config

package
v7.5.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2023 License: Apache-2.0 Imports: 10 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// these are set by main
	Version   = "unknown"
	Commit    = "unknown"
	Author    = "SAS Institute Inc."
	UserAgent = "relic/" + Version
)

Functions

func DefaultConfig

func DefaultConfig() string

Types

type AmqpConfig

type AmqpConfig struct {
	URL      string // AMQP URL to report signatures to i.e. amqp://user:password@host
	CaCert   string
	KeyFile  string
	CertFile string
	SigsXchg string // Name of exchange to send to (default relic.signatures)
}

func (*AmqpConfig) ExchangeName

func (aconf *AmqpConfig) ExchangeName() string

func (*AmqpConfig) RoutingKey

func (aconf *AmqpConfig) RoutingKey() string

type ClientConfig

type ClientConfig struct {
	Nickname    string   // Name that appears in audit log entries
	Roles       []string // List of roles that this client possesses
	Certificate string   // Optional CA certificate(s) that sign client certs instead of using fingerprint-based auth
	// contains filtered or unexported fields
}

func (*ClientConfig) Match

func (cl *ClientConfig) Match(incoming []*x509.Certificate) (bool, error)

type Config

type Config struct {
	Tokens    map[string]*TokenConfig  `yaml:",omitempty"`
	Keys      map[string]*KeyConfig    `yaml:",omitempty"`
	Server    *ServerConfig            `yaml:",omitempty"`
	Clients   map[string]*ClientConfig `yaml:",omitempty"`
	Remote    *RemoteConfig            `yaml:",omitempty"`
	Timestamp *TimestampConfig         `yaml:",omitempty"`
	Amqp      *AmqpConfig              `yaml:",omitempty"`

	PinFile string `yaml:",omitempty"` // Optional YAML file with additional token PINs
	// contains filtered or unexported fields
}

func FromEnvironment

func FromEnvironment() (*Config, error)

FromEnvironment tries to build a client-only config from environment variables. If none are set then returns nil.

func ReadFile

func ReadFile(path string) (*Config, error)

func (*Config) GetKey

func (config *Config) GetKey(keyName string) (*KeyConfig, error)

func (*Config) GetTimestampConfig

func (config *Config) GetTimestampConfig() (*TimestampConfig, error)

func (*Config) GetToken

func (config *Config) GetToken(tokenName string) (*TokenConfig, error)

func (*Config) ListServedTokens

func (config *Config) ListServedTokens() []string

ListServedTokens returns a list of token names that are accessible by at least one role

func (*Config) NewKey

func (config *Config) NewKey(name string) *KeyConfig

func (*Config) NewToken

func (config *Config) NewToken(name string) *TokenConfig

func (*Config) Normalize

func (config *Config) Normalize(path string) error

func (*Config) Path

func (config *Config) Path() string

type KeyConfig

type KeyConfig struct {
	Token           string   // Token section to use for this key (linux)
	Alias           string   // This is an alias for another key
	Label           string   // Select a key by label
	ID              string   // Select a key by ID (hex notation)
	PgpCertificate  string   // Path to PGP certificate associated with this key
	X509Certificate string   // Path to X.509 certificate associated with this key
	KeyFile         string   // For "file" tokens, path to the private key
	IsPkcs12        bool     // If true, key file contains PKCS#12 key and certificate chain
	Roles           []string // List of user roles that can use this key
	Timestamp       bool     // If true, attach a timestamped countersignature when possible
	Hide            bool     // If true, then omit this key from 'remote list-keys'
	// contains filtered or unexported fields
}

func (*KeyConfig) GetTimeout

func (keyConf *KeyConfig) GetTimeout() time.Duration

func (*KeyConfig) Name

func (keyConf *KeyConfig) Name() string

func (*KeyConfig) SetToken

func (keyConf *KeyConfig) SetToken(tokenConf *TokenConfig)

type RemoteConfig

type RemoteConfig struct {
	URL            string `yaml:",omitempty"` // URL of remote server
	DirectoryURL   string `yaml:",omitempty"` // URL of directory server
	KeyFile        string `yaml:",omitempty"` // Path to TLS client key file
	CertFile       string `yaml:",omitempty"` // Path to TLS client certificate or embedded certificate
	CaCert         string `yaml:",omitempty"` // Path to CA certificate or embedded certificate
	ConnectTimeout int    `yaml:",omitempty"` // Connection timeout in seconds
	Retries        int    `yaml:",omitempty"` // Attempt an operation (at least) N times

	AccessToken string `yaml:"-"`
	Interactive bool
}

type ServerAzureConfig added in v7.5.0

type ServerAzureConfig struct {
	Authority string
	ClientID  string
	Scopes    []string
}

type ServerConfig

type ServerConfig struct {
	Listen     string // Port to listen for TLS connections
	ListenHTTP string // Port to listen for plaintext connections
	KeyFile    string // Path to TLS key file
	CertFile   string // Path to TLS certificate chain
	LogFile    string // Optional error log
	LogLevel   string // Optional log level
	PolicyURL  string // Optional open-policy-agent endpoint

	Disabled      bool   // Always return 503 Service Unavailable
	ListenDebug   bool   // Serve debug info on an alternate port
	ListenMetrics string // Port to listen for plaintext metrics
	NumWorkers    int    // Number of worker subprocesses per configured token

	TokenCheckInterval int
	TokenCheckFailures int
	TokenCheckTimeout  int
	TokenCacheSeconds  int

	ReadHeaderTimeout int
	ReadTimeout       int
	WriteTimeout      int

	// URLs to all servers in the cluster. If a client uses DirectoryURL to
	// point to this server (or a load balancer), then we will give them these
	// URLs as a means to distribute load without needing a middle-box.
	Siblings []string

	// IP networks of trusted reverse proxies that can front this service
	TrustedProxies []string

	AzureAD *ServerAzureConfig
}

type TimestampConfig

type TimestampConfig struct {
	URLs      []string // List of timestamp server URLs
	MsURLs    []string // List of microsoft-style URLs
	Timeout   int      // Connect timeout in seconds
	CaCert    string   // Path to CA certificate
	Memcache  []string // host:port of memcached to use for caching timestamps
	RateLimit float64  // limit timestamp requests per second
	RateBurst int      // allow burst of requests before limit kicks in
}

type TokenConfig

type TokenConfig struct {
	Type       string  // Provider type: file or pkcs11 (default)
	Provider   string  // Path to PKCS#11 provider module (required)
	Label      string  // Select a token by label
	Serial     string  // Select a token by serial number
	Pin        *string // PIN to use, otherwise will be prompted. Can be empty. (optional)
	Timeout    int     // (server) Terminate command after N seconds (default 60)
	Retries    int     // (server) Retry failed commands N times (default 5)
	User       *uint   // User argument for PKCS#11 login (optional)
	UseKeyring bool    // Read PIN from system keyring
	// contains filtered or unexported fields
}

func (*TokenConfig) Name

func (tconf *TokenConfig) Name() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL