elephantine

package module
v0.16.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2024 License: MIT Imports: 37 Imported by: 6

README

Elephantine

Go Reference

Shared functionality for Elephant systems. It's most likely not something anyone outside of Elephant would be interested in.

Documentation

Index

Constants

View Source
const (
	// LogKeyLogLevel is the log level that an application was configured
	// with.
	LogKeyLogLevel = "log_level"
	// LogKeyError is an error message.
	LogKeyError = "err"
	// LogKeyErrorCode is an error code.
	LogKeyErrorCode = "err_code"
	// LogKeyErrorMeta is a JSON object with error metadata.
	LogKeyErrorMeta = "err_meta"
	// LogKeyCountMetric was planned to be used to increment a given metric
	// when used. TODO: not implemented yet, should it be removed?
	LogKeyCountMetric = "count_metric"
	// LogKeyDocumentUUID is the UUID of a document.
	LogKeyDocumentUUID = "document_uuid"
	// LogKeyDocumentVersion is the version of a document.
	LogKeyDocumentVersion = "document_version"
	// LogKeyDocumentStatus is the status of a document.
	LogKeyDocumentStatus = "document_status"
	// LogKeyDocumentStatus is the id of a document status.
	LogKeyDocumentStatusID = "document_status_id"
	// LogKeyTransaction is the name of a transaction, usually used to
	// identify a transaction that has failed.
	LogKeyTransaction = "transaction"
	// LogKeyOCSource is used to identify a source document from OC by UUID.
	LogKeyOCSource = "oc_source"
	// LogKeyOCVersion is the version of the OC document.
	LogKeyOCVersion = "oc_version"
	// LogKeyOCEvent is the type of an OC event- or content-log event.
	LogKeyOCEvent = "oc_event"
	// LogKeyChannel identifies a notification channel.
	LogKeyChannel = "channel"
	// LogKeyMessage can be used to log a unexpected message.
	LogKeyMessage = "message"
	// LogKeyDelay can be used to communicate the delay when logging
	// information about retry attempts and backoff delays.
	LogKeyDelay = "delay"
	// LogKeyRetries can be used to communicate a retry attempt counter.
	LogKeyAttempts = "attempts"
	// LogKeyBucket is used to log a S3 bucket name.
	LogKeyBucket = "bucket"
	// LogKeyObjectKey is used to log a S3 object key.
	LogKeyObjectKey = "object_key"
	// LogKeyComponent is used to communicate what application subcomponent
	// the log entry is from.
	LogKeyComponent = "component"
	// LogKeyCount is used to communicate a count.
	LogKeyCount = "count"
	// LogKeyEventID is the ID of an event.
	LogKeyEventID = "event_id"
	// LogKeyEventType is the type of an event.
	LogKeyEventType = "event_type"
	// LogKeyJobLock is the name of a job lock.
	LogKeyJobLock = "job_lock"
	// LogKeyJobLockID is the ID of a job lock.
	LogKeyJobLockID = "job_lock_id"
	// LogKeyState is the name of a state, like "held", "lost" or "accepted".
	LogKeyState = "state"
	// LogKeyIndex is the name of a search index, like an Open Search index.
	LogKeyIndex = "index"
	// LogKeyRoute is used to name a route or path.
	LogKeyRoute = "route"
	// LogKeyService is used to specify an RPC service.
	LogKeyService = "service"
	// LogKeyMethod is used to specify an RPC method.
	LogKeyMethod = "method"
	// LogKeySubject is the sub of an authenticated client.
	LogKeySubject = "sub"
	// LogKeyScopes are the scopes of the authenticated client.
	LogKeyScopes = "scopes"
	// LogKeyStatusCode is the HTTP status code used for a response.
	LogKeyStatusCode = "status_code"
	// LogKeyName is the name of a resource.
	LogKeyName = "name"
)

Log attribute keys used throughout the application.

View Source
const (
	EnvServiceAccountToken         = "SERVICE_ACCOUNT_TOKEN"
	DefaultServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
	EnvVaultAuthRole               = "VAULT_AUTH_ROLE"
	DefaultAuthRole                = "deploy"
)

Variables

View Source
var ErrNoAuthorization = errors.New("no authorization provided")

ErrNoAuthorization is used to communicate that authorization was completely missing, rather than being invalid, expired, or malformed.

Functions

func AuthenticationCLIFlags added in v0.13.5

func AuthenticationCLIFlags() []cli.Flag

AuthenticationCLIFlags returns all the CLI flags that are needed to later call AuthenticationConfigFromCLI with the resulting cli.Context.

func CORSMiddleware added in v0.11.0

func CORSMiddleware(opts CORSOptions, handler http.Handler) http.Handler

func GetLogMetadata added in v0.5.0

func GetLogMetadata(ctx context.Context) map[string]any

GetLogMetadata returns the log metatada map for the context.

func HTTPErrorFromResponse

func HTTPErrorFromResponse(res *http.Response) error

HTTPErrorFromResponse creates a HTTPError from a response struct. This will consume and create a copy of the response body, so don't use it in a scenario where you expect really large error response bodies.

If we fail to copy the response body the error will be joined with the HTTPError.

func HTTPErrorHandlerFunc added in v0.14.0

func HTTPErrorHandlerFunc(
	fn func(http.ResponseWriter, *http.Request) error,
) http.HandlerFunc

HTTPErrorHandlerFunc creates a http.HandlerFunc from a function that can return an error. If the error is a HTTPError the information it carries will be used for the error response. Otherwise it will be treated as a internal server error and the error message will be sent as the response.

func IsHTTPErrorWithStatus

func IsHTTPErrorWithStatus(err error, status int) bool

IsHTTPErrorWithStatus checks if the error (or any error in its tree) is a HTTP error with the given status code.

func IsTwirpErrorCode added in v0.4.0

func IsTwirpErrorCode(err error, code twirp.ErrorCode) bool

IsTwirpErrorCode checks if any error in the tree is a twirp.Error with the given error code.

func ListenAndServeContext

func ListenAndServeContext(
	ctx context.Context, server *http.Server,
	shutdownTimeout time.Duration,
) error

ListenAndServeContext will call ListenAndServe() for the provided server and then Shutdown() if the context is cancelled.

Check `errors.Is(err, http.ErrServerClosed)` to differentiate between a graceful server close and other errors.

func LogMetadataMiddleware added in v0.9.6

func LogMetadataMiddleware(next http.Handler) http.Handler

LogMetadataMiddleware wraps an http.Handler with a middleware that adds a log metadata map to the request context.

func LoggingHooks added in v0.5.0

func LoggingHooks(
	logger *slog.Logger,
) *twirp.ServerHooks

LoggingHooks creaes a twirp.ServerHooks that will set log metadata for the twirp service and method name, and log error responses.

func MarshalFile added in v0.8.2

func MarshalFile(path string, o interface{}) (outErr error)

MarshalToFile is a utility function for marshalling a data structore to JSON and write it to a fil. The JSON will be pretty printed.

func NewTwirpMetricsHooks added in v0.4.0

func NewTwirpMetricsHooks(opts ...TwirpMetricOptionFunc) (*twirp.ServerHooks, error)

NewTwirpMetricsHooks creates new twirp hooks enabling prometheus metrics.

func OpenIDConnectParameters deprecated added in v0.13.0

func OpenIDConnectParameters() []cli.Flag

OpenIDConnectParameters

Deprecated: Use AuthenticationCLIFlags() instead.

func RHandleFunc deprecated

RHandleFunc creates a httprouter.Handle from a function that can return an error. If the error is a HTTPError the information it carries will be used for the error response. Otherwise it will be treated as a internal server eror and the error message will be sent as the response.

Deprecated: use the standard library muxer and HTTPErrorHandlerFunc instead.

func ResolveParameter

func ResolveParameter(
	ctx context.Context, c *cli.Context, src ParameterSource, name string,
) (string, error)

ResolveParameter loads the parameter from the parameter source if "[name]-parameter" has been set for the cli.Context, otherwise the value of "[name]" will be returned.

func SafeClose added in v0.6.2

func SafeClose(logger *slog.Logger, name string, c io.Closer)

SafeClose can be used with defer to defer the Close of a resource without ignoring the error.

func ScopePrefixRegexp added in v0.12.0

func ScopePrefixRegexp(prefix string) *regexp.Regexp

func SetAuthInfo added in v0.6.0

func SetAuthInfo(ctx context.Context, info *AuthInfo) context.Context

SetAuthInfo creates a child context with the given authentication information.

func SetLogMetadata added in v0.5.0

func SetLogMetadata(ctx context.Context, key string, value any)

SetLogMetadata sets a log metadata value on the context if it has a log metadata map.

func SetUpLogger

func SetUpLogger(logLevel string, w io.Writer) *slog.Logger

SetUpLogger creates a default JSON logger and sets it as the global logger.

func TwirpErrorToHTTPStatusCode added in v0.8.4

func TwirpErrorToHTTPStatusCode(err error) int

TwirpErrorToHTTPStatusCode returns the HTTP status code for the given error. If the error is nil 200 will be returned, if the error isn't a twirp.Error 500 will be returned.

func UnmarshalFile

func UnmarshalFile(path string, o interface{}) (outErr error)

UnmarshalFile is a utility function for reading and unmarshalling a file containing JSON. The parsing will be strict and disallow unknown fields.

func UnmarshalHTTPResource

func UnmarshalHTTPResource(resURL string, o interface{}) (outErr error)

UnmarshalHTTPResource is a utility function for reading and unmarshalling a HTTP resource. Uses the default HTTP client.

func WithLogMetadata added in v0.5.0

func WithLogMetadata(ctx context.Context) context.Context

WithLogMetadata creates a child context with a log metadata map.

Types

type APIServer added in v0.14.0

type APIServer struct {
	Mux    *http.ServeMux
	Health *HealthServer
	CORS   *CORSOptions
	// contains filtered or unexported fields
}

func NewAPIServer added in v0.14.0

func NewAPIServer(
	logger *slog.Logger,
	addr string, profileAddr string,
) *APIServer

func (*APIServer) AliveEndpoint added in v0.14.0

func (s *APIServer) AliveEndpoint() string

func (*APIServer) ListenAndServe added in v0.14.0

func (s *APIServer) ListenAndServe(ctx context.Context) error

func (*APIServer) RegisterAPI added in v0.14.0

func (s *APIServer) RegisterAPI(
	api APIServiceHandler, opt ServiceOptions,
)

type APIServiceHandler added in v0.14.0

type APIServiceHandler interface {
	http.Handler

	PathPrefix() string
}

type AuthInfo added in v0.6.0

type AuthInfo struct {
	Token  string
	Claims JWTClaims
}

AuthInfo is used to add authentication information to a request context.

func GetAuthInfo added in v0.6.0

func GetAuthInfo(ctx context.Context) (*AuthInfo, bool)

GetAuthInfo returns the authentication information for the given context.

func RequireAnyScope added in v0.14.0

func RequireAnyScope(ctx context.Context, scopes ...string) (*AuthInfo, error)

type AuthInfoParser added in v0.12.0

type AuthInfoParser interface {
	// AuthInfoFromHeader extracts the AuthInfo from a HTTP Authorization
	// header. Return ErrNoAuthorization if no authorization information was
	// provided.
	AuthInfoFromHeader(authorization string) (*AuthInfo, error)
}

type AuthenticationConfig added in v0.13.0

type AuthenticationConfig struct {
	OIDCConfig  *OpenIDConnectConfig
	TokenSource oauth2.TokenSource
	AuthParser  *JWTAuthInfoParser
	// contains filtered or unexported fields
}

func AuthenticationConfigFromCLI added in v0.13.0

func AuthenticationConfigFromCLI(
	c *cli.Context, paramSource ParameterSource,
	scopes []string,
) (*AuthenticationConfig, error)

func (*AuthenticationConfig) NewTokenSource added in v0.13.6

func (conf *AuthenticationConfig) NewTokenSource(
	ctx context.Context, scopes []string,
) (oauth2.TokenSource, error)

type BackoffFunction added in v0.14.0

type BackoffFunction func(retry int) time.Duration

func StaticBackoff added in v0.14.0

func StaticBackoff(wait time.Duration) BackoffFunction

type CORSOptions added in v0.11.0

type CORSOptions struct {
	AllowInsecure          bool
	AllowInsecureLocalhost bool
	Hosts                  []string
	AllowedMethods         []string
	AllowedHeaders         []string
	MaxAgeSeconds          int
}

type ErrGroup added in v0.14.0

type ErrGroup struct {
	// contains filtered or unexported fields
}

func NewErrGroup added in v0.14.0

func NewErrGroup(ctx context.Context, logger *slog.Logger) *ErrGroup

func (*ErrGroup) Go added in v0.14.0

func (eg *ErrGroup) Go(task string, fn func(ctx context.Context) error)

func (*ErrGroup) GoWithRetries added in v0.14.0

func (eg *ErrGroup) GoWithRetries(
	task string,
	maxRetries int,
	backoff BackoffFunction,
	resetAfter time.Duration,
	fn func(ctx context.Context) error,
)

GoWithRetries runs a task in a retry look. The retry counter will reset to zero if more time than `resetAfter` has passed since the last error. This is used to avoid creeping up on a retry limit over long periods of time.

func (*ErrGroup) Wait added in v0.14.0

func (eg *ErrGroup) Wait() error

type GracefulShutdown added in v0.4.0

type GracefulShutdown struct {
	// contains filtered or unexported fields
}

GracefulShutdown is a helper that can be used to listen for SIGINT and SIGTERM to gracefully shut down your application.

SIGTERM will trigger a stop, followed by quit after the specified timeout. SIGINT will trigger a immediate quit.

func NewGracefulShutdown added in v0.4.0

func NewGracefulShutdown(logger *slog.Logger, timeout time.Duration) *GracefulShutdown

NewGracefulShutdown creates a new GracefulShutdown that will wait for `timeout` between "stop" and "quit".

func NewManualGracefulShutdown added in v0.9.1

func NewManualGracefulShutdown(logger *slog.Logger, timeout time.Duration) *GracefulShutdown

NewManualGracefulShutdown creates a GracefulShutdown instance that doesn't listen to OS signals.

func (*GracefulShutdown) CancelOnQuit added in v0.4.0

func (gs *GracefulShutdown) CancelOnQuit(ctx context.Context) context.Context

CancelOnQuit returns a child context that will be cancelled when quit is triggered.

func (*GracefulShutdown) CancelOnStop added in v0.4.0

func (gs *GracefulShutdown) CancelOnStop(ctx context.Context) context.Context

CancelOnStop returns a child context that will be cancelled when stop is triggered.

func (*GracefulShutdown) ShouldQuit added in v0.4.0

func (gs *GracefulShutdown) ShouldQuit() <-chan struct{}

ShouldQuit returns a channel that will be closed when quit is triggered.

func (*GracefulShutdown) ShouldStop added in v0.4.0

func (gs *GracefulShutdown) ShouldStop() <-chan struct{}

ShouldStop returns a channel that will be closed when stop is triggered.

func (*GracefulShutdown) Stop added in v0.4.0

func (gs *GracefulShutdown) Stop()

Stop triggers a stop, which will trigger quit after the configured timeout.

type HTTPClientInstrumentation added in v0.4.0

type HTTPClientInstrumentation struct {
	// contains filtered or unexported fields
}

HTTPClientInstrumentation provides a way to instrument HTTP clients.

func NewHTTPClientIntrumentation added in v0.4.0

func NewHTTPClientIntrumentation(
	registerer prometheus.Registerer,
) (*HTTPClientInstrumentation, error)

NewHTTPClientIntrumentation registers a set of HTTP client metrics with the provided registerer.

func (*HTTPClientInstrumentation) Client added in v0.4.0

func (ci *HTTPClientInstrumentation) Client(name string, client *http.Client) error

Client instruments the HTTP client transport with the standard promhttp metrics. The client_requests_total, client_in_flight_requests, and client_request_duration_seconds metrics will be labelled with the client name.

type HTTPError

type HTTPError struct {
	Status     string
	StatusCode int
	Header     http.Header
	Body       io.Reader
}

HTTPError can be used to describe a non-OK response. Either as an error value in a client that got an error response from a server, or in a server implementation to communicate what the error response to a client should be.

func HTTPErrorf

func HTTPErrorf(statusCode int, format string, a ...any) *HTTPError

HTTPErrorf creates a HTTPError using a format string.

func NewHTTPError

func NewHTTPError(statusCode int, message string) *HTTPError

NewHTTPError creates a new HTTPError with the given status code and response message.

func (*HTTPError) Error

func (e *HTTPError) Error() string

Error implements the error interface.

type HealthServer

type HealthServer struct {
	// contains filtered or unexported fields
}

HealthServer exposes health endpoints, metrics, and PPROF endpoints.

A HealthServer should never be publicly exposed, as that both could expose sensitive information and could be used to DDOS your application.

Example output for a request to `GET /health/ready`:

{
  "api_liveness": {
    "ok": false,
    "error": "api liveness endpoint returned non-ok status: 404 Not Found"
  },
  "postgres": {
    "ok": true
  },
  "s3": {
    "ok": true
  }
}

func NewHealthServer

func NewHealthServer(logger *slog.Logger, addr string) *HealthServer

NewHealthServer creates a new health server that will listen to the provided address.

func NewTestHealthServer added in v0.9.3

func NewTestHealthServer(logger *slog.Logger) *HealthServer

func (*HealthServer) AddReadyFunction

func (s *HealthServer) AddReadyFunction(name string, fn ReadyFunc)

AddReadyFunction adds a function that will be called when a client requests "/health/ready".

func (*HealthServer) Close

func (s *HealthServer) Close() error

Close stops the health server.

func (*HealthServer) ListenAndServe

func (s *HealthServer) ListenAndServe(ctx context.Context) error

ListenAndServe starts the health server, shutting it down if the context gets cancelled.

type JWTAuthInfoParser added in v0.16.0

type JWTAuthInfoParser struct {
	// contains filtered or unexported fields
}

func NewJWKSAuthInfoParser added in v0.12.0

func NewJWKSAuthInfoParser(ctx context.Context, jwksUrl string, opts JWTAuthInfoParserOptions) (*JWTAuthInfoParser, error)

func NewStaticAuthInfoParser added in v0.12.0

func NewStaticAuthInfoParser(key ecdsa.PublicKey, opts JWTAuthInfoParserOptions) *JWTAuthInfoParser

func (*JWTAuthInfoParser) AuthInfoFromHeader added in v0.16.0

func (p *JWTAuthInfoParser) AuthInfoFromHeader(authorization string) (*AuthInfo, error)

func (*JWTAuthInfoParser) Valid added in v0.16.0

func (p *JWTAuthInfoParser) Valid(c JWTClaims) error

Valid validates the jwt.RegisteredClaims.

type JWTAuthInfoParserOptions added in v0.16.0

type JWTAuthInfoParserOptions struct {
	Audience    string
	Issuer      string
	ScopePrefix string
}

type JWTClaims added in v0.6.0

type JWTClaims struct {
	jwt.RegisteredClaims

	OriginalSub string `json:"-"`

	Name            string   `json:"sub_name"`
	Scope           string   `json:"scope"`
	AuthorizedParty string   `json:"azp"`
	ClientID        string   `json:"client_id"`
	Units           []string `json:"units,omitempty"`
}

JWTClaims defines the claims that the elephant services understand.

func (JWTClaims) HasAnyScope added in v0.6.0

func (c JWTClaims) HasAnyScope(names ...string) bool

HasScope returns true if the Scope claim contains any of the named scopes.

func (JWTClaims) HasScope added in v0.6.0

func (c JWTClaims) HasScope(name string) bool

HasScope returns true if the Scope claim contains the named scope.

type LazySSM

type LazySSM struct {
	// contains filtered or unexported fields
}

NewLazySSM is a SSM-backed ParameterSource implementation for ResolveParameter().

func NewLazySSM

func NewLazySSM() *LazySSM

NewLazySSM creates a new SSM ParameterSource.

func (*LazySSM) GetParameterValue

func (l *LazySSM) GetParameterValue(ctx context.Context, name string) (string, error)

GetParameterValue implements ParameterSource.

type OpenIDConnectConfig added in v0.13.0

type OpenIDConnectConfig struct {
	Issuer                                                    string            `json:"issuer"`
	AuthorizationEndpoint                                     string            `json:"authorization_endpoint"`
	TokenEndpoint                                             string            `json:"token_endpoint"`
	IntrospectionEndpoint                                     string            `json:"introspection_endpoint"`
	UserinfoEndpoint                                          string            `json:"userinfo_endpoint"`
	EndSessionEndpoint                                        string            `json:"end_session_endpoint"`
	FrontchannelLogoutSessionSupported                        bool              `json:"frontchannel_logout_session_supported"`
	FrontchannelLogoutSupported                               bool              `json:"frontchannel_logout_supported"`
	JwksURI                                                   string            `json:"jwks_uri"`
	CheckSessionIframe                                        string            `json:"check_session_iframe"`
	GrantTypesSupported                                       []string          `json:"grant_types_supported"`
	AcrValuesSupported                                        []string          `json:"acr_values_supported"`
	ResponseTypesSupported                                    []string          `json:"response_types_supported"`
	SubjectTypesSupported                                     []string          `json:"subject_types_supported"`
	IDTokenSigningAlgValuesSupported                          []string          `json:"id_token_signing_alg_values_supported"`
	IDTokenEncryptionAlgValuesSupported                       []string          `json:"id_token_encryption_alg_values_supported"`
	IDTokenEncryptionEncValuesSupported                       []string          `json:"id_token_encryption_enc_values_supported"`
	UserinfoSigningAlgValuesSupported                         []string          `json:"userinfo_signing_alg_values_supported"`
	UserinfoEncryptionAlgValuesSupported                      []string          `json:"userinfo_encryption_alg_values_supported"`
	UserinfoEncryptionEncValuesSupported                      []string          `json:"userinfo_encryption_enc_values_supported"`
	RequestObjectSigningAlgValuesSupported                    []string          `json:"request_object_signing_alg_values_supported"`
	RequestObjectEncryptionAlgValuesSupported                 []string          `json:"request_object_encryption_alg_values_supported"`
	RequestObjectEncryptionEncValuesSupported                 []string          `json:"request_object_encryption_enc_values_supported"`
	ResponseModesSupported                                    []string          `json:"response_modes_supported"`
	RegistrationEndpoint                                      string            `json:"registration_endpoint"`
	TokenEndpointAuthMethodsSupported                         []string          `json:"token_endpoint_auth_methods_supported"`
	TokenEndpointAuthSigningAlgValuesSupported                []string          `json:"token_endpoint_auth_signing_alg_values_supported"`
	IntrospectionEndpointAuthMethodsSupported                 []string          `json:"introspection_endpoint_auth_methods_supported"`
	IntrospectionEndpointAuthSigningAlgValuesSupported        []string          `json:"introspection_endpoint_auth_signing_alg_values_supported"`
	AuthorizationSigningAlgValuesSupported                    []string          `json:"authorization_signing_alg_values_supported"`
	AuthorizationEncryptionAlgValuesSupported                 []string          `json:"authorization_encryption_alg_values_supported"`
	AuthorizationEncryptionEncValuesSupported                 []string          `json:"authorization_encryption_enc_values_supported"`
	ClaimsSupported                                           []string          `json:"claims_supported"`
	ClaimTypesSupported                                       []string          `json:"claim_types_supported"`
	ClaimsParameterSupported                                  bool              `json:"claims_parameter_supported"`
	ScopesSupported                                           []string          `json:"scopes_supported"`
	RequestParameterSupported                                 bool              `json:"request_parameter_supported"`
	RequestURIParameterSupported                              bool              `json:"request_uri_parameter_supported"`
	RequireRequestURIRegistration                             bool              `json:"require_request_uri_registration"`
	CodeChallengeMethodsSupported                             []string          `json:"code_challenge_methods_supported"`
	TLSClientCertificateBoundAccessTokens                     bool              `json:"tls_client_certificate_bound_access_tokens"`
	RevocationEndpoint                                        string            `json:"revocation_endpoint"`
	RevocationEndpointAuthMethodsSupported                    []string          `json:"revocation_endpoint_auth_methods_supported"`
	RevocationEndpointAuthSigningAlgValuesSupported           []string          `json:"revocation_endpoint_auth_signing_alg_values_supported"`
	BackchannelLogoutSupported                                bool              `json:"backchannel_logout_supported"`
	BackchannelLogoutSessionSupported                         bool              `json:"backchannel_logout_session_supported"`
	DeviceAuthorizationEndpoint                               string            `json:"device_authorization_endpoint"`
	BackchannelTokenDeliveryModesSupported                    []string          `json:"backchannel_token_delivery_modes_supported"`
	BackchannelAuthenticationEndpoint                         string            `json:"backchannel_authentication_endpoint"`
	BackchannelAuthenticationRequestSigningAlgValuesSupported []string          `json:"backchannel_authentication_request_signing_alg_values_supported"`
	RequirePushedAuthorizationRequests                        bool              `json:"require_pushed_authorization_requests"`
	PushedAuthorizationRequestEndpoint                        string            `json:"pushed_authorization_request_endpoint"`
	MtlsEndpointAliases                                       map[string]string `json:"mtls_endpoint_aliases"`
	AuthorizationResponseIssParameterSupported                bool              `json:"authorization_response_iss_parameter_supported"`
}

func OpenIDConnectConfigFromURL added in v0.13.0

func OpenIDConnectConfigFromURL(
	wellKnown string,
) (*OpenIDConnectConfig, error)

type ParameterSource

type ParameterSource interface {
	GetParameterValue(ctx context.Context, name string) (string, error)
}

ParameterSource should be implemented to support loading of configuration paramaters that should be resolved at run time rather than given as environment variables or flags for the application. This is useful for loading secrets.

func GetParameterSource

func GetParameterSource(name string) (ParameterSource, error)

GetParameterSource returns a named parameter source.

type ReadyFunc

type ReadyFunc func(ctx context.Context) error

ReadyFunc is a function that will be called to determine if a service is ready to recieve traffic. It should return a descriptive error that helps with debugging if the underlying check fails.

func LivenessReadyCheck added in v0.6.3

func LivenessReadyCheck(endpoint string) ReadyFunc

LivenessReadyCheck returns a ReadyFunc that verifies that an endpoint aswers to GET requests with 200 OK.

type ServiceAuth added in v0.16.0

type ServiceAuth bool

ServiceAuth is used to control behaviour when an unauthorized client makes a call to the service.

const (
	// ServiceAuthRequired respond with a Twirp Unauthenticated error for
	// unauthorized calls.
	ServiceAuthRequired ServiceAuth = true
	// ServiceAuthOptional allow unauthorized calls, invalid authorizations
	// will still result in an error, but calls missing authorization will
	// be let through to the service implementation.
	ServiceAuthOptional ServiceAuth = false
)

type ServiceOptions added in v0.14.0

type ServiceOptions struct {
	Hooks          *twirp.ServerHooks
	AuthMiddleware func(
		w http.ResponseWriter, r *http.Request, next http.Handler,
	) error

	// JSONSkipDefaults configures JSON serialization to skip unpopulated or
	// default values in JSON responses, which results in smaller responses
	// that are easier to read if your messages contain lots of fields that
	// may have their default/zero value.
	JSONSkipDefaults bool
}

func NewDefaultServiceOptions added in v0.14.0

func NewDefaultServiceOptions(
	logger *slog.Logger,
	parser AuthInfoParser,
	reg prometheus.Registerer,
	requireAuth ServiceAuth,
) (ServiceOptions, error)

NewDefaultServiceOptions sets up the standard options for our Twirp services. This sets up authentication, logging and metrics. Apply the options to your Twirp servers using the ServerOptions() method.

func (*ServiceOptions) AddLoggingHooks added in v0.14.0

func (so *ServiceOptions) AddLoggingHooks(
	logger *slog.Logger,
)

func (*ServiceOptions) AddMetricsHooks added in v0.15.0

func (so *ServiceOptions) AddMetricsHooks(reg prometheus.Registerer) error

func (*ServiceOptions) ServerOptions added in v0.16.0

func (so *ServiceOptions) ServerOptions() twirp.ServerOption

ServerOptions returns a ServerOptions function that configures the twirp server according to the set service options.

func (*ServiceOptions) SetAuthInfoValidation added in v0.16.0

func (so *ServiceOptions) SetAuthInfoValidation(
	parser AuthInfoParser, requireAuth ServiceAuth,
)

type TwirpMetricOptionFunc added in v0.4.0

type TwirpMetricOptionFunc func(opts *TwirpMetricsOptions)

func WithTwirpMetricsCustomerFunc added in v0.9.5

func WithTwirpMetricsCustomerFunc(fn func(ctx context.Context) string) TwirpMetricOptionFunc

WithTwirpMetricsCustomerFunc sets a function that can be used to return the customer label value for a context.

func WithTwirpMetricsRegisterer added in v0.4.0

func WithTwirpMetricsRegisterer(reg prometheus.Registerer) TwirpMetricOptionFunc

WithTwirpMetricsRegisterer uses a custom registerer for Twirp metrics.

func WithTwirpMetricsStaticTestLatency added in v0.4.0

func WithTwirpMetricsStaticTestLatency(latency time.Duration) TwirpMetricOptionFunc

WithTwirpMetricsStaticTestLatency configures the RPC metrics to report a static duration.

type TwirpMetricsOptions added in v0.4.0

type TwirpMetricsOptions struct {
	// contains filtered or unexported fields
}

type Vault added in v0.9.0

type Vault struct {
	Client *vault.Client
	// contains filtered or unexported fields
}

Vault is a helper for setting up a Vault client, also implements ParameterSource.

func NewVault added in v0.9.0

func NewVault() (*Vault, error)

NewVault creates a vault client that can be used as a ParameterSource.

func (*Vault) GetParameterValue added in v0.9.0

func (v *Vault) GetParameterValue(ctx context.Context, name string) (string, error)

GetParameterValue implements ParameterSource.

func (*Vault) KeepAlive added in v0.9.0

func (v *Vault) KeepAlive() error

KeepAlive is used to keep the lease on the vault login active, not necessary if you're just reading secrets on startup. Returns an error if the lease is lost or fails to renew. Returns immediately without an error if a token was used to authenticate directly with vault.

func (*Vault) Stop added in v0.9.0

func (v *Vault) Stop()

Stop the keepalive loop.

Directories

Path Synopsis
pg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL