Documentation
¶
Overview ¶
Package config defines Athenz client sidecar configuration. It reads configuration file in YAML format and decodes it as Config struct, and helps to read configuration from environment variables.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetActualValue ¶
GetActualValue returns the environment variable value if the val has prefix and suffix "_", otherwise the val will directly return.
func GetVersion ¶
func GetVersion() string
GetVersion returns the current version of the client sidecar version.
Types ¶
type AccessToken ¶
type AccessToken struct {
// Enable represents whether to enable retrieving endpoint.
Enable bool `yaml:"enable"`
// PrincipalAuthHeader represents the HTTP header for injecting N-token.
PrincipalAuthHeader string `yaml:"principalAuthHeader"`
// AthenzURL represents the Athenz API URL.
AthenzURL string `yaml:"athenzURL"`
// AthenzCAPath represents the Athenz CA certificate chain file path.
AthenzCAPath string `yaml:"athenzCAPath"`
// CertPath represents the client certificate file path.
CertPath string `yaml:"certPath"`
// CertKeyPath represents the client certificate's private key file path.
CertKeyPath string `yaml:"certKeyPath"`
// Expiry represents the duration before expires.
Expiry string `yaml:"expiry"`
// RefreshPeriod represents the duration of the refresh period.
RefreshPeriod string `yaml:"refreshPeriod"`
// Retry represents the retry configuration.
Retry Retry `yaml:"retry"`
}
AccessToken represents the configuration to retrieve access token from the Athenz server.
type Config ¶
type Config struct {
// Version represents the configuration file version.
Version string `yaml:"version"`
// Server represents the client sidecar and the health check server configuration.
Server Server `yaml:"server"`
// NToken represents the configuration to generate N-token for connecting to the Athenz server.
NToken NToken `yaml:"nToken"`
// AccessToken represents the configuration to retrieve access token from the Athenz server.
AccessToken AccessToken `yaml:"accessToken"`
// RoleToken represents the configuration to retrieve role token from the Athenz server.
RoleToken RoleToken `yaml:"roleToken"`
// ServiceCert represents the configuration to retrieve short-lived X.509 service certificates from the Athenz server.
ServiceCert ServiceCert `yaml:"serviceCert"`
// Proxy represents the configuration of the forward proxy that automatically injects N-token or role token to the requests.
Proxy Proxy `yaml:"proxy"`
// Log represents the logger configuration.
Log Log `yaml:"log"`
}
Config represents the configuration (config.yaml) of client sidecar.
type HealthCheck ¶
type HealthCheck struct {
// Address represents the health check server listening address. Used as the host part of http.Server.Addr.
Address string `yaml:"address"`
// Port represents the health check server listening port.
Port int `yaml:"port"`
// Endpoint represents the health check endpoint (pattern).
Endpoint string `yaml:"endpoint"`
}
HealthCheck represents the health check server configuration.
type Log ¶
type Log struct {
// Level represents the logger output level. Values: "debug", "info", "warn", "error", "fatal".
Level string `yaml:"level"`
// Color represents whether to print ANSI escape code.
Color bool `yaml:"color"`
}
Log represents the logger configuration.
type NToken ¶
type NToken struct {
// Enable represents whether to enable retrieving endpoint.
Enable bool `yaml:"enable"`
// AthenzDomain represents the Athenz domain.
AthenzDomain string `yaml:"athenzDomain"`
// ServiceName represents the Athenz service name.
ServiceName string `yaml:"serviceName"`
// PrivateKeyPath represents the private key file path for signing the N-token.
PrivateKeyPath string `yaml:"privateKeyPath"`
// KeyVersion represents the key version.
KeyVersion string `yaml:"keyVersion"`
// Expiry represents the duration before expires.
Expiry string `yaml:"expiry"`
// RefreshPeriod represents the duration of the refresh period.
RefreshPeriod string `yaml:"refreshPeriod"`
// ExistingTokenPath represents the existing N-token file path. (ONLY for Copper Argos)
ExistingTokenPath string `yaml:"existingTokenPath"`
// Validate represents whether to validate the N-token. Set to true when ExistingTokenPath is set.
Validate bool `yaml:"validate"`
}
NToken represents the configuration to generate N-token for connecting to the Athenz server.
type Proxy ¶
type Proxy struct {
// Enable represents whether to enable retrieving endpoint.
Enable bool `yaml:"enable"`
// PrincipalAuthHeader represents the HTTP header for injecting N-token.
PrincipalAuthHeader string `yaml:"principalAuthHeader"`
// RoleAuthHeader represents the HTTP header for injecting role token.
RoleAuthHeader string `yaml:"roleAuthHeader"`
// BufferSize represents the forward proxy buffer size.
BufferSize uint64 `yaml:"bufferSize"`
}
Proxy represents the configuration of the forward proxy that automatically injects N-token or role token to the requests.
type Retry ¶
type Retry struct {
// Attempts represents number of attempts to retry.
Attempts int `yaml:"attempts"`
// Delay represents the duration between each retry.
Delay string `yaml:"delay"`
}
Retry represents the retry configuration.
type RoleToken ¶
type RoleToken struct {
// Enable represents whether to enable retrieving endpoint.
Enable bool `yaml:"enable"`
// PrincipalAuthHeader represents the HTTP header for injecting N-token.
PrincipalAuthHeader string `yaml:"principalAuthHeader"`
// AthenzURL represents the Athenz API URL.
AthenzURL string `yaml:"athenzURL"`
// AthenzCAPath represents the Athenz CA certificate chain file path.
AthenzCAPath string `yaml:"athenzCAPath"`
// CertPath represents the client certificate file path.
CertPath string `yaml:"certPath"`
// CertKeyPath represents the client certificate's private key file path.
CertKeyPath string `yaml:"certKeyPath"`
// Expiry represents the duration before expires.
Expiry string `yaml:"expiry"`
// RefreshPeriod represents the duration of the refresh period.
RefreshPeriod string `yaml:"refreshPeriod"`
// Retry represents the retry configuration.
Retry Retry `yaml:"retry"`
}
RoleToken represents the configuration to retrieve role token from the Athenz server.
type Server ¶
type Server struct {
// Address represents the listening address. Used as the host part of http.Server.Addr.
Address string `yaml:"address"`
// Port represents the server listening port.
Port int `yaml:"port"`
// Timeout represents the maximum request handling duration.
Timeout string `yaml:"timeout"`
// ShutdownTimeout represents the duration before force shutdown.
ShutdownTimeout string `yaml:"shutdownTimeout"`
// ShutdownDelay represents the delay duration between the health check server shutdown and the client sidecar server shutdown.
ShutdownDelay string `yaml:"shutdownDelay"`
// TLS represents the TLS configuration of the client sidecar server.
TLS TLS `yaml:"tls"`
// HealthCheck represents the health check server configuration.
HealthCheck HealthCheck `yaml:"healthCheck"`
}
Server represents the client sidecar and the health check server configuration.
type ServiceCert ¶
type ServiceCert struct {
// Enable represents whether to enable retrieving endpoint.
Enable bool `yaml:"enable"`
// PrincipalAuthHeader represents the HTTP header for injecting N-token.
PrincipalAuthHeader string `yaml:"principalAuthHeader"`
// AthenzURL represents the Athenz API URL.
AthenzURL string `yaml:"athenzURL"`
// AthenzCAPath represents the Athenz CA certificate chain file path.
AthenzCAPath string `yaml:"athenzCAPath"`
// Expiry represents the duration before expires.
Expiry string `yaml:"expiry"`
// RefreshPeriod represents the duration of the refresh period.
RefreshPeriod string `yaml:"refreshPeriod"`
// ExpiryMargin represents the certificate ("Not After" field) expiry margin to force refresh certificates beforehand.
ExpiryMargin string `yaml:"expiryMargin"`
// DNSSuffix is the suffix of SAN.
DNSSuffix string `yaml:"dnsSuffix"`
// IntermediateCert represents whether to concatenate intermediate cert in the response.
IntermediateCert bool `yaml:"intermediateCert"`
// Spiffe represents whether to include spiffe ID in the certificate.
Spiffe bool `yaml:"spiffe"`
// Subject represents the certificate subject field.
Subject Subject `yaml:"subject"`
}
ServiceCert represents the configuration to retrieve short-lived X.509 service certificates from the Athenz server.
type Subject ¶
type Subject struct {
// Country is the Subject C/Country field.
Country string `yaml:"country"`
// Province is the Subject ST/StateOrProvince field.
Province string `yaml:"province"`
// Organization is the Subject O/Organization field.
Organization string `yaml:"organization"`
// OrganizationalUnit is the Subject OU/OrganizationalUnit field.
OrganizationalUnit string `yaml:"organizationalUnit"`
}
Subject represents the certificate subject field.
type TLS ¶
type TLS struct {
// Enable represents whether to enable TLS.
Enable bool `yaml:"enable"`
// CertPath represents the server certificate file path.
CertPath string `yaml:"certPath"`
// KeyPath represents the private key file path of the server certificate.
KeyPath string `yaml:"keyPath"`
// CAPath represents the CA certificate chain file path for verifying client certificates.
CAPath string `yaml:"caPath"`
}
TLS represents the TLS configuration of the client sidecar server.
Source Files
Click to show internal directories.
Click to hide internal directories.