Documentation
¶
Index ¶
- Constants
- Variables
- type Backend
- type Binding
- type CertificateAuthority
- type Config
- type Dashboard
- type Datastore
- type Duration
- type FrontendProxy
- type General
- func (g *General) GetAllBackends() []*Backend
- func (g *General) GetAllRoles() []*Role
- func (g *General) GetBackend(name string) (*Backend, bool)
- func (g *General) GetBackendByHost(host string) (*Backend, bool)
- func (g *General) GetBackendByHostname(hostname string) (*Backend, bool)
- func (g *General) GetBackendsByRole(roleName string) ([]*Backend, error)
- func (g *General) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (g *General) GetRole(name string) (*Role, error)
- func (g *General) GetRpcPermission(name string) (*RpcPermission, bool)
- func (g *General) Inflate(dir string) error
- func (g *General) Load(backends []*Backend, roles []*Role, rpcPermissions []*RpcPermission) error
- type IdentityProvider
- type Location
- type Logger
- type Permission
- type RPCServer
- type Role
- type RpcPermission
- type Session
- type Template
Constants ¶
View Source
const ( EmbedEtcdUrlFilename = "embed_etcd_url" SessionTypeSecureCookie = "secure_cookie" SessionTypeMemcached = "memcached" TemplateLoaderShotgun = "shotgun" TemplateLoaderEmbed = "embed" )
Variables ¶
View Source
var (
ErrRoleNotFound = xerrors.New("config: role not found")
)
Functions ¶
This section is empty.
Types ¶
type Backend ¶
type Backend struct {
Name string `json:"name"` // Name is an identifier
FQDN string `json:"fqdn,omitempty"`
Upstream string `json:"upstream"`
Permissions []*Permission `json:"permissions"`
WebHook string `json:"webhook,omitempty"` // name of webhook provider (e.g. github)
WebHookPath []string `json:"webhook_path,omitempty"`
Agent bool `json:"agent,omitempty"`
AllowRootUser bool `json:"allow_root_user,omitempty"`
DisableAuthn bool `json:"disable_authn,omitempty"`
Insecure bool `json:"insecure,omitempty"`
AllowHttp bool `json:"allow_http,omitempty"`
Socket bool `json:"socket,omitempty"`
SocketTimeout *Duration `json:"socket_timeout,omitempty"`
// MaxSessionDuration is a maximum duration before session expire for specify backend.
// When MaxSessionDuration is not empty, OIDC authentication is required even if the user submits a client certificate.
MaxSessionDuration *Duration `json:"max_session_duration,omitempty"`
Url *url.URL `json:"-"`
WebHookRouter *mux.Router `json:"-"`
Transport *http.Transport `json:"-"`
}
type CertificateAuthority ¶
type CertificateAuthority struct {
CertFile string `json:"cert_file"`
KeyFile string `json:"key_file"`
Organization string `json:"organization"`
OrganizationUnit string `json:"organization_unit"`
Country string `json:"country"`
Subject pkix.Name `json:"-"`
Certificate *x509.Certificate `json:"-"`
PrivateKey crypto.PrivateKey `json:"-"`
CertPool *x509.CertPool `json:"-"`
}
type Config ¶
type Config struct {
General *General `json:"general"`
RPCServer *RPCServer `json:"rpc_server,omitempty"`
IdentityProvider *IdentityProvider `json:"identity_provider,omitempty"`
Datastore *Datastore `json:"datastore,omitempty"`
Logger *Logger `json:"logger,omitempty"`
FrontendProxy *FrontendProxy `json:"frontend_proxy,omitempty"`
Dashboard *Dashboard `json:"dashboard,omitempty"`
}
type Dashboard ¶
type Datastore ¶
type Datastore struct {
RawUrl string `json:"url"`
DataDir string `json:"data_dir,omitempty"` // use only embed etcd
Namespace string `json:"namespace,omitempty"` // use only etcd
CACertFile string `json:"ca_cert_file,omitempty"`
CertFile string `json:"cert_file,omitempty"`
KeyFile string `json:"key_file,omitempty"`
Url *url.URL `json:"-"`
Embed bool `json:"-"`
EtcdUrl *url.URL `json:"-"`
Certificate tls.Certificate `json:"-"`
CertPool *x509.CertPool `json:"-"`
DSN *mysql.Config `json:"-"`
// contains filtered or unexported fields
}
func (*Datastore) GetEtcdClient ¶
func (*Datastore) GetMySQLConn ¶ added in v0.8.0
type Duration ¶ added in v0.7.0
func (*Duration) MarshalJSON ¶ added in v0.7.0
func (*Duration) UnmarshalJSON ¶ added in v0.7.0
type FrontendProxy ¶
type FrontendProxy struct {
GithubWebHookSecretFile string `json:"github_webhook_secret_file"`
ExpectCT bool `json:"expect_ct"`
Session *Session `json:"session,omitempty"`
Certificate tls.Certificate `json:"-"`
GithubWebhookSecret []byte `json:"-"`
}
func (*FrontendProxy) Inflate ¶
func (f *FrontendProxy) Inflate(dir string) error
type General ¶
type General struct {
Enable bool `json:"enable"`
EnableHttp bool `json:"enable_http,omitempty"`
Debug bool `json:"debug,omitempty"`
Bind string `json:"bind,omitempty"`
BindHttp string `json:"bind_http,omitempty"`
BindInternalApi string `json:"bind_internal_api,omitempty"`
ServerName string `json:"server_name,omitempty"`
CertFile string `json:"cert_file,omitempty"`
KeyFile string `json:"key_file,omitempty"`
RoleFile string `json:"role_file,omitempty"`
ProxyFile string `json:"proxy_file,omitempty"`
RpcPermissionFile string `json:"rpc_permission_file,omitempty"`
RpcTarget string `json:"rpc_target,omitempty"`
CertificateAuthority *CertificateAuthority `json:"certificate_authority,omitempty"`
RootUsers []string `json:"root_users,omitempty"`
SigningPrivateKeyFile string `json:"signing_private_key_file,omitempty"`
InternalTokenFile string `json:"internal_token_file,omitempty"`
Roles []*Role `json:"-"`
Backends []*Backend `json:"-"`
RpcPermissions []*RpcPermission `json:"-"`
SigningPrivateKey *ecdsa.PrivateKey `json:"-"`
SigningPublicKey ecdsa.PublicKey `json:"-"`
InternalToken string `json:"-"`
AuthEndpoint string `json:"-"`
TokenEndpoint string `json:"-"`
ServerNameHost string `json:"-"`
// contains filtered or unexported fields
}
func (*General) GetAllBackends ¶
func (*General) GetAllRoles ¶
func (*General) GetBackendByHost ¶
GetBackendByHost is finding Backend by Host header
func (*General) GetBackendByHostname ¶
func (*General) GetBackendsByRole ¶
func (*General) GetCertificate ¶
func (g *General) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)
func (*General) GetRpcPermission ¶
func (g *General) GetRpcPermission(name string) (*RpcPermission, bool)
type IdentityProvider ¶
type IdentityProvider struct {
Provider string `json:"provider"` // "google", "okta", "azure" or "custom"
Issuer string `json:"issuer"` // for "custom"
ClientId string `json:"client_id"`
ClientSecretFile string `json:"client_secret_file"`
ExtraScopes []string `json:"extra_scopes"`
Domain string `json:"domain,omitempty"` // for Okta and AzureAD
RedirectUrl string `json:"redirect_url"`
ClientSecret string `json:"-"`
}
func (*IdentityProvider) Inflate ¶
func (idp *IdentityProvider) Inflate(dir string) error
type Location ¶
type Location struct {
Any string `json:"any,omitempty"`
Get string `json:"get,omitempty"`
Post string `json:"post,omitempty"`
Put string `json:"put,omitempty"`
Delete string `json:"delete,omitempty"`
Head string `json:"head,omitempty"`
Connect string `json:"connect,omitempty"`
Options string `json:"options,omitempty"`
Trace string `json:"trace,omitempty"`
Patch string `json:"patch,omitempty"`
}
type Logger ¶
type Permission ¶
type RpcPermission ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.