for c.Request.Context().Err() or <-c.Request.Context().Done()

func RequireAccessKey ¶ added in v0.5.4

func RequireAccessKey(c *gin.Context) error

RequireAccessKey checks the bearer token is present and valid

func RestoreAsset ¶

func RestoreAsset(dir, name string) error

RestoreAsset restores an asset under the given directory.

func RestoreAssets ¶

func RestoreAssets(dir, name string) error

RestoreAssets restores an asset under the given directory recursively.

func SetupMetrics ¶ added in v0.5.4

func SetupMetrics(db *gorm.DB) *prometheus.Registry

func WriteOpenAPISpecToFile ¶ added in v0.7.0

func WriteOpenAPISpecToFile(filename string) error

Types ¶

type API ¶ added in v0.5.4

type API struct {
	// contains filtered or unexported fields
}

func (*API) CreateAccessKey ¶ added in v0.5.4

func (a *API) CreateAccessKey(c *gin.Context, r *api.CreateAccessKeyRequest) (*api.CreateAccessKeyResponse, error)

func (*API) CreateDestination ¶ added in v0.5.4

func (a *API) CreateDestination(c *gin.Context, r *api.CreateDestinationRequest) (*api.Destination, error)

func (*API) CreateGrant ¶ added in v0.5.4

func (a *API) CreateGrant(c *gin.Context, r *api.CreateGrantRequest) (*api.Grant, error)

func (*API) CreateGroup ¶ added in v0.5.4

func (a *API) CreateGroup(c *gin.Context, r *api.CreateGroupRequest) (*api.Group, error)

func (*API) CreateIdentity ¶ added in v0.9.0

func (a *API) CreateIdentity(c *gin.Context, r *api.CreateIdentityRequest) (*api.CreateIdentityResponse, error)

func (*API) CreateProvider ¶ added in v0.5.4

func (a *API) CreateProvider(c *gin.Context, r *api.CreateProviderRequest) (*api.Provider, error)

func (*API) CreateToken ¶ added in v0.5.4

func (a *API) CreateToken(c *gin.Context, r *api.EmptyRequest) (*api.CreateTokenResponse, error)

func (*API) DeleteAccessKey ¶ added in v0.5.4

func (a *API) DeleteAccessKey(c *gin.Context, r *api.Resource) error

func (*API) DeleteDestination ¶ added in v0.5.4

func (a *API) DeleteDestination(c *gin.Context, r *api.Resource) error

func (*API) DeleteGrant ¶ added in v0.5.4

func (a *API) DeleteGrant(c *gin.Context, r *api.Resource) error

func (*API) DeleteIdentity ¶ added in v0.9.0

func (a *API) DeleteIdentity(c *gin.Context, r *api.Resource) error

func (*API) DeleteProvider ¶ added in v0.5.4

func (a *API) DeleteProvider(c *gin.Context, r *api.Resource) error

func (*API) GetDestination ¶ added in v0.5.4

func (a *API) GetDestination(c *gin.Context, r *api.Resource) (*api.Destination, error)

func (*API) GetGrant ¶ added in v0.5.4

func (a *API) GetGrant(c *gin.Context, r *api.Resource) (*api.Grant, error)

func (*API) GetGroup ¶ added in v0.5.4

func (a *API) GetGroup(c *gin.Context, r *api.Resource) (*api.Group, error)

func (*API) GetIdentity ¶ added in v0.9.0

func (a *API) GetIdentity(c *gin.Context, r *api.Resource) (*api.Identity, error)

func (*API) GetProvider ¶ added in v0.5.4

func (a *API) GetProvider(c *gin.Context, r *api.Resource) (*api.Provider, error)

caution: this endpoint is unauthenticated, do not return sensitive info

func (*API) Introspect ¶ added in v0.5.8

func (a *API) Introspect(c *gin.Context, r *api.EmptyRequest) (*api.Introspect, error)

Introspect is used by clients to get info about the token they are using

func (*API) ListAccessKeys ¶ added in v0.5.4

func (a *API) ListAccessKeys(c *gin.Context, r *api.ListAccessKeysRequest) ([]api.AccessKey, error)

func (*API) ListDestinations ¶ added in v0.5.4

func (a *API) ListDestinations(c *gin.Context, r *api.ListDestinationsRequest) ([]api.Destination, error)

func (*API) ListGrants ¶ added in v0.5.4

func (a *API) ListGrants(c *gin.Context, r *api.ListGrantsRequest) ([]api.Grant, error)

func (*API) ListGroupGrants ¶ added in v0.5.4

func (a *API) ListGroupGrants(c *gin.Context, r *api.Resource) ([]api.Grant, error)

func (*API) ListGroups ¶ added in v0.5.4

func (a *API) ListGroups(c *gin.Context, r *api.ListGroupsRequest) ([]api.Group, error)

func (*API) ListIdentities ¶ added in v0.9.0

func (a *API) ListIdentities(c *gin.Context, r *api.ListIdentitiesRequest) ([]api.Identity, error)

func (*API) ListIdentityGrants ¶ added in v0.9.0

func (a *API) ListIdentityGrants(c *gin.Context, r *api.Resource) ([]api.Grant, error)

func (*API) ListIdentityGroups ¶ added in v0.9.0

func (a *API) ListIdentityGroups(c *gin.Context, r *api.Resource) ([]api.Group, error)

func (*API) ListProviders ¶ added in v0.5.4

func (a *API) ListProviders(c *gin.Context, r *api.ListProvidersRequest) ([]api.Provider, error)

caution: this endpoint is unauthenticated, do not return sensitive info

func (a *API) Login(c *gin.Context, r *api.LoginRequest) (*api.LoginResponse, error)

func (*API) Logout ¶ added in v0.5.4

func (a *API) Logout(c *gin.Context, r *api.EmptyRequest) (*api.EmptyResponse, error)

func (*API) Setup ¶ added in v0.5.9

func (a *API) Setup(c *gin.Context, _ *api.EmptyRequest) (*api.CreateAccessKeyResponse, error)

func (*API) SetupRequired ¶ added in v0.5.9

func (a *API) SetupRequired(c *gin.Context, _ *api.EmptyRequest) (*api.SetupRequiredResponse, error)

func (*API) UpdateDestination ¶ added in v0.5.4

func (a *API) UpdateDestination(c *gin.Context, r *api.UpdateDestinationRequest) (*api.Destination, error)

func (*API) UpdateIdentity ¶ added in v0.9.0

func (a *API) UpdateIdentity(c *gin.Context, r *api.UpdateIdentityRequest) (*api.Identity, error)

func (*API) UpdateIdentityInfo ¶ added in v0.9.0

func (a *API) UpdateIdentityInfo(c *gin.Context) error

UpdateIdentityInfo calls the identity provider used to authenticate this user session to update their current information

func (*API) UpdateProvider ¶ added in v0.5.4

func (a *API) UpdateProvider(c *gin.Context, r *api.UpdateProviderRequest) (*api.Provider, error)

func (*API) Version ¶ added in v0.5.4

func (a *API) Version(c *gin.Context, r *api.EmptyRequest) (*api.Version, error)

type Addrs ¶ added in v0.9.0

type Addrs struct {
	HTTP    net.Addr
	HTTPS   net.Addr
	Metrics net.Addr
}

type Config ¶

type Config struct {
	Providers []Provider `mapstructure:"providers" validate:"dive"`
	Grants    []Grant    `mapstructure:"grants" validate:"dive"`
}

type Grant ¶ added in v0.5.9

type Grant struct {
	User     string `mapstructure:"user" validate:"excluded_with=Group,excluded_with=Machine"`
	Group    string `mapstructure:"group" validate:"excluded_with=User,excluded_with=Machine"`
	Machine  string `mapstructure:"machine" validate:"excluded_with=User,excluded_with=Group"`
	Provider string `mapstructure:"provider"`
	Role     string `mapstructure:"role" validate:"required"`
	Resource string `mapstructure:"resource" validate:"required"`
}

type KeyProvider ¶ added in v0.5.4

type KeyProvider struct {
	Kind   string      `yaml:"kind" validate:"required"`
	Config interface{} // contains secret-provider-specific config
}

func (*KeyProvider) UnmarshalYAML ¶ added in v0.5.4

func (sp *KeyProvider) UnmarshalYAML(unmarshal func(interface{}) error) error

type ListenerOptions ¶ added in v0.9.0

type ListenerOptions struct {
	HTTP    string
	HTTPS   string
	Metrics string
}

type Options ¶ added in v0.5.4

type Options struct {
	TLSCache             string        `mapstructure:"tlsCache"`
	AdminAccessKey       string        `mapstructure:"adminAccessKey"`
	AccessKey            string        `mapstructure:"accessKey"`
	EnableTelemetry      bool          `mapstructure:"enableTelemetry"`
	EnableCrashReporting bool          `mapstructure:"enableCrashReporting"`
	EnableUI             bool          `mapstructure:"enableUI"`
	UIProxyURL           string        `mapstructure:"uiProxyURL"`
	EnableSetup          bool          `mapstructure:"enableSetup"`
	SessionDuration      time.Duration `mapstructure:"sessionDuration"`

	DBFile                  string `mapstructure:"dbFile"`
	DBEncryptionKey         string `mapstructure:"dbEncryptionKey"`
	DBEncryptionKeyProvider string `mapstructure:"dbEncryptionKeyProvider"`
	DBHost                  string `mapstructure:"dbHost" `
	DBPort                  int    `mapstructure:"dbPort"`
	DBName                  string `mapstructure:"dbName"`
	DBUser                  string `mapstructure:"dbUsername"`
	DBPassword              string `mapstructure:"dbPassword"`
	DBParameters            string `mapstructure:"dbParameters"`

	Keys    []KeyProvider    `mapstructure:"keys"`
	Secrets []SecretProvider `mapstructure:"secrets"`

	Config `mapstructure:",squash"`

	NetworkEncryption           string `mapstructure:"networkEncryption"` // mtls (default), e2ee, none.
	TrustInitialClientPublicKey string `mapstructure:"trustInitialClientPublicKey"`
	InitialRootCACert           string `mapstructure:"initialRootCACert"`
	InitialRootCAPublicKey      string `mapstructure:"initialRootCAPublicKey"`
	FullKeyRotationInDays       int    `mapstructure:"fullKeyRotationInDays"` // 365 default

	Addr ListenerOptions `mapstructure:"addr"`
}

type Provider ¶

type Provider struct {
	Name         string `mapstructure:"name" validate:"required"`
	URL          string `mapstructure:"url" validate:"required"`
	ClientID     string `mapstructure:"clientID" validate:"required"`
	ClientSecret string `mapstructure:"clientSecret" validate:"required"`
}

type ReqHandlerFunc ¶ added in v0.5.4

type ReqHandlerFunc[Req any] func(c *gin.Context, req *Req) error

type ReqResHandlerFunc ¶ added in v0.5.4

type ReqResHandlerFunc[Req, Res any] func(c *gin.Context, req *Req) (Res, error)

type ResHandlerFunc ¶ added in v0.5.4

type ResHandlerFunc[Res any] func(c *gin.Context) (Res, error)

type SecretProvider ¶ added in v0.5.4

type SecretProvider struct {
	Kind   string      `yaml:"kind" validate:"required"`
	Name   string      `yaml:"name"` // optional
	Config interface{} // contains secret-provider-specific config
}

func (*SecretProvider) UnmarshalYAML ¶ added in v0.5.4

func (sp *SecretProvider) UnmarshalYAML(unmarshal func(interface{}) error) error

type Server ¶ added in v0.5.4

type Server struct {
	Addrs Addrs
	// contains filtered or unexported fields
}

func New ¶ added in v0.9.0

func New(options Options) (*Server, error)

func (*Server) GenerateRoutes ¶ added in v0.5.12

func (s *Server) GenerateRoutes(promRegistry prometheus.Registerer) (*gin.Engine, error)

func (*Server) Run ¶ added in v0.9.0

func (s *Server) Run(ctx context.Context) error

type StaticFileSystem ¶

type StaticFileSystem struct {
	// contains filtered or unexported fields
}

func (StaticFileSystem) Exists ¶ added in v0.5.8

func (sfs StaticFileSystem) Exists(prefix string, filepath string) bool

func (StaticFileSystem) Open ¶

func (sfs StaticFileSystem) Open(name string) (http.File, error)

type Telemetry ¶ added in v0.5.4

type Telemetry struct {
	// contains filtered or unexported fields
}

func NewTelemetry ¶ added in v0.5.4

func NewTelemetry(db *gorm.DB) (*Telemetry, error)

func (*Telemetry) Close ¶ added in v0.5.4

func (t *Telemetry) Close()

func (*Telemetry) Enqueue ¶ added in v0.5.4

func (t *Telemetry) Enqueue(track analytics.Track) error

func (*Telemetry) EnqueueHeartbeat ¶ added in v0.5.4

func (t *Telemetry) EnqueueHeartbeat() error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authn
data
models

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL