config

package
v0.0.0-...-a91455d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2019 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultServerPort is the default listening port for the rksync-ca server
	DefaultServerPort = 8054

	// DefaultServerAddr is the default listening address for the rksync-ca server
	DefaultServerAddr = "0.0.0.0"
)

Variables

View Source 
var DefaultCipherSuites = []uint16{
	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
}

DefaultCipherSuites is a set of strong TLS cipher suites

Functions

func AbsTLSClient 

func AbsTLSClient(cfg *ClientTLSConfig, configDir string) error

AbsTLSClient makes TLS client files absolute

func AbsTLSServer 

func AbsTLSServer(cfg *ServerTLSConfig, configDir string) error

AbsTLSServer makes TLS server files absolute

func GetClientTLSConfig 

func GetClientTLSConfig(cfg *ClientTLSConfig, csp cccsp.CCCSP) (*tls.Config, error)

GetClientTLSConfig creates a tls.Config oject from certs and roots

func UnmarshalConfig 

func UnmarshalConfig(cfg interface{}, vp *viper.Viper, configFile string, server bool) error

UnmarshalConfig unmarshals a configuration file

Types

type CAConfig 

type CAConfig struct {
	Version      string `skip:"true"`
	CA           CAInfo
	Signing      *cfsslcfg.Signing `skip:"true"`
	CSR          api.CSRInfo
	Intermediate IntermediateCA
	Registry     CAConfigRegistry
	CRL          CRLConfig
	Client       *ClientConfig `skip:"true"`
	DB           CAConfigDB
}

CAConfig is the CA instance's configuration

type CAConfigDB 

type CAConfigDB struct {
	Type       string `def:"mariadb" help:"Type of database"`
	Datasource string `help:"Data source which is database specific"`
}

CAConfigDB is the database part of the server's config

type CAConfigRegistry 

type CAConfigRegistry struct {
	MaxEnrollments int `def:"-1" help:"Maximum number of enrollments"`
}

CAConfigRegistry is the registry part of the server's config

type CAInfo 

type CAInfo struct {
	Name      string `opt:"n" help:"Certificate Authority name"`
	Keyfile   string `help:"PEM-encoded CA key file"`
	Certfile  string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"`
	Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"`
}

CAInfo is the CA information on a rksync-ca

type CRLConfig 

type CRLConfig struct {
	Expiry time.Duration `def:"24h" help:"Expiration for the CRL generated by the gencrl request"`
}

CRLConfig contains configuration options used by the gencrl request handler

type ClientAuth 

type ClientAuth struct {
	Type      string   `def:"noclientcert" help:"Policy the server will follow for TLS Client Authentication"`
	CertFiles []string `help:"A list of comma-separated PEM-encoded trusted certificate files"`
}

ClientAuth defines the key material needed to verify client certificates

type ClientConfig 

type ClientConfig struct {
	URL      string
	TLS      ClientTLSConfig
	Debug    bool
	LogLevel string
	CAName   string
	CSR      api.CSRInfo
}

ClientConfig is the rksync-ca client's config

type ClientTLSConfig 

type ClientTLSConfig struct {
	Enabled   bool     `skip:"true"`
	CertFiles []string `help:"A list of comma-separated PEM-encoded trusted certificate file"`
	Client    KeyCertFiles
}

ClientTLSConfig defines the key material for a TLS client

type IntermediateCA 

type IntermediateCA struct {
	ParentServer ParentServer
	TLS          ClientTLSConfig
}

IntermediateCA contains parent server information, TLS configuration, and enrollment request for an intermediate CA

type KeyCertFiles 

type KeyCertFiles struct {
	KeyFile  string `help:"PEM-encoded key file when mutual authentication is enabled"`
	CertFile string `help:"PEM-encoded certificate file when mutual anthenticate is enabled"`
}

KeyCertFiles defines the files need for client on TLS

type ParentServer 

type ParentServer struct {
	URL    string `opt:"u" help:"URL of the parent rksync-ca-server"`
	CAName string `help:"Name of the CA to connect to"`
}

ParentServer contains URL for the parent server and the name of CA inside the server to connect to

type ServerConfig 

type ServerConfig struct {
	// Listening port for the server
	Port int `def:"8054" opt:"p" help:"Listening port of rksync-ca-server"`
	// Bind address for the server
	Address string `def:"0.0.0.0" help:"Listening address of rksync-ca-server"`
	// Enables  debug logging
	Debug bool `def:"false" opt:"d" help:"Enable debug level logging" hide:"true"`
	// Sets the logging level on the server
	LogLevel string `help:"Set logging level (info, warning, debug, error, fatal)"`
	// CACfg is the default CA's config
	CACfg CAConfig `skip:"true"`
	// TLS for the server's listening endpoint
	TLS ServerTLSConfig
	// Size limit of an acceptable CRL in bytes
	CRLSizeLimit int `def:"51200" help:"Size limit of an acceptable CRL in bytes"`
}

ServerConfig is the rksync-ca server's configuration

type ServerTLSConfig 

type ServerTLSConfig struct {
	Enabled    bool   `help:"Enable TLS on the listening port"`
	CertFile   string `def:"tls-cert.pem" help:"PEM-encoded TLS certificate file for server's listening port"`
	KeyFile    string `help:"PEM-encoded TLS key for server's listening port"`
	ClientAuth ClientAuth
}

ServerTLSConfig defines key material for a TLS server

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.