auth

Documentation

Index

• func LogRequests(log *zap.Logger, h http.Handler) http.Handler
• func LogResponses(log *zap.Logger, h http.Handler) http.Handler
• func OpenStorage(ctx context.Context, log *zap.Logger, config Config) (_ authdb.Storage, err error)
• type Config
• type Peer
  • func New(ctx context.Context, log *zap.Logger, config Config, configDir string) (*Peer, error)
  • func (p *Peer) Address() string
  • func (p *Peer) AddressTLS() string
  • func (p *Peer) Close() error
  • func (p *Peer) DRPCAddress() string
  • func (p *Peer) DRPCTLSAddress() string
  • func (p *Peer) ProxyAddressTLS() string
  • func (p *Peer) Run(ctx context.Context) (err error)
  • func (p *Peer) ServeDRPC(ctx context.Context, listener net.Listener) error
  • func (p *Peer) ServeHTTP(ctx context.Context, listener net.Listener) (err error)
• type TLSInfo

Functions

func LogRequests

func LogRequests(log *zap.Logger, h http.Handler) http.Handler

LogRequests logs requests.

func LogResponses

func LogResponses(log *zap.Logger, h http.Handler) http.Handler

LogResponses logs responses.

func OpenStorage

func OpenStorage(ctx context.Context, log *zap.Logger, config Config) (_ authdb.Storage, err error)

OpenStorage opens the underlying storage for Auth Service's database, determining the backend based on the connection string.

Types

type Config

type Config struct {
	Endpoint          string        `help:"Gateway endpoint URL to return to clients" default:""`
	AuthToken         []string      `help:"auth security token(s) to validate requests" releaseDefault:"" devDefault:""`
	POSTSizeLimit     memory.Size   `help:"maximum size that the incoming POST request body with access grant can be" default:"4KiB"`
	AllowedSatellites []string      `help:"list of satellite NodeURLs allowed for incoming access grants" default:"https://www.storj.io/dcs-satellites"`
	CacheExpiration   time.Duration `help:"length of time satellite addresses are cached for" default:"10m"`
	ShutdownDelay     time.Duration `help:"time to delay server shutdown while returning 503s on the health endpoint" devDefault:"1s" releaseDefault:"45s"`
	IdleTimeout       time.Duration `help:"timeout for idle connections" default:"60s"`

	KVBackend string `help:"key/value store backend url" default:""`
	Migration bool   `help:"create or update the database schema, and then continue service startup" default:"false"`

	ListenAddr    string `user:"true" help:"public HTTP address to listen on" default:":20000"`
	ListenAddrTLS string `user:"true" help:"public HTTPS address to listen on" default:":20001"`

	DRPCListenAddr    string `user:"true" help:"public DRPC address to listen on" default:":20002"`
	DRPCListenAddrTLS string `user:"true" help:"public DRPC+TLS address to listen on" default:":20003"`

	ProxyAddrTLS string `help:"TLS address to listen on for PROXY protocol requests" default:":20005"`

	CertFile                string   `user:"true" help:"server certificate file" default:""`
	KeyFile                 string   `user:"true" help:"server key file" default:""`
	PublicURL               []string `` /* 147-byte string literal not displayed */
	RetrievePublicProjectID bool     `user:"true" help:"retrieve and store public project ID when registering access grant" default:"true"`

	CertMagic certMagic

	Node    badgerauth.Config
	Spanner spannerauth.Config
}

Config holds authservice's configuration.

type Peer

type Peer struct {
	// contains filtered or unexported fields
}

Peer is the representation of authservice.

func New

func New(ctx context.Context, log *zap.Logger, config Config, configDir string) (*Peer, error)

New constructs new Peer.

TODO(artur): New and constructors, in general, shouldn't take context.Context as a parameter.

func (*Peer) Address

func (p *Peer) Address() string

Address returns the address of the HTTP listener.

func (*Peer) AddressTLS

func (p *Peer) AddressTLS() string

AddressTLS returns the address of the HTTPS listener.

func (*Peer) Close

func (p *Peer) Close() error

Close closes all authservice's resources. It does not shut down servers that started serving in Run(). To do that, the context must be canceled. Close will also close any listeners that may still be listening but haven't been closed yet. Run() will take care of closing listeners if the context is canceled, but closing them here is necessary if Run() was never called.

func (*Peer) DRPCAddress

func (p *Peer) DRPCAddress() string

DRPCAddress returns the address of the DRPC listener.

func (*Peer) DRPCTLSAddress

func (p *Peer) DRPCTLSAddress() string

DRPCTLSAddress returns the address of the DRPC+TLS listener.

func (*Peer) ProxyAddressTLS

func (p *Peer) ProxyAddressTLS() string

ProxyAddressTLS returns the TLS address for the PROXY protocol listener.

func (*Peer) Run

func (p *Peer) Run(ctx context.Context) (err error)

Run starts authservice. It is also responsible for shutting servers down when the context is canceled.

func (*Peer) ServeDRPC

func (p *Peer) ServeDRPC(ctx context.Context, listener net.Listener) error

ServeDRPC starts serving DRPC clients.

func (*Peer) ServeHTTP

func (p *Peer) ServeHTTP(ctx context.Context, listener net.Listener) (err error)

ServeHTTP starts serving HTTP clients.

type TLSInfo

type TLSInfo struct {
	CertFile   string
	KeyFile    string
	PublicURL  []string
	ConfigDir  string
	ListenAddr string

	// CertMagic obtains and renews TLS certificates and staples OCSP responses
	// Setting this to true will mean the server obtains certificate through Certmagic
	// CertFile and KeyFile options will NOT be considered.
	CertMagic bool

	// CertMagicKeyFile is a path to a file containing the CertMagic service account key.
	CertMagicKeyFile string

	// CertMagicEmail is the email address to use when creating an ACME account
	CertMagicEmail string

	// CertMagicStaging use staging CA endpoints
	CertMagicStaging bool

	// CertMagicBucket bucket to use for certstorage
	CertMagicBucket string
}

TLSInfo is a struct to handle the preferred/configured TLS options.