Documentation
¶
Index ¶
Constants ¶
const ( DisableIdleConnsEnv = "BAO_PROXY_DISABLE_IDLE_CONNECTIONS" DisableKeepAlivesEnv = "BAO_PROXY_DISABLE_KEEP_ALIVES" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APIProxy ¶
type APIProxy struct {
UseAutoAuthTokenRaw interface{} `hcl:"use_auto_auth_token"`
UseAutoAuthToken bool `hcl:"-"`
ForceAutoAuthToken bool `hcl:"-"`
}
APIProxy contains any configuration needed for proxy mode
type AutoAuth ¶
type AutoAuth struct {
Method *Method `hcl:"-"`
Sinks []*Sink `hcl:"sinks"`
// NOTE: This is unsupported outside of testing and may disappear at any
// time.
EnableReauthOnNewCredentials bool `hcl:"enable_reauth_on_new_credentials"`
}
AutoAuth is the configured authentication method and sinks
type Cache ¶
type Cache struct {
Persist *agentproxyshared.PersistConfig `hcl:"persist"`
InProcDialer transportDialer `hcl:"-"`
}
Cache contains any configuration needed for Cache mode
type Config ¶
type Config struct {
AutoAuth *AutoAuth `hcl:"auto_auth"`
ExitAfterAuth bool `hcl:"exit_after_auth"`
Cache *Cache `hcl:"cache"`
APIProxy *APIProxy `hcl:"api_proxy""`
Vault *Vault `hcl:"vault"`
DisableIdleConns []string `hcl:"disable_idle_connections"`
DisableIdleConnsAPIProxy bool `hcl:"-"`
DisableIdleConnsAutoAuth bool `hcl:"-"`
DisableKeepAlives []string `hcl:"disable_keep_alives"`
DisableKeepAlivesAPIProxy bool `hcl:"-"`
DisableKeepAlivesAutoAuth bool `hcl:"-"`
}
Config is the configuration for Vault Proxy.
func LoadConfig ¶
LoadConfig loads the configuration at the given path, regardless if it's a file or directory.
func LoadConfigDir ¶
LoadConfigDir loads the configuration at the given path if it's a directory
func LoadConfigFile ¶
LoadConfigFile loads the configuration at the given path if it's a file
func (*Config) ValidateConfig ¶
ValidateConfig validates a Vault configuration after it has been fully merged together, to ensure that required combinations of configs are there
type Method ¶
type Method struct {
Type string
MountPath string `hcl:"mount_path"`
WrapTTLRaw interface{} `hcl:"wrap_ttl"`
WrapTTL time.Duration `hcl:"-"`
MinBackoffRaw interface{} `hcl:"min_backoff"`
MinBackoff time.Duration `hcl:"-"`
MaxBackoffRaw interface{} `hcl:"max_backoff"`
MaxBackoff time.Duration `hcl:"-"`
Namespace string `hcl:"namespace"`
ExitOnError bool `hcl:"exit_on_err"`
Config map[string]interface{}
}
Method represents the configuration for the authentication backend
type Sink ¶
type Sink struct {
Type string
WrapTTLRaw interface{} `hcl:"wrap_ttl"`
WrapTTL time.Duration `hcl:"-"`
DHType string `hcl:"dh_type"`
DeriveKey bool `hcl:"derive_key"`
DHPath string `hcl:"dh_path"`
AAD string `hcl:"aad"`
AADEnvVar string `hcl:"aad_env_var"`
Config map[string]interface{}
}
Sink defines a location to write the authenticated token
type Vault ¶
type Vault struct {
Address string `hcl:"address"`
CACert string `hcl:"ca_cert"`
CAPath string `hcl:"ca_path"`
TLSSkipVerify bool `hcl:"-"`
TLSSkipVerifyRaw interface{} `hcl:"tls_skip_verify"`
ClientCert string `hcl:"client_cert"`
ClientKey string `hcl:"client_key"`
TLSServerName string `hcl:"tls_server_name"`
Retry *Retry `hcl:"retry"`
}
Vault contains configuration for connecting to Vault servers
Source Files