Documentation
¶
Overview ¶
Package config provides configuration-related files and methods.
Package config provides configuration-related files and methods.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var CLIConfigVersions = NewVersionList("1")
CLIConfigVersions is the list of allowed versions for the CLIConfig.
var CryptoConfigVersions = NewVersionList("1")
CryptoConfigVersions is the list of allowed versions for the CryptoConfig.
var JustificationConfigVersions = NewVersionList("1")
JustificationConfigVersions is the list of allowed versions for the JustificationConfig.
Functions ¶
This section is empty.
Types ¶
type CLIConfig ¶
type CLIConfig struct {
// Version is the version of the config.
Version string `yaml:"version,omitempty"`
// Server is the JVS server address.
Server string `yaml:"server,omitempty"`
// Insecure indicates whether the CLI should allow an insecure connection to
// the server.
Insecure bool `yaml:"insecure,omitempty"`
// JWKSEndpoint is the full path (including protocol and port) to the JWKS
// endpoint on a JVS server (e.g. https://example.com/.well-known/jwks).
JWKSEndpoint string `yaml:"jwks_endpoint,omitempty" mapstructure:"jwks_endpoint"`
}
func (*CLIConfig) SetDefault ¶
func (cfg *CLIConfig) SetDefault()
SetDefault sets default for the config.
type CryptoConfig ¶
type CryptoConfig struct {
// Version is the version of the config.
Version string `yaml:"version,omitempty" env:"VERSION,overwrite,default=1"`
// -- Crypto variables --
// KeyTTL is the length of time that we expect a key to be valid for.
KeyTTL time.Duration `yaml:"key_ttl,omitempty" env:"KEY_TTL,overwrite"`
// GracePeriod is a length of time between when we rotate the key and when an old Key Version is no longer valid and available
GracePeriod time.Duration `yaml:"grace_period,omitempty" env:"GRACE_PERIOD,overwrite"`
// PropagationDelay is the time that it takes for a change in the key in KMS to be reflected in the client.
PropagationDelay time.Duration `yaml:"propagation_delay,omitempty" env:"PROPAGATION_DELAY,overwrite"`
// DisabledPeriod is a time between when the key is disabled, and when we delete the key.
DisabledPeriod time.Duration `yaml:"disabled_period,omitempty" env:"DISABLED_PERIOD,overwrite"`
// TODO: This is intended to be temporary, and will eventually be retrieved from a persistent external datastore
// https://github.com/abcxyz/jvs/issues/17
// KeyName format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
// https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/kms/v1#CryptoKey
KeyNames []string `yaml:"key_names,omitempty" env:"KEY_NAMES,overwrite"`
}
CryptoConfig is the full jvs config.
func (*CryptoConfig) DestroyAge ¶
func (cfg *CryptoConfig) DestroyAge() time.Duration
GetDestroyAge gets the duration after a key has been created when it becomes a candidate to be destroyed.
func (*CryptoConfig) RotationAge ¶
func (cfg *CryptoConfig) RotationAge() time.Duration
GetRotationAge gets the duration after a key has been created that a new key should be created.
func (*CryptoConfig) Validate ¶
func (cfg *CryptoConfig) Validate() error
Validate checks if the config is valid.
type JustificationConfig ¶
type JustificationConfig struct {
// Version is the version of the config.
Version string `yaml:"version,omitempty" env:"VERSION,overwrite,default=1"`
// Service configuration.
Port string `yaml:"port,omitempty" env:"PORT,overwrite,default=8080"`
// KeyName format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
// https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/kms/v1#CryptoKey
KeyName string `yaml:"key,omitempty" env:"KEY,overwrite"`
// SignerCacheTimeout is the duration that keys stay in cache before being revoked.
SignerCacheTimeout time.Duration `yaml:"signer_cache_timeout" env:"SIGNER_CACHE_TIMEOUT,overwrite,default=5m"`
// Issuer will be used to set the issuer field when signing JWTs
Issuer string `yaml:"issuer" env:"ISSUER,overwrite,default=jvs.abcxyz.dev"`
// DefaultTTL sets the default TTL for JVS tokens that do not explicitly
// request a TTL. MaxTTL is the system-configured maximum TTL that a token can
// request.
//
// The DefaultTTL must be less than or equal to MaxTTL.
DefaultTTL time.Duration `yaml:"default_ttl" env:"DEFAULT_TTL,overwrite,default=15m"`
MaxTTL time.Duration `yaml:"max_ttl" env:"MAX_TTL,overwrite,default=4h"`
}
JustificationConfig is the full jvs config.
func (*JustificationConfig) Validate ¶
func (cfg *JustificationConfig) Validate() error
Validate checks if the config is valid.
type PublicKeyConfig ¶
type PublicKeyConfig struct {
// TODO: This is intended to be temporary, and will eventually be retrieved from a persistent external datastore
// https://github.com/abcxyz/jvs/issues/17
// KeyName format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
// https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/kms/v1#PublicKeyKey
KeyNames []string `yaml:"key_names,omitempty" env:"KEY_NAMES,overwrite"`
CacheTimeout time.Duration `yaml:"cache_timeout" env:"CACHE_TIMEOUT"`
Port string `env:"PORT,default=8080"`
}
PublicKeyConfig is the config used for public key hosting.
type UIServiceConfig ¶ added in v0.0.3
type UIServiceConfig struct {
Port string `env:"PORT,default=9091"`
Allowlist []string `env:"ALLOWLIST,delimiter=;,required"`
DevMode bool `env:"DEV_MODE,default=false"`
}
UIServiceConfig defines the set over environment variables required for running this application.
func NewUIConfig ¶ added in v0.0.3
func NewUIConfig(ctx context.Context) (*UIServiceConfig, error)
NewUIConfig creates a new UIServiceConfig from environment variables.
func (*UIServiceConfig) Validate ¶ added in v0.0.3
func (cfg *UIServiceConfig) Validate() error
Validate checks if the config is valid.
type VersionList ¶
type VersionList struct {
// contains filtered or unexported fields
}
VersionList is a set of allowed versions. Create with NewVersionList.
func NewVersionList ¶
func NewVersionList(versions ...string) *VersionList
NewVersionList creates an efficient list of allowed version strings and exposes functions for efficiently querying membership.
func (*VersionList) Contains ¶
func (vl *VersionList) Contains(version string) bool
Contains returns true if the given version string is an allowed version in the list, or false otherwise.
func (*VersionList) List ¶
func (vl *VersionList) List() []string
List returns a copy of the list of allowed versions, usually for displaying in an error message.
Source Files