config

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2024 License: Apache-2.0 Imports: 25 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	KeyRoot                                      = ""
	HSMEnabled                                   = "hsm.enabled"
	HSMLibraryPath                               = "hsm.library"
	HSMPin                                       = "hsm.pin"
	HSMSlotNumber                                = "hsm.slot"
	HSMKeySetPrefix                              = "hsm.key_set_prefix"
	HSMTokenLabel                                = "hsm.token_label" // #nosec G101
	KeyWellKnownKeys                             = "webfinger.jwks.broadcast_keys"
	KeyOAuth2ClientRegistrationURL               = "webfinger.oidc_discovery.client_registration_url"
	KeyOAuth2TokenURL                            = "webfinger.oidc_discovery.token_url" // #nosec G101
	KeyOAuth2AuthURL                             = "webfinger.oidc_discovery.auth_url"
	KeyVerifiableCredentialsURL                  = "webfinger.oidc_discovery.verifiable_credentials_url" // #nosec G101
	KeyJWKSURL                                   = "webfinger.oidc_discovery.jwks_url"
	KeyOIDCDiscoverySupportedClaims              = "webfinger.oidc_discovery.supported_claims"
	KeyOIDCDiscoverySupportedScope               = "webfinger.oidc_discovery.supported_scope"
	KeyOIDCDiscoveryUserinfoEndpoint             = "webfinger.oidc_discovery.userinfo_url"
	KeySubjectTypesSupported                     = "oidc.subject_identifiers.supported_types"
	KeyDefaultClientScope                        = "oidc.dynamic_client_registration.default_scope"
	KeyDSN                                       = "dsn"
	KeyClientHTTPNoPrivateIPRanges               = "clients.http.disallow_private_ip_ranges"
	KeyClientHTTPPrivateIPExceptionURLs          = "clients.http.private_ip_exception_urls"
	KeyHasherAlgorithm                           = "oauth2.hashers.algorithm"
	KeyBCryptCost                                = "oauth2.hashers.bcrypt.cost"
	KeyPBKDF2Iterations                          = "oauth2.hashers.pbkdf2.iterations"
	KeyEncryptSessionData                        = "oauth2.session.encrypt_at_rest"
	KeyCookieSameSiteMode                        = "serve.cookies.same_site_mode"
	KeyCookieSameSiteLegacyWorkaround            = "serve.cookies.same_site_legacy_workaround"
	KeyCookieDomain                              = "serve.cookies.domain"
	KeyCookieSecure                              = "serve.cookies.secure"
	KeyCookieLoginCSRFName                       = "serve.cookies.names.login_csrf"
	KeyCookieConsentCSRFName                     = "serve.cookies.names.consent_csrf"
	KeyCookieSessionName                         = "serve.cookies.names.session"
	KeyCookieSessionPath                         = "serve.cookies.paths.session"
	KeyConsentRequestMaxAge                      = "ttl.login_consent_request"
	KeyAccessTokenLifespan                       = "ttl.access_token"  // #nosec G101
	KeyRefreshTokenLifespan                      = "ttl.refresh_token" // #nosec G101
	KeyVerifiableCredentialsNonceLifespan        = "ttl.vc_nonce"      // #nosec G101
	KeyIDTokenLifespan                           = "ttl.id_token"      // #nosec G101
	KeyAuthCodeLifespan                          = "ttl.auth_code"
	KeyScopeStrategy                             = "strategies.scope"
	KeyGetCookieSecrets                          = "secrets.cookie"
	KeyGetSystemSecret                           = "secrets.system"
	KeyLogoutRedirectURL                         = "urls.post_logout_redirect"
	KeyLoginURL                                  = "urls.login"
	KeyRegistrationURL                           = "urls.registration"
	KeyLogoutURL                                 = "urls.logout"
	KeyConsentURL                                = "urls.consent"
	KeyErrorURL                                  = "urls.error"
	KeyPublicURL                                 = "urls.self.public"
	KeyAdminURL                                  = "urls.self.admin"
	KeyIssuerURL                                 = "urls.self.issuer"
	KeyIdentityProviderAdminURL                  = "urls.identity_provider.url"
	KeyIdentityProviderPublicURL                 = "urls.identity_provider.publicUrl"
	KeyIdentityProviderHeaders                   = "urls.identity_provider.headers"
	KeyAccessTokenStrategy                       = "strategies.access_token"
	KeyJWTScopeClaimStrategy                     = "strategies.jwt.scope_claim"
	KeyDBIgnoreUnknownTableColumns               = "db.ignore_unknown_table_columns"
	KeySubjectIdentifierAlgorithmSalt            = "oidc.subject_identifiers.pairwise.salt"
	KeyPublicAllowDynamicRegistration            = "oidc.dynamic_client_registration.enabled"
	KeyPKCEEnforced                              = "oauth2.pkce.enforced"
	KeyPKCEEnforcedForPublicClients              = "oauth2.pkce.enforced_for_public_clients"
	KeyLogLevel                                  = "log.level"
	KeyCGroupsV1AutoMaxProcsEnabled              = "cgroups.v1.auto_max_procs_enabled"
	KeyGrantAllClientCredentialsScopesPerDefault = "oauth2.client_credentials.default_grant_allowed_scope" // #nosec G101
	KeyExposeOAuth2Debug                         = "oauth2.expose_internal_errors"
	KeyExcludeNotBeforeClaim                     = "oauth2.exclude_not_before_claim"
	KeyAllowedTopLevelClaims                     = "oauth2.allowed_top_level_claims"
	KeyMirrorTopLevelClaims                      = "oauth2.mirror_top_level_claims"
	KeyOAuth2GrantJWTIDOptional                  = "oauth2.grant.jwt.jti_optional"
	KeyOAuth2GrantJWTIssuedDateOptional          = "oauth2.grant.jwt.iat_optional"
	KeyOAuth2GrantJWTMaxDuration                 = "oauth2.grant.jwt.max_ttl"
	KeyRefreshTokenHook                          = "oauth2.refresh_token_hook" // #nosec G101
	KeyTokenHook                                 = "oauth2.token_hook"         // #nosec G101
	KeyDevelopmentMode                           = "dev"
)
View Source 
const (
	KeySuffixListenOnHost           = "host"
	KeySuffixListenOnPort           = "port"
	KeySuffixSocketOwner            = "socket.owner"
	KeySuffixSocketGroup            = "socket.group"
	KeySuffixSocketMode             = "socket.mode"
	KeySuffixDisableHealthAccessLog = "request_log.disable_for_health"
)
View Source 
const (
	KeySuffixTLSEnabled              = "tls.enabled"
	KeySuffixTLSAllowTerminationFrom = "tls.allow_termination_from"
	KeySuffixTLSCertString           = "tls.cert.base64"
	KeySuffixTLSKeyString            = "tls.key.base64"
	KeySuffixTLSCertPath             = "tls.cert.path"
	KeySuffixTLSKeyPath              = "tls.key.path"

	KeyTLSAllowTerminationFrom = "serve." + KeySuffixTLSAllowTerminationFrom
	KeyTLSCertString           = "serve." + KeySuffixTLSCertString
	KeyTLSKeyString            = "serve." + KeySuffixTLSKeyString
	KeyTLSCertPath             = "serve." + KeySuffixTLSCertPath
	KeyTLSKeyPath              = "serve." + KeySuffixTLSKeyPath
	KeyTLSEnabled              = "serve." + KeySuffixTLSEnabled
)
View Source 
const DSNMemory = "memory"

Variables

View Source 
var (
	Version = "master"
	Date    = "undefined"
	Commit  = "undefined"
)

Functions

func Validate 

func Validate(ctx context.Context, l *logrusx.Logger, p *DefaultProvider) error

Types

type AccessTokenStrategySource 

type AccessTokenStrategySource interface {
	GetAccessTokenStrategy() AccessTokenStrategyType
}

type AccessTokenStrategyType 

type AccessTokenStrategyType string

AccessTokenStrategyType is the type of access token strategy. 

const (
	// AccessTokenJWTStrategy is the JWT access token strategy.
	AccessTokenJWTStrategy AccessTokenStrategyType = "jwt"
	// AccessTokenDefaultStrategy is the default access token strategy using HMAC-SHA pass-by-reference tokens.
	AccessTokenDefaultStrategy AccessTokenStrategyType = "opaque"
)

func ToAccessTokenStrategyType 

func ToAccessTokenStrategyType(strategy string) (AccessTokenStrategyType, error)

ToAccessTokenStrategyType converts a string to an AccessTokenStrategyType

type Auth added in v2.2.0 

type Auth struct {
	Type   string     `json:"type"`
	Config AuthConfig `json:"config"`
}

type AuthConfig added in v2.2.0 

type AuthConfig struct {
	In    string `json:"in"`
	Name  string `json:"name"`
	Value string `json:"value"`
}

type DefaultProvider 

type DefaultProvider struct {
	// contains filtered or unexported fields
}

func MustNew 

func MustNew(ctx context.Context, l *logrusx.Logger, opts ...configx.OptionModifier) *DefaultProvider

func New 

func New(ctx context.Context, l *logrusx.Logger, opts ...configx.OptionModifier) (*DefaultProvider, error)

func NewCustom 

func NewCustom(l *logrusx.Logger, p *configx.Provider, ctxt contextx.Contextualizer) *DefaultProvider

func (*DefaultProvider) AccessTokenStrategy 

func (p *DefaultProvider) AccessTokenStrategy(ctx context.Context, additionalSources ...AccessTokenStrategySource) AccessTokenStrategyType

func (*DefaultProvider) AdminURL 

func (p *DefaultProvider) AdminURL(ctx context.Context) *url.URL

func (*DefaultProvider) AllowedTopLevelClaims 

func (p *DefaultProvider) AllowedTopLevelClaims(ctx context.Context) []string

func (*DefaultProvider) CGroupsV1AutoMaxProcsEnabled 

func (p *DefaultProvider) CGroupsV1AutoMaxProcsEnabled() bool

func (*DefaultProvider) CORS 

func (p *DefaultProvider) CORS(ctx context.Context, iface ServeInterface) (cors.Options, bool)

func (*DefaultProvider) ClientHTTPNoPrivateIPRanges 

func (p *DefaultProvider) ClientHTTPNoPrivateIPRanges() bool

func (*DefaultProvider) ClientHTTPPrivateIPExceptionURLs added in v2.2.0 

func (p *DefaultProvider) ClientHTTPPrivateIPExceptionURLs() []string

func (*DefaultProvider) ConsentRequestMaxAge 

func (p *DefaultProvider) ConsentRequestMaxAge(ctx context.Context) time.Duration

func (*DefaultProvider) ConsentURL 

func (p *DefaultProvider) ConsentURL(ctx context.Context) *url.URL

func (*DefaultProvider) CookieDomain 

func (p *DefaultProvider) CookieDomain(ctx context.Context) string

func (*DefaultProvider) CookieNameConsentCSRF 

func (p *DefaultProvider) CookieNameConsentCSRF(ctx context.Context) string

func (*DefaultProvider) CookieNameLoginCSRF 

func (p *DefaultProvider) CookieNameLoginCSRF(ctx context.Context) string

func (*DefaultProvider) CookieSameSiteLegacyWorkaround 

func (p *DefaultProvider) CookieSameSiteLegacyWorkaround(ctx context.Context) bool

func (*DefaultProvider) CookieSameSiteMode 

func (p *DefaultProvider) CookieSameSiteMode(ctx context.Context) http.SameSite

func (*DefaultProvider) CookieSecure 

func (p *DefaultProvider) CookieSecure(ctx context.Context) bool

func (*DefaultProvider) CredentialsEndpointURL added in v2.2.0 

func (p *DefaultProvider) CredentialsEndpointURL(ctx context.Context) *url.URL

func (*DefaultProvider) DSN 

func (p *DefaultProvider) DSN() string

func (*DefaultProvider) DbIgnoreUnknownTableColumns 

func (p *DefaultProvider) DbIgnoreUnknownTableColumns() bool

func (*DefaultProvider) DefaultClientScope 

func (p *DefaultProvider) DefaultClientScope(ctx context.Context) []string

func (*DefaultProvider) DisableHealthAccessLog 

func (p *DefaultProvider) DisableHealthAccessLog(iface ServeInterface) bool

func (*DefaultProvider) EncryptSessionData 

func (p *DefaultProvider) EncryptSessionData(ctx context.Context) bool

func (*DefaultProvider) ErrorURL 

func (p *DefaultProvider) ErrorURL(ctx context.Context) *url.URL

func (*DefaultProvider) ExcludeNotBeforeClaim 

func (p *DefaultProvider) ExcludeNotBeforeClaim(ctx context.Context) bool

func (*DefaultProvider) GetAccessTokenLifespan 

func (p *DefaultProvider) GetAccessTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetAuthorizeCodeLifespan 

func (p *DefaultProvider) GetAuthorizeCodeLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetBCryptCost 

func (p *DefaultProvider) GetBCryptCost(ctx context.Context) int

func (*DefaultProvider) GetCookieSecrets 

func (p *DefaultProvider) GetCookieSecrets(ctx context.Context) ([][]byte, error)

func (*DefaultProvider) GetEnforcePKCE 

func (p *DefaultProvider) GetEnforcePKCE(ctx context.Context) bool

func (*DefaultProvider) GetEnforcePKCEForPublicClients 

func (p *DefaultProvider) GetEnforcePKCEForPublicClients(ctx context.Context) bool

func (*DefaultProvider) GetGlobalSecret 

func (p *DefaultProvider) GetGlobalSecret(ctx context.Context) ([]byte, error)

func (*DefaultProvider) GetGrantTypeJWTBearerIDOptional 

func (p *DefaultProvider) GetGrantTypeJWTBearerIDOptional(ctx context.Context) bool

func (*DefaultProvider) GetGrantTypeJWTBearerIssuedDateOptional 

func (p *DefaultProvider) GetGrantTypeJWTBearerIssuedDateOptional(ctx context.Context) bool

func (*DefaultProvider) GetHasherAlgorithm 

func (p *DefaultProvider) GetHasherAlgorithm(ctx context.Context) x.HashAlgorithm

func (*DefaultProvider) GetIDTokenLifespan 

func (p *DefaultProvider) GetIDTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetJWTMaxDuration 

func (p *DefaultProvider) GetJWTMaxDuration(ctx context.Context) time.Duration

func (*DefaultProvider) GetJWTScopeField added in v2.2.0 

func (p *DefaultProvider) GetJWTScopeField(ctx context.Context) jwt.JWTScopeFieldEnum

func (*DefaultProvider) GetRefreshTokenLifespan 

func (p *DefaultProvider) GetRefreshTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetRotatedGlobalSecrets 

func (p *DefaultProvider) GetRotatedGlobalSecrets(ctx context.Context) ([][]byte, error)

func (*DefaultProvider) GetScopeStrategy 

func (p *DefaultProvider) GetScopeStrategy(ctx context.Context) fosite.ScopeStrategy

func (*DefaultProvider) GetSendDebugMessagesToClients 

func (p *DefaultProvider) GetSendDebugMessagesToClients(ctx context.Context) bool

func (*DefaultProvider) GetUseLegacyErrorFormat 

func (p *DefaultProvider) GetUseLegacyErrorFormat(context.Context) bool

func (*DefaultProvider) GetVerifiableCredentialsNonceLifespan added in v2.2.0 

func (p *DefaultProvider) GetVerifiableCredentialsNonceLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GrantAllClientCredentialsScopesPerDefault 

func (p *DefaultProvider) GrantAllClientCredentialsScopesPerDefault(ctx context.Context) bool

func (*DefaultProvider) HSMEnabled 

func (p *DefaultProvider) HSMEnabled() bool

func (*DefaultProvider) HSMKeySetPrefix 

func (p *DefaultProvider) HSMKeySetPrefix() string

func (*DefaultProvider) HSMLibraryPath 

func (p *DefaultProvider) HSMLibraryPath() string

func (*DefaultProvider) HSMPin 

func (p *DefaultProvider) HSMPin() string

func (*DefaultProvider) HSMSlotNumber 

func (p *DefaultProvider) HSMSlotNumber() *int

func (*DefaultProvider) HSMTokenLabel 

func (p *DefaultProvider) HSMTokenLabel() string

func (*DefaultProvider) HasherBcryptConfig 

func (p *DefaultProvider) HasherBcryptConfig(ctx context.Context) *hasherx.BCryptConfig

func (*DefaultProvider) HasherPBKDF2Config 

func (p *DefaultProvider) HasherPBKDF2Config(ctx context.Context) *hasherx.PBKDF2Config

func (*DefaultProvider) IsDevelopmentMode 

func (p *DefaultProvider) IsDevelopmentMode(ctx context.Context) bool

func (*DefaultProvider) IssuerURL 

func (p *DefaultProvider) IssuerURL(ctx context.Context) *url.URL

func (*DefaultProvider) JWKSURL 

func (p *DefaultProvider) JWKSURL(ctx context.Context) *url.URL

func (*DefaultProvider) KratosAdminURL added in v2.2.0 

func (p *DefaultProvider) KratosAdminURL(ctx context.Context) (*url.URL, bool)

func (*DefaultProvider) KratosPublicURL added in v2.2.0 

func (p *DefaultProvider) KratosPublicURL(ctx context.Context) (*url.URL, bool)

func (*DefaultProvider) KratosRequestHeader added in v2.2.0 

func (p *DefaultProvider) KratosRequestHeader(ctx context.Context) http.Header

func (*DefaultProvider) ListenOn 

func (p *DefaultProvider) ListenOn(iface ServeInterface) string

func (*DefaultProvider) LoginURL 

func (p *DefaultProvider) LoginURL(ctx context.Context) *url.URL

func (*DefaultProvider) LogoutRedirectURL 

func (p *DefaultProvider) LogoutRedirectURL(ctx context.Context) *url.URL

func (*DefaultProvider) LogoutURL 

func (p *DefaultProvider) LogoutURL(ctx context.Context) *url.URL

func (*DefaultProvider) MirrorTopLevelClaims added in v2.2.0 

func (p *DefaultProvider) MirrorTopLevelClaims(ctx context.Context) bool

func (*DefaultProvider) MustSet 

func (p *DefaultProvider) MustSet(ctx context.Context, key string, value interface{})

func (*DefaultProvider) OAuth2AuthURL 

func (p *DefaultProvider) OAuth2AuthURL(ctx context.Context) *url.URL

func (*DefaultProvider) OAuth2ClientRegistrationURL 

func (p *DefaultProvider) OAuth2ClientRegistrationURL(ctx context.Context) *url.URL

func (*DefaultProvider) OAuth2TokenURL 

func (p *DefaultProvider) OAuth2TokenURL(ctx context.Context) *url.URL

func (*DefaultProvider) OIDCDiscoverySupportedClaims 

func (p *DefaultProvider) OIDCDiscoverySupportedClaims(ctx context.Context) []string

func (*DefaultProvider) OIDCDiscoverySupportedScope 

func (p *DefaultProvider) OIDCDiscoverySupportedScope(ctx context.Context) []string

func (*DefaultProvider) OIDCDiscoveryUserinfoEndpoint 

func (p *DefaultProvider) OIDCDiscoveryUserinfoEndpoint(ctx context.Context) *url.URL

func (*DefaultProvider) PublicAllowDynamicRegistration 

func (p *DefaultProvider) PublicAllowDynamicRegistration(ctx context.Context) bool

func (*DefaultProvider) PublicURL 

func (p *DefaultProvider) PublicURL(ctx context.Context) *url.URL

func (*DefaultProvider) RegistrationURL added in v2.2.0 

func (p *DefaultProvider) RegistrationURL(ctx context.Context) *url.URL

func (*DefaultProvider) SessionCookieName 

func (p *DefaultProvider) SessionCookieName(ctx context.Context) string

func (*DefaultProvider) SessionCookiePath 

func (p *DefaultProvider) SessionCookiePath(ctx context.Context) string

func (*DefaultProvider) Set 

func (p *DefaultProvider) Set(ctx context.Context, key string, value interface{}) error

func (*DefaultProvider) SocketPermission 

func (p *DefaultProvider) SocketPermission(iface ServeInterface) *configx.UnixPermission

func (*DefaultProvider) Source 

func (p *DefaultProvider) Source(ctx context.Context) *configx.Provider

func (*DefaultProvider) SubjectIdentifierAlgorithmSalt 

func (p *DefaultProvider) SubjectIdentifierAlgorithmSalt(ctx context.Context) string

func (*DefaultProvider) SubjectTypesSupported 

func (p *DefaultProvider) SubjectTypesSupported(ctx context.Context, additionalSources ...AccessTokenStrategySource) []string

func (*DefaultProvider) TLS 

func (p *DefaultProvider) TLS(ctx context.Context, iface ServeInterface) TLSConfig

func (*DefaultProvider) TokenHookConfig added in v2.2.0 

func (p *DefaultProvider) TokenHookConfig(ctx context.Context) *HookConfig

func (*DefaultProvider) TokenRefreshHookConfig added in v2.2.0 

func (p *DefaultProvider) TokenRefreshHookConfig(ctx context.Context) *HookConfig

func (*DefaultProvider) Tracing 

func (p *DefaultProvider) Tracing() *otelx.Config

func (*DefaultProvider) WellKnownKeys 

func (p *DefaultProvider) WellKnownKeys(ctx context.Context, include ...string) []string

type HookConfig added in v2.2.0 

type HookConfig struct {
	URL  string `json:"url"`
	Auth *Auth  `json:"auth"`
}

type Provider 

type Provider interface {
	Config() *DefaultProvider
}

type ServeInterface 

type ServeInterface interface {
	Key(suffix string) string
	String() string
}
var (
	PublicInterface ServeInterface = &servePrefix{
		prefix: "serve.public",
	}
	AdminInterface ServeInterface = &servePrefix{
		prefix: "serve.admin",
	}
)

type TLSConfig 

type TLSConfig interface {
	Enabled() bool
	AllowTerminationFrom() []string
	GetCertificateFunc(stopReload <-chan struct{}, _ *logrusx.Logger) (func(*tls.ClientHelloInfo) (*tls.Certificate, error), error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.