config

package
v1.11.0-pre.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 20, 2022 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Index

Constants

View Source
const (
	KeyRoot                                      = ""
	HsmEnabled                                   = "hsm.enabled"
	HsmLibraryPath                               = "hsm.library"
	HsmPin                                       = "hsm.pin"
	HsmSlotNumber                                = "hsm.slot"
	HsmTokenLabel                                = "hsm.token_label" // #nosec G101
	KeyWellKnownKeys                             = "webfinger.jwks.broadcast_keys"
	KeyOAuth2ClientRegistrationURL               = "webfinger.oidc_discovery.client_registration_url"
	KeyOAuth2TokenURL                            = "webfinger.oidc_discovery.token_url" // #nosec G101
	KeyOAuth2AuthURL                             = "webfinger.oidc_discovery.auth_url"
	KeyJWKSURL                                   = "webfinger.oidc_discovery.jwks_url"
	KeyOIDCDiscoverySupportedClaims              = "webfinger.oidc_discovery.supported_claims"
	KeyOIDCDiscoverySupportedScope               = "webfinger.oidc_discovery.supported_scope"
	KeyOIDCDiscoveryUserinfoEndpoint             = "webfinger.oidc_discovery.userinfo_url"
	KeySubjectTypesSupported                     = "oidc.subject_identifiers.supported_types"
	KeyDefaultClientScope                        = "oidc.dynamic_client_registration.default_scope"
	KeyDSN                                       = "dsn"
	KeyBCryptCost                                = "oauth2.hashers.bcrypt.cost"
	KeyEncryptSessionData                        = "oauth2.session.encrypt_at_rest"
	KeyCookieSameSiteMode                        = "serve.cookies.same_site_mode"
	KeyCookieSameSiteLegacyWorkaround            = "serve.cookies.same_site_legacy_workaround"
	KeyConsentRequestMaxAge                      = "ttl.login_consent_request"
	KeyAccessTokenLifespan                       = "ttl.access_token"  // #nosec G101
	KeyRefreshTokenLifespan                      = "ttl.refresh_token" // #nosec G101
	KeyIDTokenLifespan                           = "ttl.id_token"      // #nosec G101
	KeyAuthCodeLifespan                          = "ttl.auth_code"
	KeyScopeStrategy                             = "strategies.scope"
	KeyGetCookieSecrets                          = "secrets.cookie"
	KeyGetSystemSecret                           = "secrets.system"
	KeyLogoutRedirectURL                         = "urls.post_logout_redirect"
	KeyLoginURL                                  = "urls.login"
	KeyLogoutURL                                 = "urls.logout"
	KeyConsentURL                                = "urls.consent"
	KeyErrorURL                                  = "urls.error"
	KeyPublicURL                                 = "urls.self.public"
	KeyIssuerURL                                 = "urls.self.issuer"
	KeyAccessTokenStrategy                       = "strategies.access_token"
	KeySubjectIdentifierAlgorithmSalt            = "oidc.subject_identifiers.pairwise.salt"
	KeyPublicAllowDynamicRegistration            = "oidc.dynamic_client_registration.enabled"
	KeyPKCEEnforced                              = "oauth2.pkce.enforced"
	KeyPKCEEnforcedForPublicClients              = "oauth2.pkce.enforced_for_public_clients"
	KeyLogLevel                                  = "log.level"
	KeyCGroupsV1AutoMaxProcsEnabled              = "cgroups.v1.auto_max_procs_enabled"
	KeyGrantAllClientCredentialsScopesPerDefault = "oauth2.client_credentials.default_grant_allowed_scope"
	KeyExposeOAuth2Debug                         = "oauth2.expose_internal_errors"
	KeyOAuth2LegacyErrors                        = "oauth2.include_legacy_error_fields"
	KeyExcludeNotBeforeClaim                     = "oauth2.exclude_not_before_claim"
	KeyAllowedTopLevelClaims                     = "oauth2.allowed_top_level_claims"
	KeyOAuth2GrantJWTIDOptional                  = "oauth2.grant.jwt.jti_optional"
	KeyOAuth2GrantJWTIssuedDateOptional          = "oauth2.grant.jwt.iat_optional"
	KeyOAuth2GrantJWTMaxDuration                 = "oauth2.grant.jwt.max_ttl"
	KeyRefreshTokenHookURL                       = "oauth2.refresh_token_hook" // #nosec G101
)
View Source
const (
	KeySuffixListenOnHost           = "host"
	KeySuffixListenOnPort           = "port"
	KeySuffixSocketOwner            = "socket.owner"
	KeySuffixSocketGroup            = "socket.group"
	KeySuffixSocketMode             = "socket.mode"
	KeySuffixDisableHealthAccessLog = "access_log.disable_for_health"
)
View Source
const (
	KeySuffixTLSEnabled              = "tls.enabled"
	KeySuffixTLSAllowTerminationFrom = "tls.allow_termination_from"
	KeySuffixTLSCertString           = "tls.cert.base64"
	KeySuffixTLSKeyString            = "tls.key.base64"
	KeySuffixTLSCertPath             = "tls.cert.path"
	KeySuffixTLSKeyPath              = "tls.key.path"

	KeyTLSAllowTerminationFrom = "serve." + KeySuffixTLSAllowTerminationFrom
	KeyTLSCertString           = "serve." + KeySuffixTLSCertString
	KeyTLSKeyString            = "serve." + KeySuffixTLSKeyString
	KeyTLSCertPath             = "serve." + KeySuffixTLSCertPath
	KeyTLSKeyPath              = "serve." + KeySuffixTLSKeyPath
)
View Source
const DSNMemory = "memory"

Variables

View Source
var (
	Version = "master"
	Date    = "undefined"
	Commit  = "undefined"
)

Functions

func MustValidate

func MustValidate(l *logrusx.Logger, p *Provider)

Types

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

func MustNew

func MustNew(l *logrusx.Logger, opts ...configx.OptionModifier) *Provider

func New

func New(l *logrusx.Logger, opts ...configx.OptionModifier) (*Provider, error)

func (*Provider) AccessTokenLifespan

func (p *Provider) AccessTokenLifespan() time.Duration

func (*Provider) AccessTokenStrategy

func (p *Provider) AccessTokenStrategy() string

func (*Provider) AllowedTopLevelClaims added in v1.10.3

func (p *Provider) AllowedTopLevelClaims() []string

func (*Provider) AuthCodeLifespan

func (p *Provider) AuthCodeLifespan() time.Duration

func (*Provider) BCryptCost

func (p *Provider) BCryptCost() int

func (*Provider) CGroupsV1AutoMaxProcsEnabled

func (p *Provider) CGroupsV1AutoMaxProcsEnabled() bool

func (*Provider) CORS

func (p *Provider) CORS(iface ServeInterface) (cors.Options, bool)

func (*Provider) ConsentRequestMaxAge

func (p *Provider) ConsentRequestMaxAge() time.Duration

func (*Provider) ConsentURL

func (p *Provider) ConsentURL() *url.URL

func (*Provider) CookieSameSiteLegacyWorkaround

func (p *Provider) CookieSameSiteLegacyWorkaround() bool

func (*Provider) CookieSameSiteMode

func (p *Provider) CookieSameSiteMode() http.SameSite

func (*Provider) DSN

func (p *Provider) DSN() string

func (*Provider) DataSourcePlugin

func (p *Provider) DataSourcePlugin() string

func (*Provider) DefaultClientScope

func (p *Provider) DefaultClientScope() []string

func (*Provider) DisableHealthAccessLog added in v1.10.2

func (p *Provider) DisableHealthAccessLog(iface ServeInterface) bool

func (*Provider) EncryptSessionData

func (p *Provider) EncryptSessionData() bool

func (*Provider) EnforcePKCEForPublicClients

func (p *Provider) EnforcePKCEForPublicClients() bool

func (*Provider) ErrorURL

func (p *Provider) ErrorURL() *url.URL

func (*Provider) ExcludeNotBeforeClaim added in v1.10.2

func (p *Provider) ExcludeNotBeforeClaim() bool

func (*Provider) GetCookieSecrets

func (p *Provider) GetCookieSecrets() [][]byte

func (*Provider) GetRotatedSystemSecrets

func (p *Provider) GetRotatedSystemSecrets() [][]byte

func (*Provider) GetSystemSecret

func (p *Provider) GetSystemSecret() []byte

func (*Provider) GrantAllClientCredentialsScopesPerDefault

func (p *Provider) GrantAllClientCredentialsScopesPerDefault() bool

func (*Provider) GrantTypeJWTBearerIDOptional added in v1.11.0

func (p *Provider) GrantTypeJWTBearerIDOptional() bool

func (*Provider) GrantTypeJWTBearerIssuedDateOptional added in v1.11.0

func (p *Provider) GrantTypeJWTBearerIssuedDateOptional() bool

func (*Provider) GrantTypeJWTBearerMaxDuration added in v1.11.0

func (p *Provider) GrantTypeJWTBearerMaxDuration() time.Duration

func (*Provider) HsmEnabled added in v1.11.0

func (p *Provider) HsmEnabled() bool

func (*Provider) HsmLibraryPath added in v1.11.0

func (p *Provider) HsmLibraryPath() string

func (*Provider) HsmPin added in v1.11.0

func (p *Provider) HsmPin() string

func (*Provider) HsmSlotNumber added in v1.11.0

func (p *Provider) HsmSlotNumber() *int

func (*Provider) HsmTokenLabel added in v1.11.0

func (p *Provider) HsmTokenLabel() string

func (*Provider) IDTokenLifespan

func (p *Provider) IDTokenLifespan() time.Duration

func (*Provider) InsecureRedirects

func (p *Provider) InsecureRedirects() []string

func (*Provider) IsUsingJWTAsAccessTokens

func (p *Provider) IsUsingJWTAsAccessTokens() bool

func (*Provider) IssuerURL

func (p *Provider) IssuerURL() *url.URL

func (*Provider) JWKSURL

func (p *Provider) JWKSURL() *url.URL

func (*Provider) ListenOn added in v1.10.2

func (p *Provider) ListenOn(iface ServeInterface) string

func (*Provider) LoginURL

func (p *Provider) LoginURL() *url.URL

func (*Provider) LogoutRedirectURL

func (p *Provider) LogoutRedirectURL() *url.URL

func (*Provider) LogoutURL

func (p *Provider) LogoutURL() *url.URL

func (*Provider) MustSet

func (p *Provider) MustSet(key string, value interface{})

func (*Provider) OAuth2AuthURL

func (p *Provider) OAuth2AuthURL() *url.URL

func (*Provider) OAuth2ClientRegistrationURL

func (p *Provider) OAuth2ClientRegistrationURL() *url.URL

func (*Provider) OAuth2LegacyErrors

func (p *Provider) OAuth2LegacyErrors() bool

func (*Provider) OAuth2TokenURL

func (p *Provider) OAuth2TokenURL() *url.URL

func (*Provider) OIDCDiscoverySupportedClaims

func (p *Provider) OIDCDiscoverySupportedClaims() []string

func (*Provider) OIDCDiscoverySupportedScope

func (p *Provider) OIDCDiscoverySupportedScope() []string

func (*Provider) OIDCDiscoveryUserinfoEndpoint

func (p *Provider) OIDCDiscoveryUserinfoEndpoint() *url.URL

func (*Provider) PKCEEnforced

func (p *Provider) PKCEEnforced() bool

func (*Provider) PublicAllowDynamicRegistration added in v1.11.0

func (p *Provider) PublicAllowDynamicRegistration() bool

func (*Provider) PublicURL

func (p *Provider) PublicURL() *url.URL

func (*Provider) RefreshTokenLifespan

func (p *Provider) RefreshTokenLifespan() time.Duration

func (*Provider) ScopeStrategy

func (p *Provider) ScopeStrategy() string

func (*Provider) Set

func (p *Provider) Set(key string, value interface{}) error

func (*Provider) ShareOAuth2Debug

func (p *Provider) ShareOAuth2Debug() bool

func (*Provider) SocketPermission added in v1.10.2

func (p *Provider) SocketPermission(iface ServeInterface) *configx.UnixPermission

func (*Provider) Source

func (p *Provider) Source() *configx.Provider

func (*Provider) SubjectIdentifierAlgorithmSalt

func (p *Provider) SubjectIdentifierAlgorithmSalt() string

func (*Provider) SubjectTypesSupported

func (p *Provider) SubjectTypesSupported() []string

func (*Provider) TLS added in v1.10.2

func (p *Provider) TLS(iface ServeInterface) TLSConfig

func (*Provider) TokenRefreshHookURL added in v1.10.7

func (p *Provider) TokenRefreshHookURL() *url.URL

func (*Provider) Tracing

func (p *Provider) Tracing() *tracing.Config

func (*Provider) WellKnownKeys

func (p *Provider) WellKnownKeys(include ...string) []string

type ServeInterface added in v1.10.2

type ServeInterface interface {
	Key(suffix string) string
}
var (
	PublicInterface ServeInterface = &servePrefix{
		prefix: "serve.public",
	}
	AdminInterface ServeInterface = &servePrefix{
		prefix: "serve.admin",
	}
)

type TLSConfig added in v1.10.2

type TLSConfig interface {
	Enabled() bool
	AllowTerminationFrom() []string
	Certificate() ([]tls.Certificate, error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL