config

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 26, 2020 License: MIT Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source
const (
	EmbedEtcdUrlFilename    = "embed_etcd_url"
	SessionTypeSecureCookie = "secure_cookie"
	SessionTypeMemcached    = "memcached"
	TemplateLoaderShotgun   = "shotgun"
	TemplateLoaderEmbed     = "embed"
)

Variables

View Source
var (
	ErrRoleNotFound = xerrors.New("config: role not found")
)

Functions

This section is empty.

Types

type Backend

type Backend struct {
	Name          string        `json:"name"` // Name is an identifier
	FQDN          string        `json:"fqdn,omitempty"`
	Upstream      string        `json:"upstream"`
	Permissions   []*Permission `json:"permissions"`
	WebHook       string        `json:"webhook,omitempty"` // name of webhook provider (e.g. github)
	WebHookPath   []string      `json:"webhook_path,omitempty"`
	Agent         bool          `json:"agent,omitempty"`
	AllowRootUser bool          `json:"allow_root_user,omitempty"`
	DisableAuthn  bool          `json:"disable_authn,omitempty"`
	Insecure      bool          `json:"insecure,omitempty"`
	AllowHttp     bool          `json:"allow_http,omitempty"`
	Socket        bool          `json:"socket,omitempty"`
	SocketTimeout *Duration     `json:"socket_timeout,omitempty"`
	// MaxSessionDuration is a maximum duration before session expire for specify backend.
	// When MaxSessionDuration is not empty, OIDC authentication is required even if the user submits a client certificate.
	MaxSessionDuration *Duration `json:"max_session_duration,omitempty"`

	Url           *url.URL        `json:"-"`
	WebHookRouter *mux.Router     `json:"-"`
	Transport     *http.Transport `json:"-"`
}

func (*Backend) MatchList

func (b *Backend) MatchList(req *http.Request) map[string]struct{}

type Binding

type Binding struct {
	Rpc        string `json:"rpc,omitempty"`
	Backend    string `json:"backend,omitempty"`    // Backend is Backend.Name
	Permission string `json:"permission,omitempty"` // Permission is Permission.Name

	FQDN string `json:"-"`
}

type CertificateAuthority

type CertificateAuthority struct {
	CertFile         string `json:"cert_file"`
	KeyFile          string `json:"key_file"`
	Organization     string `json:"organization"`
	OrganizationUnit string `json:"organization_unit"`
	Country          string `json:"country"`

	Subject     pkix.Name         `json:"-"`
	Certificate *x509.Certificate `json:"-"`
	PrivateKey  crypto.PrivateKey `json:"-"`
	CertPool    *x509.CertPool    `json:"-"`
}

type Config

type Config struct {
	General          *General          `json:"general"`
	RPCServer        *RPCServer        `json:"rpc_server,omitempty"`
	IdentityProvider *IdentityProvider `json:"identity_provider,omitempty"`
	Datastore        *Datastore        `json:"datastore,omitempty"`
	Logger           *Logger           `json:"logger,omitempty"`
	FrontendProxy    *FrontendProxy    `json:"frontend_proxy,omitempty"`
	Dashboard        *Dashboard        `json:"dashboard,omitempty"`
}

type Dashboard

type Dashboard struct {
	Enable   bool      `json:"enable"`
	Bind     string    `json:"bind,omitempty"`
	Template *Template `json:"template,omitempty"`
}

func (*Dashboard) Inflate

func (d *Dashboard) Inflate(dir string) error

type Datastore

type Datastore struct {
	RawUrl     string `json:"url"`
	DataDir    string `json:"data_dir,omitempty"`  // use only embed etcd
	Namespace  string `json:"namespace,omitempty"` // use only etcd
	CACertFile string `json:"ca_cert_file,omitempty"`
	CertFile   string `json:"cert_file,omitempty"`
	KeyFile    string `json:"key_file,omitempty"`

	Url         *url.URL        `json:"-"`
	Embed       bool            `json:"-"`
	EtcdUrl     *url.URL        `json:"-"`
	Certificate tls.Certificate `json:"-"`
	CertPool    *x509.CertPool  `json:"-"`

	DSN *mysql.Config `json:"-"`
	// contains filtered or unexported fields
}

func (*Datastore) GetEtcdClient

func (d *Datastore) GetEtcdClient(loggerConf *Logger) (*clientv3.Client, error)

func (*Datastore) GetMySQLConn added in v0.8.0

func (d *Datastore) GetMySQLConn() (*sql.DB, error)

func (*Datastore) Inflate

func (d *Datastore) Inflate(dir string) error

type Duration added in v0.7.0

type Duration struct {
	time.Duration
}

func (*Duration) MarshalJSON added in v0.7.0

func (d *Duration) MarshalJSON() ([]byte, error)

func (*Duration) UnmarshalJSON added in v0.7.0

func (d *Duration) UnmarshalJSON(b []byte) error

type FrontendProxy

type FrontendProxy struct {
	GithubWebHookSecretFile string   `json:"github_webhook_secret_file"`
	ExpectCT                bool     `json:"expect_ct"`
	Session                 *Session `json:"session,omitempty"`

	Certificate         tls.Certificate `json:"-"`
	GithubWebhookSecret []byte          `json:"-"`
}

func (*FrontendProxy) Inflate

func (f *FrontendProxy) Inflate(dir string) error

type General

type General struct {
	Enable                bool                  `json:"enable"`
	EnableHttp            bool                  `json:"enable_http,omitempty"`
	Debug                 bool                  `json:"debug,omitempty"`
	Bind                  string                `json:"bind,omitempty"`
	BindHttp              string                `json:"bind_http,omitempty"`
	BindInternalApi       string                `json:"bind_internal_api,omitempty"`
	ServerName            string                `json:"server_name,omitempty"`
	CertFile              string                `json:"cert_file,omitempty"`
	KeyFile               string                `json:"key_file,omitempty"`
	RoleFile              string                `json:"role_file,omitempty"`
	ProxyFile             string                `json:"proxy_file,omitempty"`
	RpcPermissionFile     string                `json:"rpc_permission_file,omitempty"`
	RpcTarget             string                `json:"rpc_target,omitempty"`
	CertificateAuthority  *CertificateAuthority `json:"certificate_authority,omitempty"`
	RootUsers             []string              `json:"root_users,omitempty"`
	SigningPrivateKeyFile string                `json:"signing_private_key_file,omitempty"`
	InternalTokenFile     string                `json:"internal_token_file,omitempty"`

	Roles          []*Role          `json:"-"`
	Backends       []*Backend       `json:"-"`
	RpcPermissions []*RpcPermission `json:"-"`

	SigningPrivateKey *ecdsa.PrivateKey `json:"-"`
	SigningPublicKey  ecdsa.PublicKey   `json:"-"`
	InternalToken     string            `json:"-"`

	AuthEndpoint   string `json:"-"`
	TokenEndpoint  string `json:"-"`
	ServerNameHost string `json:"-"`
	// contains filtered or unexported fields
}

func (*General) GetAllBackends

func (g *General) GetAllBackends() []*Backend

func (*General) GetAllRoles

func (g *General) GetAllRoles() []*Role

func (*General) GetBackend

func (g *General) GetBackend(name string) (*Backend, bool)

func (*General) GetBackendByHost

func (g *General) GetBackendByHost(host string) (*Backend, bool)

GetBackendByHost is finding Backend by Host header

func (*General) GetBackendByHostname

func (g *General) GetBackendByHostname(hostname string) (*Backend, bool)

func (*General) GetBackendsByRole

func (g *General) GetBackendsByRole(roleName string) ([]*Backend, error)

func (*General) GetCertificate

func (g *General) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

func (*General) GetRole

func (g *General) GetRole(name string) (*Role, error)

func (*General) GetRpcPermission

func (g *General) GetRpcPermission(name string) (*RpcPermission, bool)

func (*General) Inflate

func (g *General) Inflate(dir string) error

func (*General) Load

func (g *General) Load(backends []*Backend, roles []*Role, rpcPermissions []*RpcPermission) error

type IdentityProvider

type IdentityProvider struct {
	Provider         string   `json:"provider"` // "google", "okta", "azure" or "custom"
	Issuer           string   `json:"issuer"`   // for "custom"
	ClientId         string   `json:"client_id"`
	ClientSecretFile string   `json:"client_secret_file"`
	ExtraScopes      []string `json:"extra_scopes"`
	Domain           string   `json:"domain,omitempty"` // for Okta and AzureAD
	RedirectUrl      string   `json:"redirect_url"`

	ClientSecret string `json:"-"`
}

func (*IdentityProvider) Inflate

func (idp *IdentityProvider) Inflate(dir string) error

type Location

type Location struct {
	Any     string `json:"any,omitempty"`
	Get     string `json:"get,omitempty"`
	Post    string `json:"post,omitempty"`
	Put     string `json:"put,omitempty"`
	Delete  string `json:"delete,omitempty"`
	Head    string `json:"head,omitempty"`
	Connect string `json:"connect,omitempty"`
	Options string `json:"options,omitempty"`
	Trace   string `json:"trace,omitempty"`
	Patch   string `json:"patch,omitempty"`
}

func (*Location) AddRouter

func (l *Location) AddRouter(r *mux.Router)

type Logger

type Logger struct {
	Level    string `json:"level"`
	Encoding string `json:"encoding"` // json or console
}

func (*Logger) ZapConfig

func (l *Logger) ZapConfig(encoder zapcore.EncoderConfig) *zap.Config

type Permission

type Permission struct {
	Name      string     `json:"name"` // Name is an identifier
	Locations []Location `json:"locations"`
	// contains filtered or unexported fields
}

type RPCServer

type RPCServer struct {
	Bind        string `json:"bind,omitempty"`
	MetricsBind string `json:"metrics_bind,omitempty"`
	Enable      bool   `json:"enable,omitempty"`
}

type Role

type Role struct {
	Name        string     `json:"name"`
	Title       string     `json:"title"`
	Description string     `json:"description,omitempty"`
	Bindings    []*Binding `json:"bindings"`

	RPCMethodMatcher *rpc.MethodMatcher `json:"-"`
	System           bool               `json:"-"`
}

type RpcPermission

type RpcPermission struct {
	Name  string   `json:"name"`
	Allow []string `json:"allow"`
}

type Session

type Session struct {
	Type    string   `json:"type"` // secure_cookie or memcached
	KeyFile string   `json:"key_file,omitempty"`
	Servers []string `json:"servers,omitempty"`

	HashKey  []byte `json:"-"`
	BlockKey []byte `json:"-"`
}

func (*Session) Inflate

func (s *Session) Inflate(dir string) error

type Template

type Template struct {
	Loader string `json:"loader"` // shotgun or embed
	Dir    string `json:"dir"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL