Documentation ¶
Index ¶
- Variables
- func DefaultConfig() string
- type AmqpConfig
- type ClientConfig
- type Config
- func (config *Config) GetKey(keyName string) (*KeyConfig, error)
- func (config *Config) GetTimestampConfig() (*TimestampConfig, error)
- func (config *Config) GetToken(tokenName string) (*TokenConfig, error)
- func (config *Config) ListServedTokens() []string
- func (config *Config) NewKey(name string) *KeyConfig
- func (config *Config) NewToken(name string) *TokenConfig
- func (config *Config) Normalize(path string) error
- func (config *Config) Path() string
- type KeyConfig
- type RemoteConfig
- type ServerAzureConfig
- type ServerConfig
- type TimestampConfig
- type TokenConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // these are set by main Version = "unknown" Commit = "unknown" Author = "SAS Institute Inc." UserAgent = "relic/" + Version )
Functions ¶
func DefaultConfig ¶
func DefaultConfig() string
Types ¶
type AmqpConfig ¶
type AmqpConfig struct { URL string // AMQP URL to report signatures to i.e. amqp://user:password@host CaCert string KeyFile string CertFile string SigsXchg string // Name of exchange to send to (default relic.signatures) }
func (*AmqpConfig) ExchangeName ¶
func (aconf *AmqpConfig) ExchangeName() string
func (*AmqpConfig) RoutingKey ¶
func (aconf *AmqpConfig) RoutingKey() string
type ClientConfig ¶
type ClientConfig struct { Nickname string // Name that appears in audit log entries Roles []string // List of roles that this client possesses Certificate string // Optional CA certificate(s) that sign client certs instead of using fingerprint-based auth // contains filtered or unexported fields }
func (*ClientConfig) Match ¶
func (cl *ClientConfig) Match(incoming []*x509.Certificate) (bool, error)
type Config ¶
type Config struct { Tokens map[string]*TokenConfig `yaml:",omitempty"` Keys map[string]*KeyConfig `yaml:",omitempty"` Server *ServerConfig `yaml:",omitempty"` Clients map[string]*ClientConfig `yaml:",omitempty"` Remote *RemoteConfig `yaml:",omitempty"` Timestamp *TimestampConfig `yaml:",omitempty"` Amqp *AmqpConfig `yaml:",omitempty"` AuditFile string `yaml:",omitempty"` // Optional log file for signatures PinFile string `yaml:",omitempty"` // Optional YAML file with additional token PINs // contains filtered or unexported fields }
func FromEnvironment ¶
FromEnvironment tries to build a client-only config from environment variables. If none are set then returns nil.
func (*Config) GetTimestampConfig ¶
func (config *Config) GetTimestampConfig() (*TimestampConfig, error)
func (*Config) ListServedTokens ¶
ListServedTokens returns a list of token names that are accessible by at least one role
func (*Config) NewToken ¶
func (config *Config) NewToken(name string) *TokenConfig
type KeyConfig ¶
type KeyConfig struct { Token string // Token section to use for this key (linux) Alias string // This is an alias for another key Label string // Select a key by label ID string // Select a key by ID (hex notation) PgpCertificate string // Path to PGP certificate associated with this key X509Certificate string // Path to X.509 certificate associated with this key KeyFile string // For "file" tokens, path to the private key IsPkcs12 bool // If true, key file contains PKCS#12 key and certificate chain Roles []string // List of user roles that can use this key Timestamp bool // If true, attach a timestamped countersignature when possible Hide bool // If true, then omit this key from 'remote list-keys' // contains filtered or unexported fields }
func (*KeyConfig) GetTimeout ¶
func (*KeyConfig) SetToken ¶
func (keyConf *KeyConfig) SetToken(tokenConf *TokenConfig)
type RemoteConfig ¶
type RemoteConfig struct { URL string `yaml:",omitempty"` // URL of remote server DirectoryURL string `yaml:",omitempty"` // URL of directory server KeyFile string `yaml:",omitempty"` // Path to TLS client key file CertFile string `yaml:",omitempty"` // Path to TLS client certificate or embedded certificate CaCert string `yaml:",omitempty"` // Path to CA certificate or embedded certificate ConnectTimeout int `yaml:",omitempty"` // Connection timeout in seconds Retries int `yaml:",omitempty"` // Attempt an operation (at least) N times AccessToken string `yaml:"-"` Interactive bool }
type ServerAzureConfig ¶
type ServerConfig ¶
type ServerConfig struct { Listen string // Port to listen for TLS connections ListenHTTP string // Port to listen for plaintext connections KeyFile string // Path to TLS key file CertFile string // Path to TLS certificate chain LogFile string // Optional error log LogLevel string // Optional log level PolicyURL string // Optional open-policy-agent endpoint Disabled bool // Always return 503 Service Unavailable ListenDebug bool // Serve debug info on an alternate port ListenMetrics string // Port to listen for plaintext metrics NumWorkers int // Number of worker subprocesses per configured token TokenCheckInterval int TokenCheckFailures int TokenCheckTimeout int TokenCacheSeconds int ReadHeaderTimeout int ReadTimeout int WriteTimeout int // URLs to all servers in the cluster. If a client uses DirectoryURL to // point to this server (or a load balancer), then we will give them these // URLs as a means to distribute load without needing a middle-box. Siblings []string // IP networks of trusted reverse proxies that can front this service TrustedProxies []string AzureAD *ServerAzureConfig }
type TimestampConfig ¶
type TimestampConfig struct { URLs []string // List of timestamp server URLs MsURLs []string // List of microsoft-style URLs Timeout int // Connect timeout in seconds CaCert string // Path to CA certificate Memcache []string // host:port of memcached to use for caching timestamps RateLimit float64 // limit timestamp requests per second RateBurst int // allow burst of requests before limit kicks in }
type TokenConfig ¶
type TokenConfig struct { Type string // Provider type: file or pkcs11 (default) Provider string // Path to PKCS#11 provider module (required) Label string // Select a token by label Serial string // Select a token by serial number Pin *string // PIN to use, otherwise will be prompted. Can be empty. (optional) Timeout int // (server) Terminate command after N seconds (default 60) Retries int // (server) Retry failed commands N times (default 5) RateLimit float64 // (server) limit token operations per second RateBurst int // (server) allow burst of operations before limit kicks in User *uint // User argument for PKCS#11 login (optional) UseKeyring bool // Read PIN from system keyring // contains filtered or unexported fields }
func (*TokenConfig) Name ¶
func (tconf *TokenConfig) Name() string
Click to show internal directories.
Click to hide internal directories.