config

package
v2.0.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 5, 2022 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AccessTokenVerificationNone = "none"
	AccessTokenVerificationJWT  = "jwt"
)

Variables

View Source
var (
	// RouteTypes is an array of the available route types
	RouteTypes = []RouteType{QueryRoute, RegexRoute, PrefixRoute}
)

Functions

This section is empty.

Types

type AuthMiddleware

type AuthMiddleware struct {
	CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent"`
}

AuthMiddleware configures the proxy http auth middleware.

type ClaimsSelectorConf

type ClaimsSelectorConf struct {
	DefaultPolicy         string `yaml:"default_policy"`
	UnauthenticatedPolicy string `yaml:"unauthenticated_policy"`
	SelectorCookieName    string `yaml:"selector_cookie_name"`
}

ClaimsSelectorConf is the config for the claims-selector

type Config

type Config struct {
	Commons *shared.Commons `mask:"struct" yaml:"-"` // don't use this directly as configuration for a service

	Service Service `yaml:"-"`

	Tracing *Tracing `yaml:"tracing"`
	Log     *Log     `yaml:"log"`
	Debug   Debug    `mask:"struct" yaml:"debug"`

	HTTP HTTP `yaml:"http"`

	Reva          *shared.Reva          `yaml:"reva"`
	GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`

	Policies              []Policy        `yaml:"policies"`
	OIDC                  OIDC            `yaml:"oidc"`
	TokenManager          *TokenManager   `mask:"struct" yaml:"token_manager"`
	PolicySelector        *PolicySelector `yaml:"policy_selector"`
	PreSignedURL          PreSignedURL    `yaml:"pre_signed_url"`
	AccountBackend        string          `` /* 147-byte string literal not displayed */
	UserOIDCClaim         string          `` /* 190-byte string literal not displayed */
	UserCS3Claim          string          `` /* 198-byte string literal not displayed */
	MachineAuthAPIKey     string          `` /* 216-byte string literal not displayed */
	AutoprovisionAccounts bool            `` /* 279-byte string literal not displayed */
	EnableBasicAuth       bool            `` /* 132-byte string literal not displayed */
	InsecureBackends      bool            `` /* 130-byte string literal not displayed */
	BackendHTTPSCACert    string          `` /* 159-byte string literal not displayed */
	AuthMiddleware        AuthMiddleware  `yaml:"auth_middleware"`

	Context context.Context `yaml:"-" json:"-"`
}

Config combines all available configuration parts.

type Debug

type Debug struct {
	Addr   string `` /* 142-byte string literal not displayed */
	Token  string `mask:"password" yaml:"token" env:"PROXY_DEBUG_TOKEN" desc:"Token to secure the metrics endpoint."`
	Pprof  bool   `yaml:"pprof" env:"PROXY_DEBUG_PPROF" desc:"Enables pprof, which can be used for profiling."`
	Zpages bool   `yaml:"zpages" env:"PROXY_DEBUG_ZPAGES" desc:"Enables zpages, which can be used for collecting and viewing in-memory traces."`
}

Debug defines the available debug configuration.

type HTTP

type HTTP struct {
	Addr      string `yaml:"addr" env:"PROXY_HTTP_ADDR" desc:"The bind address of the HTTP service."`
	Root      string `yaml:"root" env:"PROXY_HTTP_ROOT" desc:"Subdirectory that serves as the root for this HTTP service."`
	Namespace string `yaml:"-"`
	TLSCert   string `yaml:"tls_cert" env:"PROXY_TRANSPORT_TLS_CERT" desc:"File name of the TLS server certificate for the HTTPS server."`
	TLSKey    string `yaml:"tls_key" env:"PROXY_TRANSPORT_TLS_KEY" desc:"File name of the TLS server certificate key for the HTTPS server."`
	TLS       bool   `yaml:"tls" env:"PROXY_TLS" desc:"Use the HTTPS server instead of the HTTP server."`
}

HTTP defines the available http configuration.

type JWKS

type JWKS struct {
	RefreshInterval   uint64 `` /* 189-byte string literal not displayed */
	RefreshTimeout    uint64 `yaml:"refresh_timeout" env:"PROXY_OIDC_JWKS_REFRESH_TIMEOUT" desc:"The timeout in seconds for an outgoing JWKS request."`
	RefreshRateLimit  uint64 `` /* 248-byte string literal not displayed */
	RefreshUnknownKID bool   `` /* 222-byte string literal not displayed */
}

type Log

type Log struct {
	Level  string `` /* 172-byte string literal not displayed */
	Pretty bool   `mapstructure:"pretty" env:"OCIS_LOG_PRETTY;PROXY_LOG_PRETTY" desc:"Activates pretty log output."`
	Color  bool   `mapstructure:"color" env:"OCIS_LOG_COLOR;PROXY_LOG_COLOR" desc:"Activates colorized log output."`
	File   string `` /* 126-byte string literal not displayed */
}

Log defines the available log configuration.

type OIDC

type OIDC struct {
	Issuer                  string        `` /* 133-byte string literal not displayed */
	Insecure                bool          `` /* 188-byte string literal not displayed */
	AccessTokenVerifyMethod string        `` /* 432-byte string literal not displayed */
	UserinfoCache           UserinfoCache `yaml:"user_info_cache"`
	JWKS                    JWKS          `yaml:"jwks"`
	RewriteWellKnown        bool          `` /* 245-byte string literal not displayed */
}

OIDC is the config for the OpenID-Connect middleware. If set the proxy will try to authenticate every request with the configured oidc-provider

type Policy

type Policy struct {
	Name   string  `yaml:"name"`
	Routes []Route `yaml:"routes"`
}

Policy enables us to use multiple directors.

type PolicySelector

type PolicySelector struct {
	Static *StaticSelectorConf `yaml:"static"`
	Claims *ClaimsSelectorConf `yaml:"claims"`
	Regex  *RegexSelectorConf  `yaml:"regex"`
}

PolicySelector is the toplevel-configuration for different selectors

type PreSignedURL

type PreSignedURL struct {
	AllowedHTTPMethods []string `yaml:"allowed_http_methods"`
	Enabled            bool     `yaml:"enabled" env:"PROXY_ENABLE_PRESIGNEDURLS" desc:"Allow OCS to get a signing key to sign requests."`
}

PreSignedURL is the config for the presigned url middleware

type RegexRuleConf

type RegexRuleConf struct {
	Priority int    `yaml:"priority"`
	Property string `yaml:"property"`
	Match    string `yaml:"match"`
	Policy   string `yaml:"policy"`
}

type RegexSelectorConf

type RegexSelectorConf struct {
	DefaultPolicy         string          `yaml:"default_policy"`
	MatchesPolicies       []RegexRuleConf `yaml:"matches_policies"`
	UnauthenticatedPolicy string          `yaml:"unauthenticated_policy"`
	SelectorCookieName    string          `yaml:"selector_cookie_name"`
}

RegexSelectorConf is the config for the regex-selector

type Route

type Route struct {
	Type RouteType `yaml:"type,omitempty"`
	// Method optionally limits the route to this HTTP method
	Method   string `yaml:"method,omitempty"`
	Endpoint string `yaml:"endpoint,omitempty"`
	// Backend is a static URL to forward the request to
	Backend string `yaml:"backend,omitempty"`
	// Service name to look up in the registry
	Service     string `yaml:"service,omitempty"`
	ApacheVHost bool   `yaml:"apache_vhost,omitempty"`
	Unprotected bool   `yaml:"unprotected,omitempty"`
}

Route defines forwarding routes

type RouteType

type RouteType string

RouteType defines the type of a route

const (
	// PrefixRoute are routes matched by a prefix
	PrefixRoute RouteType = "prefix"
	// QueryRoute are routes matched by a prefix and query parameters
	QueryRoute RouteType = "query"
	// RegexRoute are routes matched by a pattern
	RegexRoute RouteType = "regex"
	// DefaultRouteType is the PrefixRoute
	DefaultRouteType RouteType = PrefixRoute
)

type Service

type Service struct {
	Name string `yaml:"-"`
}

Service defines the available service configuration.

type StaticSelectorConf

type StaticSelectorConf struct {
	Policy string `yaml:"policy"`
}

StaticSelectorConf is the config for the static-policy-selector

type TokenManager

type TokenManager struct {
	JWTSecret string `mask:"password" yaml:"jwt_secret" env:"OCIS_JWT_SECRET;PROXY_JWT_SECRET" desc:"The secret to mint and validate JWT tokens."`
}

TokenManager is the config for using the reva token manager

type Tracing

type Tracing struct {
	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;PROXY_TRACING_ENABLED" desc:"Activates tracing."`
	Type      string `` /* 190-byte string literal not displayed */
	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;PROXY_TRACING_ENDPOINT" desc:"The endpoint of the tracing agent."`
	Collector string `` /* 228-byte string literal not displayed */
}

Tracing defines the available tracing configuration.

type UserinfoCache

type UserinfoCache struct {
	Size int `yaml:"size" env:"PROXY_OIDC_USERINFO_CACHE_SIZE" desc:"Cache size for OIDC user info."`
	TTL  int `yaml:"ttl" env:"PROXY_OIDC_USERINFO_CACHE_TTL" desc:"Max TTL in seconds for the OIDC user info cache."`
}

UserinfoCache is a TTL cache configuration.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL