server

package
v0.0.68 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 17, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package server contains a centralized structure for all configuration options.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrInvalidBundleSource indicates the config has an invalid source type
	ErrInvalidBundleSource = errors.New("unexpected bundle source")
)

Functions

func FallbackOAuthClientConfigValues

func FallbackOAuthClientConfigValues(provider string, cfg *OAuthClientConfig)

FallbackOAuthClientConfigValues reads the OAuth client configuration values directly via viper this is a temporary hack until we migrate all the configuration to be read from the per-provider sections

func RegisterIdentityFlags

func RegisterIdentityFlags(v *viper.Viper, flags *pflag.FlagSet) error

RegisterIdentityFlags registers the flags for the identity server

func RegisterServerFlags

func RegisterServerFlags(v *viper.Viper, flags *pflag.FlagSet) error

RegisterServerFlags registers the flags for the Minder server

func SetViperDefaults

func SetViperDefaults(v *viper.Viper)

SetViperDefaults sets the default values for the configuration to be picked up by viper

Types

type AWSSES

type AWSSES struct {
	// Sender is the email address of the sender
	Sender string `mapstructure:"sender"`
	// Region is the AWS region to use for AWS SES
	Region string `mapstructure:"region"`
}

AWSSES is the AWS SES configuration

type AggregatorConfig

type AggregatorConfig struct {
	// LockInterval is the interval for locking events in seconds.
	// This is the threshold between rule evaluations + actions.
	LockInterval int64 `mapstructure:"lock_interval" default:"30"`
}

AggregatorConfig is the configuration for the event aggregator middleware

type AuthConfig

type AuthConfig struct {
	// NoncePeriod is the period in seconds for which a nonce is valid
	NoncePeriod int64 `mapstructure:"nonce_period" default:"3600"`
	// TokenKey is the key used to store the provider's token in the database
	TokenKey string `mapstructure:"token_key" default:"./.ssh/token_key_passphrase"`
}

AuthConfig is the configuration for the auth package

type AuthzConfig

type AuthzConfig struct {
	// ApiUrl is the URL to the authorization server
	ApiUrl string `mapstructure:"api_url" validate:"required"`
	// StoreName is the name of the store to use for authorization
	StoreName string `mapstructure:"store_name" default:"minder" validate:"required_without=StoreID"`
	// StoreID is the ID of the store to use for authorization
	StoreID string `mapstructure:"store_id" default:"" validate:"required_without=StoreName"`
	// ModelID is the ID of the model to use for authorization
	ModelID string `mapstructure:"model_id" default:""`
	// Auth is the authentication configuration for the authorization server
	Auth OpenFGAAuth `mapstructure:"auth" validate:"required"`
}

AuthzConfig is the configuration for minder's authorization

func (*AuthzConfig) Validate

func (a *AuthzConfig) Validate() error

Validate validates the Authz configuration

type BundleSourceConfig

type BundleSourceConfig struct {
	Type     string `mapstructure:"type"`
	Location string `mapstructure:"location"`
}

BundleSourceConfig holds details about where the bundle gets loaded from

func (*BundleSourceConfig) GetType

GetType returns the source as an enum type, or error if invalid TODO: investigate whether mapstructure would allow us to validate during deserialization.

type CORSConfig

type CORSConfig struct {
	// Enabled is the flag to enable CORS
	Enabled bool `mapstructure:"enabled" default:"false"`
	// AllowOrigins is the list of allowed origins
	AllowOrigins []string `mapstructure:"allow_origins"`
	// AllowMethods is the list of allowed methods
	AllowMethods []string `mapstructure:"allow_methods"`
	// AllowHeaders is the list of allowed headers
	AllowHeaders []string `mapstructure:"allow_headers"`
	// ExposeHeaders is the list of exposed headers
	ExposeHeaders []string `mapstructure:"expose_headers"`
	// AllowCredentials is the flag to allow credentials
	AllowCredentials bool `mapstructure:"allow_credentials" default:"false"`
}

CORSConfig is the configuration for the CORS middleware that can be used with the HTTP server. Note that this is not applicable to the gRPC server.

type Config

type Config struct {
	HTTPServer      HTTPServerConfig      `mapstructure:"http_server"`
	GRPCServer      GRPCServerConfig      `mapstructure:"grpc_server"`
	MetricServer    MetricServerConfig    `mapstructure:"metric_server"`
	LoggingConfig   LoggingConfig         `mapstructure:"logging"`
	Tracing         TracingConfig         `mapstructure:"tracing"`
	Metrics         MetricsConfig         `mapstructure:"metrics"`
	Flags           FlagsConfig           `mapstructure:"flags"`
	Database        config.DatabaseConfig `mapstructure:"database"`
	Identity        IdentityConfigWrapper `mapstructure:"identity"`
	Auth            AuthConfig            `mapstructure:"auth"`
	WebhookConfig   WebhookConfig         `mapstructure:"webhook-config"`
	Events          EventConfig           `mapstructure:"events"`
	Authz           AuthzConfig           `mapstructure:"authz"`
	Provider        ProviderConfig        `mapstructure:"provider"`
	Marketplace     MarketplaceConfig     `mapstructure:"marketplace"`
	DefaultProfiles DefaultProfilesConfig `mapstructure:"default_profiles"`
	Crypto          CryptoConfig          `mapstructure:"crypto"`
	Email           EmailConfig           `mapstructure:"email"`
}

Config is the top-level configuration structure.

func DefaultConfigForTest

func DefaultConfigForTest() *Config

DefaultConfigForTest returns a configuration with all the struct defaults set, but no other changes.

type ConfigBundleSource

type ConfigBundleSource string

ConfigBundleSource is an enum of valid config sources

const (
	// TgzSource represents a bundle in a .tar.gz file
	TgzSource ConfigBundleSource = "tgz"
	// Unknown is a default value
	Unknown = "unknown"
)

type CryptoConfig

type CryptoConfig struct {
	KeyStore KeyStoreConfig `mapstructure:"keystore"`
	Default  DefaultCrypto  `mapstructure:"default"`
	Fallback FallbackCrypto `mapstructure:"fallback"`
}

CryptoConfig is the configuration for the crypto engine

type DefaultCrypto

type DefaultCrypto struct {
	// `token_key_passphrase` is the filename generated by `make bootstrap`
	KeyID string `mapstructure:"key_id"`
}

DefaultCrypto defines the default crypto to be used for new data

type DefaultProfilesConfig

type DefaultProfilesConfig struct {
	Enabled bool `mapstructure:"enabled" default:"false"`
	// List of profile names to install
	Profiles []string `mapstructure:"profiles"`
	// The bundle to subscribe to
	Bundle IncludedBundleConfig `mapstructure:"bundle"`
}

DefaultProfilesConfig holds the profiles installed by default during project creation. If omitted - this will default to disabled.

func (*DefaultProfilesConfig) GetProfiles

func (d *DefaultProfilesConfig) GetProfiles() []string

GetProfiles is a null-safe getter for Profiles

type EmailConfig

type EmailConfig struct {
	// MinderURLBase is the base URL to use for minder invite URLs, e.g. https://cloud.stacklok.com
	MinderURLBase string `mapstructure:"minder_url_base"`
	// AWSSES is the AWS SES configuration
	AWSSES AWSSES `mapstructure:"aws_ses"`
}

EmailConfig is the configuration for the email sending service

type EventConfig

type EventConfig struct {
	// Driver is the driver used to store events
	Driver string `mapstructure:"driver" default:"go-channel"`
	// RouterCloseTimeout is the timeout for closing the router in seconds
	RouterCloseTimeout int64 `mapstructure:"router_close_timeout" default:"10"`
	// GoChannel is the configuration for the go channel event driver
	GoChannel GoChannelEventConfig `mapstructure:"go-channel"`
	// SQLPubSub is the configuration for the database event driver
	SQLPubSub SQLEventConfig `mapstructure:"sql"`
	// Aggregator is the configuration for the event aggregator middleware
	Aggregator AggregatorConfig `mapstructure:"aggregator"`
	// Nats is the configuration when using NATS as the event driver
	Nats NatsConfig `mapstructure:"nats"`
}

EventConfig is the configuration for minder's eventing system.

type FallbackCrypto

type FallbackCrypto struct {
	KeyID string `mapstructure:"key_id"`
}

FallbackCrypto defines the optional key and algorithm which can be used for decrypting old secrets. This is used for rotating keys or algorithms.

type FlagsConfig

type FlagsConfig struct {
	AppName string `mapstructure:"app_name" default:"minder"`

	GoFeature GoFeatureConfig `mapstructure:"go_feature"`
}

FlagsConfig contains the configuration for feature flags

type GRPCServerConfig

type GRPCServerConfig struct {
	// Host is the host to bind to
	Host string `mapstructure:"host" default:"127.0.0.1"`
	// Port is the port to bind to
	Port int `mapstructure:"port" default:"8090"`
}

GRPCServerConfig is the configuration for the gRPC server

func (*GRPCServerConfig) GetAddress

func (s *GRPCServerConfig) GetAddress() string

GetAddress returns the address to bind to

type GitConfig

type GitConfig struct {
	MaxFiles int64 `mapstructure:"max_files" default:"10000"`
	MaxBytes int64 `mapstructure:"max_bytes" default:"100_000_000"`
}

GitConfig provides server-side configuration for Git operations like "clone"

type GitHubAppConfig

type GitHubAppConfig struct {
	OAuthClientConfig `mapstructure:",squash"`

	// AppName is the name of the GitHub App
	AppName string `mapstructure:"app_name"`
	// AppID is the ID of the GitHub App
	AppID int64 `mapstructure:"app_id" default:"0"`
	// UserID is the ID of the GitHub App user
	UserID int64 `mapstructure:"user_id" default:"0"`
	// PrivateKey is the path to the GitHub App's private key in PEM format
	PrivateKey string `mapstructure:"private_key"`
	// WebhookSecret is the GitHub App's webhook secret
	WebhookSecret string `mapstructure:"webhook_secret"`
	// WebhookSecretFile is the location of the file containing the GitHub App's webhook secret
	WebhookSecretFile string `mapstructure:"webhook_secret_file"`
	// FallbackToken is the fallback token to use when listing packages
	FallbackToken string `mapstructure:"fallback_token"`
	// FallbackTokenFile is the location of the file containing the fallback token to use when listing packages
	FallbackTokenFile string `mapstructure:"fallback_token_file"`
}

GitHubAppConfig is the configuration for the GitHub App providers

func (*GitHubAppConfig) GetFallbackToken

func (ghcfg *GitHubAppConfig) GetFallbackToken() (string, error)

GetFallbackToken returns the GitHub App's fallback token

func (*GitHubAppConfig) GetPrivateKey

func (ghcfg *GitHubAppConfig) GetPrivateKey() (*rsa.PrivateKey, error)

GetPrivateKey returns the GitHub App's private key

func (*GitHubAppConfig) GetWebhookSecret

func (ghcfg *GitHubAppConfig) GetWebhookSecret() (string, error)

GetWebhookSecret returns the GitHub App's webhook secret

type GitHubConfig

type GitHubConfig struct {
	OAuthClientConfig `mapstructure:",squash"`
}

GitHubConfig is the configuration for the GitHub OAuth providers

type GitLabConfig

type GitLabConfig struct {
	OAuthClientConfig `mapstructure:",squash"`

	// WebhookSecrets is the configuration for the GitLab webhook secrets
	// setup and verification. This is used to verify incoming webhook requests
	// from GitLab, as well as to generate the webhook URL for GitLab to send
	// events to.
	WebhookSecrets `mapstructure:",squash"`

	// Scopes is the list of scopes to request from the GitLab OAuth provider
	Scopes []string `mapstructure:"scopes"`
}

GitLabConfig is the configuration for the GitLab OAuth providers

type GoChannelEventConfig

type GoChannelEventConfig struct {
	// BufferSize is the size of the buffer for the go channel
	BufferSize int64 `mapstructure:"buffer_size" default:"0"`
	// PersistEvents is whether or not to persist events to the channel
	PersistEvents bool `mapstructure:"persist_events" default:"false"`
	// BlockPublishUntilSubscriberAck is whether or not to block publishing until
	// the subscriber acks the message. This is useful for testing.
	BlockPublishUntilSubscriberAck bool `mapstructure:"block_publish_until_subscriber_ack" default:"false"`
}

GoChannelEventConfig is the configuration for the go channel event driver for minder's eventing system.

type GoFeatureConfig

type GoFeatureConfig struct {
	FilePath string `mapstructure:"file_path" default:""`
}

GoFeatureConfig contains the configuration for the GoFeatureFlag (https://gofeatureflag.org/) provider.

type HTTPServerConfig

type HTTPServerConfig struct {
	// Host is the host to bind to
	Host string `mapstructure:"host" default:"127.0.0.1"`
	// Port is the port to bind to
	Port int `mapstructure:"port" default:"8080"`

	// CORS is the configuration for CORS
	CORS CORSConfig `mapstructure:"cors"`
}

HTTPServerConfig is the configuration for the HTTP server

func (*HTTPServerConfig) GetAddress

func (s *HTTPServerConfig) GetAddress() string

GetAddress returns the address to bind to

type IdentityConfig

type IdentityConfig struct {
	// IssuerUrl is the base URL for calling APIs on the identity server.  Note that this URL
	// ised for direct communication with the identity server, and is not the URL that
	// is included in the JWT tokens.  It is named 'issuer_url' for historical compatibility.
	IssuerUrl string `mapstructure:"issuer_url" default:"http://localhost:8081"`
	// IssuerClaim is the claim in the JWT token that identifies the issuer
	IssuerClaim string `mapstructure:"issuer_claim" default:"http://localhost:8081/realms/stacklok"`
	// ClientId is the client ID that identifies the minder server
	ClientId string `mapstructure:"client_id" default:"minder-server"`
	// ClientSecret is the client secret for the minder server
	ClientSecret string `mapstructure:"client_secret" default:"secret"`
	// ClientSecretFile is the location of a file containing the client secret for the minder server (optional)
	ClientSecretFile string `mapstructure:"client_secret_file"`
	// Audience is the expected audience for JWT tokens (see OpenID spec)
	Audience string `mapstructure:"audience" default:"minder"`
}

IdentityConfig is the configuration for the identity provider in minder server

func (*IdentityConfig) Do

func (sic *IdentityConfig) Do(
	ctx context.Context, method string, path string, query url.Values, body io.Reader) (*http.Response, error)

Do sends an HTTP request to the identity server, using the configured client credentials.

func (*IdentityConfig) GetClientSecret

func (sic *IdentityConfig) GetClientSecret() (string, error)

GetClientSecret returns the minder-server client secret

func (*IdentityConfig) Issuer

func (ic *IdentityConfig) Issuer() url.URL

Issuer returns the URL of the identity server

func (*IdentityConfig) JwtUrl

func (sic *IdentityConfig) JwtUrl(elem ...string) (*url.URL, error)

JwtUrl returns the base `iss` claim as a URL.

func (*IdentityConfig) Path

func (sic *IdentityConfig) Path(path string) (*url.URL, error)

Path returns a URL for the given path on the identity server

type IdentityConfigWrapper

type IdentityConfigWrapper struct {
	Server IdentityConfig `mapstructure:"server"`
}

IdentityConfigWrapper is the configuration for the identity provider

type IncludedBundleConfig

type IncludedBundleConfig struct {
	Namespace string `mapstructure:"namespace"`
	Name      string `mapstructure:"name"`
}

IncludedBundleConfig holds details about the bundle included with Minder

type KeyStoreConfig

type KeyStoreConfig struct {
	Type  string              `mapstructure:"type" default:"local"`
	Local LocalKeyStoreConfig `mapstructure:"local"`
}

KeyStoreConfig specifies the type of keystore to use and its configuration If we support multiple types of keystore (e.g. local, aws secrets, vault, etc.) it is intended that there will be one field for each type of keystore config, and that the `Type` field specifies which one to use

type LocalKeyStoreConfig

type LocalKeyStoreConfig struct {
	// `./.ssh/` is the directory generated by `make bootstrap`
	KeyDir string `mapstructure:"key_dir" default:"./.ssh/"`
}

LocalKeyStoreConfig contains configuration for the local file keystore

type LoggingConfig

type LoggingConfig struct {
	Level   string `mapstructure:"level" default:"debug"`
	Format  string `mapstructure:"format" default:"json"`
	LogFile string `mapstructure:"logFile" default:""`

	// LogPayloads controls whether or not message payloads are ever logged.
	// For debugging purposes, it may be useful to log the payloads that result
	// in error conditions, but could also leak PII.
	LogPayloads bool `mapstructure:"logPayloads" default:"false"`
}

LoggingConfig is the configuration for the logging package

type MarketplaceConfig

type MarketplaceConfig struct {
	Enabled bool                 `mapstructure:"enabled" default:"false"`
	Sources []BundleSourceConfig `mapstructure:"sources"`
}

MarketplaceConfig holds the config for the marketplace functionality.

type MetricServerConfig

type MetricServerConfig struct {
	// Host is the host to bind to
	Host string `mapstructure:"host" default:"127.0.0.1"`
	// Port is the port to bind to
	Port int `mapstructure:"port" default:"9090"`
}

MetricServerConfig is the configuration for the metric server

func (*MetricServerConfig) GetAddress

func (s *MetricServerConfig) GetAddress() string

GetAddress returns the address to bind to

type MetricsConfig

type MetricsConfig struct {
	Enabled bool `mapstructure:"enabled" default:"true"`
}

MetricsConfig is the configuration for the metrics

type NatsConfig

type NatsConfig struct {
	// URL is the URL for the NATS server
	URL string `mapstructure:"url" default:"nats://localhost:4222"`
	// Prefix is the prefix for the NATS subjects to subscribe to
	Prefix string `mapstructure:"prefix" default:"minder"`
	// Queue is the name of the queue group to join when consuming messages
	// queue groups allow multiple process to round-robin process messages.
	Queue string `mapstructure:"queue" default:"minder"`
}

NatsConfig is the configuration when using NATS as the event driver

type OAuthClientConfig

type OAuthClientConfig struct {
	// ClientID is the OAuth client ID
	ClientID string `mapstructure:"client_id"`
	// ClientIDFile is the location of the file containing the OAuth client ID
	ClientIDFile string `mapstructure:"client_id_file"`
	// ClientSecret is the OAuth client secret
	ClientSecret string `mapstructure:"client_secret"`
	// ClientSecretFile is the location of the file containing the OAuth client secret
	ClientSecretFile string `mapstructure:"client_secret_file"`
	// RedirectURI is the OAuth redirect URI
	RedirectURI string `mapstructure:"redirect_uri"`
	// Endpoint is the OAuth endpoint. Currently only used for testing
	Endpoint *OAuthEndpoint `mapstructure:"endpoint"`
}

OAuthClientConfig is the configuration for the OAuth client

func (*OAuthClientConfig) GetClientID

func (cfg *OAuthClientConfig) GetClientID() (string, error)

GetClientID returns the OAuth client ID from either the file or the argument

func (*OAuthClientConfig) GetClientSecret

func (cfg *OAuthClientConfig) GetClientSecret() (string, error)

GetClientSecret returns the OAuth client secret from either the file or the argument

type OAuthEndpoint

type OAuthEndpoint struct {
	// TokenURL is the OAuth token URL
	TokenURL string `mapstructure:"token_url"`
}

OAuthEndpoint is the configuration for the OAuth endpoint Only used for testing

type OpenFGAAuth

type OpenFGAAuth struct {
	// Method is the authentication method to use
	Method string `mapstructure:"method" default:"none" validate:"oneof=token none"`

	// Token is the configuration for OpenID Connect authentication
	Token TokenAuth `mapstructure:"token"`
}

OpenFGAAuth contains the authentication configuration for OpenFGA

func (*OpenFGAAuth) Validate

func (o *OpenFGAAuth) Validate() error

Validate validates the OpenFGAAuth configuration

type ProviderConfig

type ProviderConfig struct {
	GitHubApp *GitHubAppConfig `mapstructure:"github-app"`
	GitHub    *GitHubConfig    `mapstructure:"github"`
	Git       GitConfig        `mapstructure:"git"`
	GitLab    *GitLabConfig    `mapstructure:"gitlab"`
}

ProviderConfig is the configuration for the providers

type SQLEventConfig

type SQLEventConfig struct {
	// InitSchema is whether or not to initialize the schema
	InitSchema bool                  `mapstructure:"init_schema" default:"true"`
	Connection config.DatabaseConfig `mapstructure:"connection" default:"{\"dbname\":\"watermill\"}"`
	// AckDeadline is the deadline (in seconds) before timing out and re-attempting
	// a message delivery.  Note that setting this too short can cause messages to
	// be retried even they should be marked as "poison".
	AckDeadline time.Duration `mapstructure:"ack_deadline" default:"300s"`
}

SQLEventConfig is the configuration for the database event driver

type TokenAuth

type TokenAuth struct {
	// TokenPath is the path to the token to use for authentication.
	// defaults to the kubernetes service account token
	//nolint:lll
	TokenPath string `mapstructure:"token_path" default:"/var/run/secrets/kubernetes.io/serviceaccount/token"`
}

TokenAuth contains the configuration for token authentication

func (*TokenAuth) ReadToken

func (t *TokenAuth) ReadToken() (string, error)

ReadToken reads the token from the configured path

func (*TokenAuth) Validate

func (t *TokenAuth) Validate() error

Validate validates the TokenAuth configuration

type TracingConfig

type TracingConfig struct {
	Enabled bool `mapstructure:"enabled" default:"false"`
	// for the demonstration, we use AlwaysSmaple sampler to take all spans.
	// do not use this option in production.
	SampleRatio float64 `mapstructure:"sample_ratio" default:"0.1"`
}

TracingConfig is the configuration for our tracing capabilities

type WebhookConfig

type WebhookConfig struct {
	// WebhookSecrets is the configuration for the webhook secrets.
	// This is embedded in the WebhookConfig so that the secrets can be
	// used in the WebhookConfig, as the GitHub provider needs for now.
	WebhookSecrets `mapstructure:",squash"`
	// ExternalWebhookURL is the URL that we will send our webhook to
	ExternalWebhookURL string `mapstructure:"external_webhook_url"`
	// ExternalPingURL is the URL that we will send our ping to
	ExternalPingURL string `mapstructure:"external_ping_url"`
}

WebhookConfig is the configuration for our webhook capabilities

type WebhookSecrets

type WebhookSecrets struct {
	// WebhookSecret is the secret that we will use to sign our webhook
	WebhookSecret string `mapstructure:"webhook_secret"`
	// WebhookSecretFile is the location of the file containing the webhook secret
	WebhookSecretFile string `mapstructure:"webhook_secret_file"`
	// PreviousWebhookSecretFile is a reference to a file that contains previous webhook secrets. This is used
	// in case we are rotating secrets and the external service is still using the old secret. These will not
	// be used when creating new webhooks.
	PreviousWebhookSecretFile string `mapstructure:"previous_webhook_secret_file"`
}

WebhookSecrets is the configuration for the webhook secrets. this is useful to import in whatever provider configuration that needs to use some webhook secrets.

func (*WebhookSecrets) GetPreviousWebhookSecrets

func (wc *WebhookSecrets) GetPreviousWebhookSecrets() ([]string, error)

GetPreviousWebhookSecrets retrieves the previous webhook secrets from a file specified in the WebhookConfig. It reads the contents of the file, splits the data by whitespace, and returns it as a slice of strings.

func (*WebhookSecrets) GetWebhookSecret

func (wc *WebhookSecrets) GetWebhookSecret() (string, error)

GetWebhookSecret returns the GitHub App's webhook secret

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL