config

package
v1.1.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultProfileMemoryInterval             = 15 * time.Second
	DefaultHealthChecksBoltCheckInterval     = 30 * time.Second
	DefaultHealthChecksBoltCheckTimeout      = 20 * time.Second
	DefaultHealthChecksBoltCheckInitialDelay = 30 * time.Second

	DefaultRaftCommandHandlerMaxQueueSize = 1000

	// DefaultTlsHandshakeRateLimiterEnabled is whether the tls handshake rate limiter is enabled by default
	DefaultTlsHandshakeRateLimiterEnabled = false

	// TlsHandshakeRateLimiterMinSizeValue is the minimum size that can be configured for the tls handshake rate limiter
	// window range
	TlsHandshakeRateLimiterMinSizeValue = 5

	// TlsHandshakeRateLimiterMaxSizeValue is the maximum size that can be configured for the tls handshake rate limiter
	// window range
	TlsHandshakeRateLimiterMaxSizeValue = 10000

	// TlsHandshakeRateLimiterMetricOutstandingCount is the name of the metric tracking how many tasks are in process
	TlsHandshakeRateLimiterMetricOutstandingCount = "tls_handshake_limiter.in_process"

	// TlsHandshakeRateLimiterMetricCurrentWindowSize is the name of the metric tracking the current window size
	TlsHandshakeRateLimiterMetricCurrentWindowSize = "tls_handshake_limiter.window_size"

	// TlsHandshakeRateLimiterMetricWorkTimer is the name of the metric tracking how long successful tasks are taking to complete
	TlsHandshakeRateLimiterMetricWorkTimer = "tls_handshake_limiter.work_timer"

	// DefaultTlsHandshakeRateLimiterMaxWindow is the default max size for the tls handshake rate limiter
	DefaultTlsHandshakeRateLimiterMaxWindow = 1000
)
View Source
const (
	DefaultEdgeApiActivityUpdateBatchSize = 250
	DefaultEdgeAPIActivityUpdateInterval  = 90 * time.Second
	MaxEdgeAPIActivityUpdateBatchSize     = 10000
	MinEdgeAPIActivityUpdateBatchSize     = 1
	MaxEdgeAPIActivityUpdateInterval      = 10 * time.Minute
	MinEdgeAPIActivityUpdateInterval      = time.Millisecond

	DefaultEdgeSessionTimeout = 30 * time.Minute
	MinEdgeSessionTimeout     = 1 * time.Minute

	MinEdgeEnrollmentDuration     = 5 * time.Minute
	DefaultEdgeEnrollmentDuration = 180 * time.Minute

	DefaultHttpIdleTimeout       = 5000 * time.Millisecond
	DefaultHttpReadTimeout       = 5000 * time.Millisecond
	DefaultHttpReadHeaderTimeout = 5000 * time.Millisecond
	DefaultHttpWriteTimeout      = 100000 * time.Millisecond

	DefaultTotpDomain = "openziti.io"

	DefaultAuthRateLimiterEnabled = true
	DefaultAuthRateLimiterMaxSize = 250
	DefaultAuthRateLimiterMinSize = 5

	AuthRateLimiterMinSizeValue = 5
	AuthRateLimiterMaxSizeValue = 1000
)
View Source
const (
	DefaultOptionsCreateCircuitRetries      = 2
	DefaultOptionsCycleSeconds              = 60
	DefaultOptionsEnableLegacyLinkMgmt      = false
	DefaultOptionsInitialLinkLatency        = 65 * time.Second
	DefaultOptionsPendingLinkTimeout        = 10 * time.Second
	DefaultOptionsMetricsReportInterval     = time.Minute
	DefaultOptionsMinRouterCost             = 10
	DefaultOptionsRouterConnectChurnLimit   = time.Minute
	DefaultOptionsRouterMessagingMaxWorkers = 100
	DefaultOptionsRouterMessagingQueueSize  = 100
	DefaultOptionsRouteTimeout              = 10 * time.Second

	DefaultOptionsSmartRerouteCap          = 4
	DefaultOptionsSmartRerouteFraction     = 0.02
	DefaultOptionsSmartRerouteMinCostDelta = 15

	OptionsRouterCommMaxQueueSize = 1_000_000
	OptionsRouterCommMaxWorkers   = 10_000
)

Variables

This section is empty.

Functions

func CalculateCaPems

func CalculateCaPems(caPems *bytes.Buffer) *bytes.Buffer

CalculateCaPems takes the supplied caPems buffer as a set of PEM Certificates separated by new lines. Duplicate certificates are removed, and the result is returned as a bytes.Buffer of PEM Certificates separated by new lines.

func GetSpiffeIdFromCert added in v1.1.6

func GetSpiffeIdFromCert(cert *x509.Certificate) (*url.URL, error)

GetSpiffeIdFromCert will search a x509 certificate for a trust domain encoded as a spiffe:// URI SAN. Each certificate must contain 0 or 1 spiffe:// URI SAN. The first SPIFFE id looking up the chain is returned. If no SPIFFE id is encountered, nil is returned. Errors are returned for parsing and processing errors only.

func GetSpiffeIdFromCertChain added in v1.1.6

func GetSpiffeIdFromCertChain(certs []*x509.Certificate) (*url.URL, error)

GetSpiffeIdFromCertChain cycles through a slice of certificates that goes from leaf up CAs. Each certificate must contain 0 or 1 spiffe:// URI SAN. The first encountered SPIFFE id looking up the chain back to the root CA is returned. If no SPIFFE id is encountered, nil is returned. Errors are returned for parsing and processing errors only.

func GetSpiffeIdFromIdentity added in v1.1.6

func GetSpiffeIdFromIdentity(id identity.Identity) (*url.URL, error)

GetSpiffeIdFromIdentity will search an Identity for a trust domain encoded as a spiffe:// URI SAN starting from the server cert and up its signing chain. Each certificate must contain 0 or 1 spiffe:// URI SAN. The first SPIFFE id looking up the chain back to the root CA is returned. If no SPIFFE id is encountered, nil is returned. Errors are returned for parsing and processing errors only.

func GetSpiffeIdFromTlsCertChain added in v1.1.6

func GetSpiffeIdFromTlsCertChain(tlsCerts []*tls.Certificate) (*url.URL, error)

GetSpiffeIdFromTlsCertChain will search a tls certificate chain for a trust domain encoded as a spiffe:// URI SAN. Each certificate must contain 0 or 1 spiffe:// URI SAN. The first SPIFFE id looking up the chain is returned. If no SPIFFE id is encountered, nil is returned. Errors are returned for parsing and processing errors only.

Types

type Api

type Api struct {
	SessionTimeout          time.Duration
	ActivityUpdateBatchSize int
	ActivityUpdateInterval  time.Duration

	Listener      string
	Address       string
	IdentityCaPem []byte
	HttpTimeouts  HttpTimeouts
}

type CertValidatingIdentity added in v1.1.6

type CertValidatingIdentity struct {
	identity.Identity
}

func (*CertValidatingIdentity) ClientTLSConfig added in v1.1.6

func (self *CertValidatingIdentity) ClientTLSConfig() *tls.Config

func (*CertValidatingIdentity) ServerTLSConfig added in v1.1.6

func (self *CertValidatingIdentity) ServerTLSConfig() *tls.Config

func (*CertValidatingIdentity) VerifyConnection added in v1.1.6

func (self *CertValidatingIdentity) VerifyConnection(state tls.ConnectionState) error

type Config

type Config struct {
	Id                     *identity.TokenId
	SpiffeIdTrustDomain    *url.URL
	AdditionalTrustDomains []*url.URL

	Raft    *RaftConfig
	Network *NetworkConfig
	Edge    *EdgeConfig
	Db      boltz.Db
	Trace   struct {
		Handler *channel.TraceHandler
	}
	Profile struct {
		Memory struct {
			Path     string
			Interval time.Duration
		}
		CPU struct {
			Path string
		}
	}
	Ctrl struct {
		Listener transport.Address
		Options  *CtrlOptions
	}
	HealthChecks struct {
		BoltCheck struct {
			Interval     time.Duration
			Timeout      time.Duration
			InitialDelay time.Duration
		}
	}
	CommandRateLimiter      command.RateLimiterConfig
	TlsHandshakeRateLimiter command.AdaptiveRateLimiterConfig
	Src                     map[interface{}]interface{}
}

func LoadConfig added in v1.1.6

func LoadConfig(path string) (*Config, error)

func (*Config) Configure added in v1.1.6

func (config *Config) Configure(sub config.Subconfig) error

func (*Config) ToJson added in v1.1.6

func (self *Config) ToJson() (string, error)

type CtrlOptions added in v1.1.6

type CtrlOptions struct {
	*channel.Options
	NewListener            *transport.Address
	AdvertiseAddress       *transport.Address
	RouterHeartbeatOptions *channel.HeartbeatOptions
	PeerHeartbeatOptions   *channel.HeartbeatOptions
}

CtrlOptions extends channel.Options to include support for additional, non-channel specific options (e.g. NewListener)

type EdgeConfig added in v1.1.6

type EdgeConfig struct {
	Enabled    bool
	Api        Api
	Enrollment Enrollment

	Totp            Totp
	AuthRateLimiter command.AdaptiveRateLimiterConfig
	// contains filtered or unexported fields
}

func LoadEdgeConfigFromMap added in v1.1.6

func LoadEdgeConfigFromMap(configMap map[interface{}]interface{}) (*EdgeConfig, error)

func NewEdgeConfig added in v1.1.6

func NewEdgeConfig() *EdgeConfig

func (*EdgeConfig) AddCaPems added in v1.1.6

func (c *EdgeConfig) AddCaPems(caPems []byte)

AddCaPems adds a byte array of certificates to the current buffered list of CAs. The certificates should be in PEM format separated by new lines. RefreshCas should be called after all calls to AddCaPems are completed.

func (*EdgeConfig) CaCerts added in v1.1.6

func (c *EdgeConfig) CaCerts() []*x509.Certificate

func (*EdgeConfig) CaPems added in v1.1.6

func (c *EdgeConfig) CaPems() []byte

func (*EdgeConfig) RefreshCas added in v1.1.6

func (c *EdgeConfig) RefreshCas()

func (*EdgeConfig) SessionTimeoutDuration added in v1.1.6

func (c *EdgeConfig) SessionTimeoutDuration() time.Duration

type Enrollment

type Enrollment struct {
	SigningCert       identity.Identity
	SigningCertConfig identity.Config
	SigningCertCaPem  []byte
	EdgeIdentity      EnrollmentOption
	EdgeRouter        EnrollmentOption
}

type EnrollmentOption

type EnrollmentOption struct {
	Duration time.Duration
}

type HttpTimeouts

type HttpTimeouts struct {
	ReadTimeoutDuration       time.Duration
	ReadHeaderTimeoutDuration time.Duration
	WriteTimeoutDuration      time.Duration
	IdleTimeoutsDuration      time.Duration
}

func DefaultHttpTimeouts

func DefaultHttpTimeouts() *HttpTimeouts

type NetworkConfig added in v1.1.6

type NetworkConfig struct {
	CreateCircuitRetries    uint32
	CycleSeconds            uint32
	EnableLegacyLinkMgmt    bool
	InitialLinkLatency      time.Duration
	IntervalAgeThreshold    time.Duration
	MetricsReportInterval   time.Duration
	MinRouterCost           uint16
	PendingLinkTimeout      time.Duration
	RouteTimeout            time.Duration
	RouterConnectChurnLimit time.Duration
	RouterComm              struct {
		QueueSize  uint32
		MaxWorkers uint32
	}
	Smart struct {
		RerouteFraction float32
		RerouteCap      uint32
		MinCostDelta    uint32
	}
}

func DefaultNetworkConfig added in v1.1.6

func DefaultNetworkConfig() *NetworkConfig

func LoadNetworkConfig added in v1.1.6

func LoadNetworkConfig(src map[interface{}]interface{}) (*NetworkConfig, error)

type RaftConfig added in v1.1.6

type RaftConfig struct {
	Recover               bool
	DataDir               string
	MinClusterSize        uint32
	AdvertiseAddress      transport.Address
	BootstrapMembers      []string
	CommandHandlerOptions struct {
		MaxQueueSize uint16
	}

	SnapshotInterval  *time.Duration
	SnapshotThreshold *uint32
	TrailingLogs      *uint32
	MaxAppendEntries  *uint32

	ElectionTimeout    *time.Duration
	CommitTimeout      *time.Duration
	HeartbeatTimeout   *time.Duration
	LeaderLeaseTimeout *time.Duration

	LogLevel *string
	Logger   hclog.Logger
}

type Totp

type Totp struct {
	Hostname string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL