Documentation ¶
Index ¶
- Constants
- Variables
- type AuthMiddleware
- type ClaimsSelectorConf
- type Config
- type Debug
- type HTTP
- type JWKS
- type Log
- type OIDC
- type Policy
- type PolicySelector
- type PreSignedURL
- type RegexRuleConf
- type RegexSelectorConf
- type Route
- type RouteType
- type Service
- type StaticSelectorConf
- type TokenManager
- type Tracing
- type UserinfoCache
Constants ¶
const ( AccessTokenVerificationNone = "none" AccessTokenVerificationJWT = "jwt" )
Variables ¶
var ( // RouteTypes is an array of the available route types RouteTypes = []RouteType{QueryRoute, RegexRoute, PrefixRoute} )
Functions ¶
This section is empty.
Types ¶
type AuthMiddleware ¶
type AuthMiddleware struct {
CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent"`
}
AuthMiddleware configures the proxy http auth middleware.
type ClaimsSelectorConf ¶
type ClaimsSelectorConf struct { DefaultPolicy string `yaml:"default_policy"` UnauthenticatedPolicy string `yaml:"unauthenticated_policy"` SelectorCookieName string `yaml:"selector_cookie_name"` }
ClaimsSelectorConf is the config for the claims-selector
type Config ¶
type Config struct { Commons *shared.Commons `mask:"struct" yaml:"-"` // don't use this directly as configuration for a service Service Service `yaml:"-"` Tracing *Tracing `yaml:"tracing"` Log *Log `yaml:"log"` Debug Debug `mask:"struct" yaml:"debug"` HTTP HTTP `yaml:"http"` Reva *shared.Reva `yaml:"reva"` GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` Policies []Policy `yaml:"policies"` OIDC OIDC `yaml:"oidc"` TokenManager *TokenManager `mask:"struct" yaml:"token_manager"` PolicySelector *PolicySelector `yaml:"policy_selector"` PreSignedURL PreSignedURL `yaml:"pre_signed_url"` AccountBackend string `` /* 147-byte string literal not displayed */ UserOIDCClaim string `` /* 190-byte string literal not displayed */ UserCS3Claim string `` /* 198-byte string literal not displayed */ MachineAuthAPIKey string `` /* 216-byte string literal not displayed */ AutoprovisionAccounts bool `` /* 279-byte string literal not displayed */ EnableBasicAuth bool `` /* 132-byte string literal not displayed */ InsecureBackends bool `` /* 130-byte string literal not displayed */ BackendHTTPSCACert string `` /* 159-byte string literal not displayed */ AuthMiddleware AuthMiddleware `yaml:"auth_middleware"` Context context.Context `yaml:"-" json:"-"` }
Config combines all available configuration parts.
type Debug ¶
type Debug struct { Addr string `` /* 142-byte string literal not displayed */ Token string `mask:"password" yaml:"token" env:"PROXY_DEBUG_TOKEN" desc:"Token to secure the metrics endpoint."` Pprof bool `yaml:"pprof" env:"PROXY_DEBUG_PPROF" desc:"Enables pprof, which can be used for profiling."` Zpages bool `yaml:"zpages" env:"PROXY_DEBUG_ZPAGES" desc:"Enables zpages, which can be used for collecting and viewing in-memory traces."` }
Debug defines the available debug configuration.
type HTTP ¶
type HTTP struct { Addr string `yaml:"addr" env:"PROXY_HTTP_ADDR" desc:"The bind address of the HTTP service."` Root string `yaml:"root" env:"PROXY_HTTP_ROOT" desc:"Subdirectory that serves as the root for this HTTP service."` Namespace string `yaml:"-"` TLSCert string `yaml:"tls_cert" env:"PROXY_TRANSPORT_TLS_CERT" desc:"File name of the TLS server certificate for the HTTPS server."` TLSKey string `yaml:"tls_key" env:"PROXY_TRANSPORT_TLS_KEY" desc:"File name of the TLS server certificate key for the HTTPS server."` TLS bool `yaml:"tls" env:"PROXY_TLS" desc:"Use the HTTPS server instead of the HTTP server."` }
HTTP defines the available http configuration.
type JWKS ¶
type JWKS struct { RefreshInterval uint64 `` /* 189-byte string literal not displayed */ RefreshTimeout uint64 `yaml:"refresh_timeout" env:"PROXY_OIDC_JWKS_REFRESH_TIMEOUT" desc:"The timeout in seconds for an outgoing JWKS request."` RefreshRateLimit uint64 `` /* 248-byte string literal not displayed */ RefreshUnknownKID bool `` /* 222-byte string literal not displayed */ }
type Log ¶
type Log struct { Level string `` /* 172-byte string literal not displayed */ Pretty bool `mapstructure:"pretty" env:"OCIS_LOG_PRETTY;PROXY_LOG_PRETTY" desc:"Activates pretty log output."` Color bool `mapstructure:"color" env:"OCIS_LOG_COLOR;PROXY_LOG_COLOR" desc:"Activates colorized log output."` File string `` /* 126-byte string literal not displayed */ }
Log defines the available log configuration.
type OIDC ¶
type OIDC struct { Issuer string `` /* 133-byte string literal not displayed */ Insecure bool `` /* 188-byte string literal not displayed */ AccessTokenVerifyMethod string `` /* 432-byte string literal not displayed */ UserinfoCache UserinfoCache `yaml:"user_info_cache"` JWKS JWKS `yaml:"jwks"` RewriteWellKnown bool `` /* 245-byte string literal not displayed */ }
OIDC is the config for the OpenID-Connect middleware. If set the proxy will try to authenticate every request with the configured oidc-provider
type PolicySelector ¶
type PolicySelector struct { Static *StaticSelectorConf `yaml:"static"` Claims *ClaimsSelectorConf `yaml:"claims"` Regex *RegexSelectorConf `yaml:"regex"` }
PolicySelector is the toplevel-configuration for different selectors
type PreSignedURL ¶
type PreSignedURL struct { AllowedHTTPMethods []string `yaml:"allowed_http_methods"` Enabled bool `yaml:"enabled" env:"PROXY_ENABLE_PRESIGNEDURLS" desc:"Allow OCS to get a signing key to sign requests."` }
PreSignedURL is the config for the presigned url middleware
type RegexRuleConf ¶
type RegexSelectorConf ¶
type RegexSelectorConf struct { DefaultPolicy string `yaml:"default_policy"` MatchesPolicies []RegexRuleConf `yaml:"matches_policies"` UnauthenticatedPolicy string `yaml:"unauthenticated_policy"` SelectorCookieName string `yaml:"selector_cookie_name"` }
RegexSelectorConf is the config for the regex-selector
type Route ¶
type Route struct { Type RouteType `yaml:"type,omitempty"` // Method optionally limits the route to this HTTP method Method string `yaml:"method,omitempty"` Endpoint string `yaml:"endpoint,omitempty"` // Backend is a static URL to forward the request to Backend string `yaml:"backend,omitempty"` // Service name to look up in the registry Service string `yaml:"service,omitempty"` ApacheVHost bool `yaml:"apache_vhost,omitempty"` Unprotected bool `yaml:"unprotected,omitempty"` }
Route defines forwarding routes
type RouteType ¶
type RouteType string
RouteType defines the type of a route
const ( // PrefixRoute are routes matched by a prefix PrefixRoute RouteType = "prefix" // QueryRoute are routes matched by a prefix and query parameters QueryRoute RouteType = "query" // RegexRoute are routes matched by a pattern RegexRoute RouteType = "regex" // DefaultRouteType is the PrefixRoute DefaultRouteType RouteType = PrefixRoute )
type Service ¶
type Service struct {
Name string `yaml:"-"`
}
Service defines the available service configuration.
type StaticSelectorConf ¶
type StaticSelectorConf struct {
Policy string `yaml:"policy"`
}
StaticSelectorConf is the config for the static-policy-selector
type TokenManager ¶
type TokenManager struct {
JWTSecret string `mask:"password" yaml:"jwt_secret" env:"OCIS_JWT_SECRET;PROXY_JWT_SECRET" desc:"The secret to mint and validate JWT tokens."`
}
TokenManager is the config for using the reva token manager
type Tracing ¶
type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;PROXY_TRACING_ENABLED" desc:"Activates tracing."` Type string `` /* 190-byte string literal not displayed */ Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;PROXY_TRACING_ENDPOINT" desc:"The endpoint of the tracing agent."` Collector string `` /* 228-byte string literal not displayed */ }
Tracing defines the available tracing configuration.
type UserinfoCache ¶
type UserinfoCache struct { Size int `yaml:"size" env:"PROXY_OIDC_USERINFO_CACHE_SIZE" desc:"Cache size for OIDC user info."` TTL int `yaml:"ttl" env:"PROXY_OIDC_USERINFO_CACHE_TTL" desc:"Max TTL in seconds for the OIDC user info cache."` }
UserinfoCache is a TTL cache configuration.