config

package
v2.1.0-pre.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 3, 2023 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Index

Constants

View Source
const (
	KeyRoot                                      = ""
	HSMEnabled                                   = "hsm.enabled"
	HSMLibraryPath                               = "hsm.library"
	HSMPin                                       = "hsm.pin"
	HSMSlotNumber                                = "hsm.slot"
	HSMKeySetPrefix                              = "hsm.key_set_prefix"
	HSMTokenLabel                                = "hsm.token_label" // #nosec G101
	KeyWellKnownKeys                             = "webfinger.jwks.broadcast_keys"
	KeyOAuth2ClientRegistrationURL               = "webfinger.oidc_discovery.client_registration_url"
	KeyOAuth2TokenURL                            = "webfinger.oidc_discovery.token_url" // #nosec G101
	KeyOAuth2AuthURL                             = "webfinger.oidc_discovery.auth_url"
	KeyJWKSURL                                   = "webfinger.oidc_discovery.jwks_url"
	KeyOIDCDiscoverySupportedClaims              = "webfinger.oidc_discovery.supported_claims"
	KeyOIDCDiscoverySupportedScope               = "webfinger.oidc_discovery.supported_scope"
	KeyOIDCDiscoveryUserinfoEndpoint             = "webfinger.oidc_discovery.userinfo_url"
	KeySubjectTypesSupported                     = "oidc.subject_identifiers.supported_types"
	KeyDefaultClientScope                        = "oidc.dynamic_client_registration.default_scope"
	KeyDSN                                       = "dsn"
	ViperKeyClientHTTPNoPrivateIPRanges          = "clients.http.disallow_private_ip_ranges"
	KeyHasherAlgorithm                           = "oauth2.hashers.algorithm"
	KeyBCryptCost                                = "oauth2.hashers.bcrypt.cost"
	KeyPBKDF2Iterations                          = "oauth2.hashers.pbkdf2.iterations"
	KeyEncryptSessionData                        = "oauth2.session.encrypt_at_rest"
	KeyCookieSameSiteMode                        = "serve.cookies.same_site_mode"
	KeyCookieSameSiteLegacyWorkaround            = "serve.cookies.same_site_legacy_workaround"
	KeyCookieDomain                              = "serve.cookies.domain"
	KeyCookieSecure                              = "serve.cookies.secure"
	KeyCookieLoginCSRFName                       = "serve.cookies.names.login_csrf"
	KeyCookieConsentCSRFName                     = "serve.cookies.names.consent_csrf"
	KeyCookieSessionName                         = "serve.cookies.names.session"
	KeyCookieSessionPath                         = "serve.cookies.paths.session"
	KeyConsentRequestMaxAge                      = "ttl.login_consent_request"
	KeyAccessTokenLifespan                       = "ttl.access_token"  // #nosec G101
	KeyRefreshTokenLifespan                      = "ttl.refresh_token" // #nosec G101
	KeyIDTokenLifespan                           = "ttl.id_token"      // #nosec G101
	KeyAuthCodeLifespan                          = "ttl.auth_code"
	KeyScopeStrategy                             = "strategies.scope"
	KeyGetCookieSecrets                          = "secrets.cookie"
	KeyGetSystemSecret                           = "secrets.system"
	KeyLogoutRedirectURL                         = "urls.post_logout_redirect"
	KeyLoginURL                                  = "urls.login"
	KeyLogoutURL                                 = "urls.logout"
	KeyConsentURL                                = "urls.consent"
	KeyErrorURL                                  = "urls.error"
	KeyPublicURL                                 = "urls.self.public"
	KeyAdminURL                                  = "urls.self.admin"
	KeyIssuerURL                                 = "urls.self.issuer"
	KeyAccessTokenStrategy                       = "strategies.access_token"
	KeyDBIgnoreUnknownTableColumns               = "db.ignore_unknown_table_columns"
	KeySubjectIdentifierAlgorithmSalt            = "oidc.subject_identifiers.pairwise.salt"
	KeyPublicAllowDynamicRegistration            = "oidc.dynamic_client_registration.enabled"
	KeyPKCEEnforced                              = "oauth2.pkce.enforced"
	KeyPKCEEnforcedForPublicClients              = "oauth2.pkce.enforced_for_public_clients"
	KeyLogLevel                                  = "log.level"
	KeyCGroupsV1AutoMaxProcsEnabled              = "cgroups.v1.auto_max_procs_enabled"
	KeyGrantAllClientCredentialsScopesPerDefault = "oauth2.client_credentials.default_grant_allowed_scope" // #nosec G101
	KeyExposeOAuth2Debug                         = "oauth2.expose_internal_errors"
	KeyExcludeNotBeforeClaim                     = "oauth2.exclude_not_before_claim"
	KeyAllowedTopLevelClaims                     = "oauth2.allowed_top_level_claims"
	KeyOAuth2GrantJWTIDOptional                  = "oauth2.grant.jwt.jti_optional"
	KeyOAuth2GrantJWTIssuedDateOptional          = "oauth2.grant.jwt.iat_optional"
	KeyOAuth2GrantJWTMaxDuration                 = "oauth2.grant.jwt.max_ttl"
	KeyRefreshTokenHookURL                       = "oauth2.refresh_token_hook" // #nosec G101
	KeyTokenHookURL                              = "oauth2.token_hook"         // #nosec G101
	KeyDevelopmentMode                           = "dev"
)
View Source
const (
	KeySuffixListenOnHost           = "host"
	KeySuffixListenOnPort           = "port"
	KeySuffixSocketOwner            = "socket.owner"
	KeySuffixSocketGroup            = "socket.group"
	KeySuffixSocketMode             = "socket.mode"
	KeySuffixDisableHealthAccessLog = "request_log.disable_for_health"
)
View Source
const (
	KeySuffixTLSEnabled              = "tls.enabled"
	KeySuffixTLSAllowTerminationFrom = "tls.allow_termination_from"
	KeySuffixTLSCertString           = "tls.cert.base64"
	KeySuffixTLSKeyString            = "tls.key.base64"
	KeySuffixTLSCertPath             = "tls.cert.path"
	KeySuffixTLSKeyPath              = "tls.key.path"

	KeyTLSAllowTerminationFrom = "serve." + KeySuffixTLSAllowTerminationFrom
	KeyTLSCertString           = "serve." + KeySuffixTLSCertString
	KeyTLSKeyString            = "serve." + KeySuffixTLSKeyString
	KeyTLSCertPath             = "serve." + KeySuffixTLSCertPath
	KeyTLSKeyPath              = "serve." + KeySuffixTLSKeyPath
	KeyTLSEnabled              = "serve." + KeySuffixTLSEnabled
)
View Source
const DSNMemory = "memory"

Variables

View Source
var (
	Version = "master"
	Date    = "undefined"
	Commit  = "undefined"
)

Functions

func Validate

func Validate(ctx context.Context, l *logrusx.Logger, p *DefaultProvider) error

Types

type AccessTokenStrategySource

type AccessTokenStrategySource interface {
	GetAccessTokenStrategy() AccessTokenStrategyType
}

type AccessTokenStrategyType

type AccessTokenStrategyType string

AccessTokenStrategyType is the type of access token strategy.

const (
	// AccessTokenJWTStrategy is the JWT access token strategy.
	AccessTokenJWTStrategy AccessTokenStrategyType = "jwt"
	// AccessTokenDefaultStrategy is the default access token strategy using HMAC-SHA pass-by-reference tokens.
	AccessTokenDefaultStrategy AccessTokenStrategyType = "opaque"
)

func ToAccessTokenStrategyType

func ToAccessTokenStrategyType(strategy string) (AccessTokenStrategyType, error)

ToAccessTokenStrategyType converts a string to an AccessTokenStrategyType

type DefaultProvider

type DefaultProvider struct {
	// contains filtered or unexported fields
}

func (*DefaultProvider) AccessTokenStrategy

func (p *DefaultProvider) AccessTokenStrategy(ctx context.Context, additionalSources ...AccessTokenStrategySource) AccessTokenStrategyType

func (*DefaultProvider) AdminURL

func (p *DefaultProvider) AdminURL(ctx context.Context) *url.URL

func (*DefaultProvider) AllowedTopLevelClaims

func (p *DefaultProvider) AllowedTopLevelClaims(ctx context.Context) []string

func (*DefaultProvider) CGroupsV1AutoMaxProcsEnabled

func (p *DefaultProvider) CGroupsV1AutoMaxProcsEnabled() bool

func (*DefaultProvider) CORS

func (*DefaultProvider) ClientHTTPNoPrivateIPRanges

func (p *DefaultProvider) ClientHTTPNoPrivateIPRanges() bool

func (*DefaultProvider) ConsentRequestMaxAge

func (p *DefaultProvider) ConsentRequestMaxAge(ctx context.Context) time.Duration

func (*DefaultProvider) ConsentURL

func (p *DefaultProvider) ConsentURL(ctx context.Context) *url.URL

func (*DefaultProvider) CookieDomain

func (p *DefaultProvider) CookieDomain(ctx context.Context) string

func (*DefaultProvider) CookieNameConsentCSRF

func (p *DefaultProvider) CookieNameConsentCSRF(ctx context.Context) string

func (*DefaultProvider) CookieNameLoginCSRF

func (p *DefaultProvider) CookieNameLoginCSRF(ctx context.Context) string

func (*DefaultProvider) CookieSameSiteLegacyWorkaround

func (p *DefaultProvider) CookieSameSiteLegacyWorkaround(ctx context.Context) bool

func (*DefaultProvider) CookieSameSiteMode

func (p *DefaultProvider) CookieSameSiteMode(ctx context.Context) http.SameSite

func (*DefaultProvider) CookieSecure

func (p *DefaultProvider) CookieSecure(ctx context.Context) bool

func (*DefaultProvider) DSN

func (p *DefaultProvider) DSN() string

func (*DefaultProvider) DbIgnoreUnknownTableColumns

func (p *DefaultProvider) DbIgnoreUnknownTableColumns() bool

func (*DefaultProvider) DefaultClientScope

func (p *DefaultProvider) DefaultClientScope(ctx context.Context) []string

func (*DefaultProvider) DisableHealthAccessLog

func (p *DefaultProvider) DisableHealthAccessLog(iface ServeInterface) bool

func (*DefaultProvider) EncryptSessionData

func (p *DefaultProvider) EncryptSessionData(ctx context.Context) bool

func (*DefaultProvider) ErrorURL

func (p *DefaultProvider) ErrorURL(ctx context.Context) *url.URL

func (*DefaultProvider) ExcludeNotBeforeClaim

func (p *DefaultProvider) ExcludeNotBeforeClaim(ctx context.Context) bool

func (*DefaultProvider) GetAccessTokenLifespan

func (p *DefaultProvider) GetAccessTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetAuthorizeCodeLifespan

func (p *DefaultProvider) GetAuthorizeCodeLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetBCryptCost

func (p *DefaultProvider) GetBCryptCost(ctx context.Context) int

func (*DefaultProvider) GetCookieSecrets

func (p *DefaultProvider) GetCookieSecrets(ctx context.Context) ([][]byte, error)

func (*DefaultProvider) GetEnforcePKCE

func (p *DefaultProvider) GetEnforcePKCE(ctx context.Context) bool

func (*DefaultProvider) GetEnforcePKCEForPublicClients

func (p *DefaultProvider) GetEnforcePKCEForPublicClients(ctx context.Context) bool

func (*DefaultProvider) GetGlobalSecret

func (p *DefaultProvider) GetGlobalSecret(ctx context.Context) ([]byte, error)

func (*DefaultProvider) GetGrantTypeJWTBearerIDOptional

func (p *DefaultProvider) GetGrantTypeJWTBearerIDOptional(ctx context.Context) bool

func (*DefaultProvider) GetGrantTypeJWTBearerIssuedDateOptional

func (p *DefaultProvider) GetGrantTypeJWTBearerIssuedDateOptional(ctx context.Context) bool

func (*DefaultProvider) GetHasherAlgorithm

func (p *DefaultProvider) GetHasherAlgorithm(ctx context.Context) x.HashAlgorithm

func (*DefaultProvider) GetIDTokenLifespan

func (p *DefaultProvider) GetIDTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetJWTMaxDuration

func (p *DefaultProvider) GetJWTMaxDuration(ctx context.Context) time.Duration

func (*DefaultProvider) GetRefreshTokenLifespan

func (p *DefaultProvider) GetRefreshTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetRotatedGlobalSecrets

func (p *DefaultProvider) GetRotatedGlobalSecrets(ctx context.Context) ([][]byte, error)

func (*DefaultProvider) GetScopeStrategy

func (p *DefaultProvider) GetScopeStrategy(ctx context.Context) fosite.ScopeStrategy

func (*DefaultProvider) GetSendDebugMessagesToClients

func (p *DefaultProvider) GetSendDebugMessagesToClients(ctx context.Context) bool

func (*DefaultProvider) GetUseLegacyErrorFormat

func (p *DefaultProvider) GetUseLegacyErrorFormat(context.Context) bool

func (*DefaultProvider) GrantAllClientCredentialsScopesPerDefault

func (p *DefaultProvider) GrantAllClientCredentialsScopesPerDefault(ctx context.Context) bool

func (*DefaultProvider) HSMEnabled

func (p *DefaultProvider) HSMEnabled() bool

func (*DefaultProvider) HSMKeySetPrefix

func (p *DefaultProvider) HSMKeySetPrefix() string

func (*DefaultProvider) HSMLibraryPath

func (p *DefaultProvider) HSMLibraryPath() string

func (*DefaultProvider) HSMPin

func (p *DefaultProvider) HSMPin() string

func (*DefaultProvider) HSMSlotNumber

func (p *DefaultProvider) HSMSlotNumber() *int

func (*DefaultProvider) HSMTokenLabel

func (p *DefaultProvider) HSMTokenLabel() string

func (*DefaultProvider) HasherBcryptConfig

func (p *DefaultProvider) HasherBcryptConfig(ctx context.Context) *hasherx.BCryptConfig

func (*DefaultProvider) HasherPBKDF2Config

func (p *DefaultProvider) HasherPBKDF2Config(ctx context.Context) *hasherx.PBKDF2Config

func (*DefaultProvider) IsDevelopmentMode

func (p *DefaultProvider) IsDevelopmentMode(ctx context.Context) bool

func (*DefaultProvider) IssuerURL

func (p *DefaultProvider) IssuerURL(ctx context.Context) *url.URL

func (*DefaultProvider) JWKSURL

func (p *DefaultProvider) JWKSURL(ctx context.Context) *url.URL

func (*DefaultProvider) ListenOn

func (p *DefaultProvider) ListenOn(iface ServeInterface) string

func (*DefaultProvider) LoginURL

func (p *DefaultProvider) LoginURL(ctx context.Context) *url.URL

func (*DefaultProvider) LogoutRedirectURL

func (p *DefaultProvider) LogoutRedirectURL(ctx context.Context) *url.URL

func (*DefaultProvider) LogoutURL

func (p *DefaultProvider) LogoutURL(ctx context.Context) *url.URL

func (*DefaultProvider) MustSet

func (p *DefaultProvider) MustSet(ctx context.Context, key string, value interface{})

func (*DefaultProvider) OAuth2AuthURL

func (p *DefaultProvider) OAuth2AuthURL(ctx context.Context) *url.URL

func (*DefaultProvider) OAuth2ClientRegistrationURL

func (p *DefaultProvider) OAuth2ClientRegistrationURL(ctx context.Context) *url.URL

func (*DefaultProvider) OAuth2TokenURL

func (p *DefaultProvider) OAuth2TokenURL(ctx context.Context) *url.URL

func (*DefaultProvider) OIDCDiscoverySupportedClaims

func (p *DefaultProvider) OIDCDiscoverySupportedClaims(ctx context.Context) []string

func (*DefaultProvider) OIDCDiscoverySupportedScope

func (p *DefaultProvider) OIDCDiscoverySupportedScope(ctx context.Context) []string

func (*DefaultProvider) OIDCDiscoveryUserinfoEndpoint

func (p *DefaultProvider) OIDCDiscoveryUserinfoEndpoint(ctx context.Context) *url.URL

func (*DefaultProvider) PublicAllowDynamicRegistration

func (p *DefaultProvider) PublicAllowDynamicRegistration(ctx context.Context) bool

func (*DefaultProvider) PublicURL

func (p *DefaultProvider) PublicURL(ctx context.Context) *url.URL

func (*DefaultProvider) SessionCookieName

func (p *DefaultProvider) SessionCookieName(ctx context.Context) string

func (*DefaultProvider) SessionCookiePath

func (p *DefaultProvider) SessionCookiePath(ctx context.Context) string

func (*DefaultProvider) Set

func (p *DefaultProvider) Set(ctx context.Context, key string, value interface{}) error

func (*DefaultProvider) SocketPermission

func (p *DefaultProvider) SocketPermission(iface ServeInterface) *configx.UnixPermission

func (*DefaultProvider) Source

func (*DefaultProvider) SubjectIdentifierAlgorithmSalt

func (p *DefaultProvider) SubjectIdentifierAlgorithmSalt(ctx context.Context) string

func (*DefaultProvider) SubjectTypesSupported

func (p *DefaultProvider) SubjectTypesSupported(ctx context.Context, additionalSources ...AccessTokenStrategySource) []string

func (*DefaultProvider) TLS

func (*DefaultProvider) TokenHookURL

func (p *DefaultProvider) TokenHookURL(ctx context.Context) *url.URL

func (*DefaultProvider) TokenRefreshHookURL

func (p *DefaultProvider) TokenRefreshHookURL(ctx context.Context) *url.URL

func (*DefaultProvider) Tracing

func (p *DefaultProvider) Tracing() *otelx.Config

func (*DefaultProvider) WellKnownKeys

func (p *DefaultProvider) WellKnownKeys(ctx context.Context, include ...string) []string

type Provider

type Provider interface {
	Config() *DefaultProvider
}

type ServeInterface

type ServeInterface interface {
	Key(suffix string) string
	String() string
}
var (
	PublicInterface ServeInterface = &servePrefix{
		prefix: "serve.public",
	}
	AdminInterface ServeInterface = &servePrefix{
		prefix: "serve.admin",
	}
)

type TLSConfig

type TLSConfig interface {
	Enabled() bool
	AllowTerminationFrom() []string
	GetCertificateFunc(stopReload <-chan struct{}, _ *logrusx.Logger) (func(*tls.ClientHelloInfo) (*tls.Certificate, error), error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL