The highest tagged major version is v2.

config

package

v1.2.1 Latest Latest Go to latest Published: Jun 19, 2020 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/yahoojapan/athenz-client-sidecar

Links

Open Source Insights

Documentation ¶

Overview ¶

Package config defines Athenz client sidecar configuration. It reads configuration file in YAML format and decodes it as Config struct, and helps to read configuration from environment variables.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetActualValue ¶

func GetActualValue(val string) string

GetActualValue returns the environment variable value if the val has prefix and suffix "_", otherwise the val will directly return.

func GetVersion ¶

func GetVersion() string

GetVersion returns the current version of the client sidecar version.

Types ¶

type Access ¶

type Access struct {
	// Enable decides wheather use access token
	Enable bool `yaml:"enable"`

	// PrincipalAuthHeaderName is the HTTP header name for holding the n-token.
	PrincipalAuthHeaderName string `yaml:"auth_header_key"`

	// AthenzURL represent the Athenz URL to retrieve the access token
	AthenzURL string `yaml:"athenz_url"`

	// AthenzRootCA represent the Athenz server Root Certificate
	AthenzRootCA string `yaml:"athenz_root_ca"`

	// TokenExpiry represent the duration of the expiration
	TokenExpiry string `yaml:"expiration"`

	// RefreshInterval represent the access token refresh duration.
	RefreshInterval string `yaml:"refresh_interval"`

	// ErrRetryMaxCount represent the maximum error retry count during refreshing the access token cache.
	ErrRetryMaxCount int `yaml:"err_retry_max_count"`

	// ErrRetryInterval represent the error retry interval when refreshing the access token cache.
	ErrRetryInterval string `yaml:"err_retry_interval"`
}

Access represent the Access token configuration

type Config ¶

type Config struct {
	// Version represent the client sidecar application version.
	Version string `yaml:"version"`

	// EnableColorLogging represents if user want to enable colorized logging.
	EnableColorLogging bool `yaml:"enable_log_color"`

	// Server represent the client sidecar and health check server configuration.
	Server Server `yaml:"server"`

	// Token represent the configuration to generate N-token to connect to Athenz.
	Token Token `yaml:"ntoken"`

	// Access represent the configuration to retrieve access token from Athenz server.
	Access Access `yaml:"access_token"`

	// Role represent the configuration to retrieve role token from Athenz server.
	Role Role `yaml:"roletoken"`

	// Proxy represent the configuration of the reverse proxy server to connect to Athenz to get N-token and role token.
	Proxy Proxy `yaml:"proxy"`

	// ServiceCert represent the configuration of the service identify in the form of short-lived X.509 certificates that can be used instead of N-token in Athenz.
	ServiceCert ServiceCert `yaml:"service_cert"`
}

Config represents the configuration of client sidecar application.

func New ¶

func New(path string) (*Config, error)

New returns *Config or error when decode the configuration file to actually *Config struct.

type Proxy ¶

type Proxy struct {
	// PrincipalAuthHeaderName represent the HTTP header key name of the authenication token for N-Token proxy request
	PrincipalAuthHeaderName string `yaml:"auth_header_key"`

	// RoleAuthHeaderName represent the HTTP header key name of the role token for Role token proxy request
	RoleAuthHeaderName string `yaml:"role_header_key"`

	// BufferSize represent the reverse proxy buffer size
	BufferSize uint64 `yaml:"buffer_size"`
}

Proxy represent the reverse proxy configuration to connect to Athenz server

type Role ¶

type Role struct {
	// PrincipalAuthHeaderName is the HTTP header name for holding the n-token.
	PrincipalAuthHeaderName string `yaml:"auth_header_key"`

	// AthenzURL represent the Athenz URL to retrieve the role token
	AthenzURL string `yaml:"athenz_url"`

	// AthenzRootCA represent the Athenz server Root Certificate
	AthenzRootCA string `yaml:"athenz_root_ca"`

	// TokenExpiry represent the duration of the expiration
	TokenExpiry string `yaml:"expiration"`

	// RefreshInterval represent the role token refresh duration.
	RefreshInterval string `yaml:"refresh_interval"`

	// ErrRetryMaxCount represent the maximum error retry count during refreshing the role token cache.
	ErrRetryMaxCount int `yaml:"err_retry_max_count"`

	// ErrRetryInterval represent the error retry interval when refreshing the role token cache.
	ErrRetryInterval string `yaml:"err_retry_interval"`
}

Role represent the Role token configuration

type Server ¶

type Server struct {
	// Port represent client sidecar server port.
	Port int `yaml:"port"`

	// HealthzPort represent health check server port for K8s.
	HealthzPort int `yaml:"health_check_port"`

	// HealthzPath represent the server path (pattern) for health check server.
	HealthzPath string `yaml:"health_check_path"`

	// Timeout represent the client sidecar server timeout value.
	Timeout string `yaml:"timeout"`

	// ShutdownDuration represent the parse duration before the server shutdown.
	ShutdownDuration string `yaml:"shutdown_duration"`

	// ProbeWaitTime represent the parse duration between health check server and client sidecar server shutdown.
	ProbeWaitTime string `yaml:"probe_wait_time"`

	// TLS represent the TLS configuration for client sidecar server.
	TLS TLS `yaml:"tls"`
}

Server represent client sidecar server and health check server configuration.

type ServiceCert ¶

type ServiceCert struct {
	// Enable decides wheather use service cert
	Enable bool `yaml:"enable"`

	// AthenzURL represent the Athenz URL to retrieve the service certificate
	AthenzURL string `yaml:"athenz_url"`

	// AthenzRootCA represent the Athenz server Root Certificate
	AthenzRootCA string `yaml:"athenz_root_ca"`

	// DNSSuffix is the suffix of SAN
	DNSSuffix string `yaml:"dns_suffix"`

	// RefreshDuration represent the svccert refresh duration
	RefreshDuration string `yaml:"refresh_duration"`

	// ExpireMargin represent the duration.
	// Certificate is updated before ExpireMargin in "Not After" field.
	ExpireMargin string `yaml:"expire_margin"`

	// Expiration represents the duration of expire time for the certificate.
	Expiration string `yaml:"expiration"`

	// IntermediateCert decides wheather concatinate intermediate cert to end-entity cert
	IntermediateCert bool `yaml:"intermediate_cert"`

	// PrincipalAuthHeaderName is the HTTP header name for holding the n-token.
	PrincipalAuthHeaderName string `yaml:"auth_header_key"`

	// Spiffe decides wheather include spiffe or not
	Spiffe bool `yaml:"spiffe"`

	// Subject is subject fields of the certificate
	Subject Subject `yaml:"subject"`
}

ServiceCert represent the service cert configuration

type Subject ¶

type Subject struct {
	// Country is the Subject C/Country field of certificate
	Country string `yaml:"country"`

	// Province is the Subject ST/State or Province field of certificate
	Province string `yaml:"province"`

	// Organization is the Subject O/Organization field of the certificate
	Organization string `yaml:"organization"`

	// OrganizationalUnit is the Subject OU/OrganizationalUnit field of the certificate
	OrganizationalUnit string `yaml:"organizational_unit"`
}

Subject represent subject fields of the certificate

type TLS ¶

type TLS struct {
	// Enable represent the client sidecar server enable TLS or not.
	Enabled bool `yaml:"enabled"`

	// Cert represent the certificate used to start client sidecar server.
	Cert string `yaml:"cert"`

	// Key represent the private key used to start client sidecar server.
	Key string `yaml:"key"`

	// CAKey represent the CA certificate used to start client sidecar server.
	CA string `yaml:"ca"`
}

TLS represent the TLS configuration for client sidecar server.

type Token ¶

type Token struct {
	// AthenzDomain represent the Athenz domain value to generate the N-token.
	AthenzDomain string `yaml:"athenz_domain"`

	// ServiceName represent the Athenz service name value to generate the N-token.
	ServiceName string `yaml:"service_name"`

	// NTokenPath represent the N-token path, this field is only for Copper Argos.
	NTokenPath string `yaml:"ntoken_path"`

	// PrivateKeyPath represent the private key environment name to sign the token.
	PrivateKeyPath string `yaml:"private_key_path"`

	// ValidateToken represent to validate the token or not, this should be set to true when the NTokenPath is set.
	ValidateToken bool `yaml:"validate_token"`

	// RefreshDuration represent the token refresh duration, weather it is generated, or it is Copper Argos.
	RefreshDuration string `yaml:"refresh_duration"`

	// KeyVersion represent the key version on the N-token.
	KeyVersion string `yaml:"key_version"`

	// Expiration represent the duration of the expiration.
	Expiration string `yaml:"expiration"`
}

Token represent the N-token detail to retrieve other Athenz credentials

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL