Documentation
¶
Overview ¶
The config package defines configuration parameters for the id server.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Storage holds the storage backend to use.
Storage *store.Config `yaml:"storage"`
// IdentityProviders holds all the configured identity providers.
// If this is empty, the default Ubuntu SSO (usso) provider will be used.
IdentityProviders []idp.Config `yaml:"identity-providers"`
// LoggingConfig holds the loggo configuration to use.
LoggingConfig string `yaml:"logging-config"`
// ListenAddress holds the address to listen on for HTTP connections to the Candid API
// formatted as hostname:port.
ListenAddress string `yaml:"listen-address"`
// Location holds the external address to use when the API
// returns references to itself (for example in third party caveat locations).
Location string `yaml:"location"`
// AccessLog holds the name of a file to use to write logs of API accesses.
AccessLog string `yaml:"access-log"`
// RendezvousTimeout holds length of time that an interactive authentication
// request can be active before it is forgotten.
RendezvousTimeout DurationString `yaml:"rendezvous-timeout"`
// PrivateAddr holds the hostname where this instance of the Candid server
// can be contacted. This is used by instances of the Candid server
// to communicate directly with one another.
PrivateAddr string `yaml:"private-addr"`
// TLSCert and TLSKey hold a TLS server certificate for the HTTP
// server to use. If these are specified, Candid will serve its API
// over HTTPS using them.
TLSCert string `yaml:"tls-cert"`
TLSKey string `yaml:"tls-key"`
// HSTSMaxAge holds the max-age value for HSTS headers in seconds.
// If 0, HSTS headers will not be added. Typically set to 31536000 (1 year).
HSTSMaxAge int `yaml:"HSTS-max-age"`
// HSTSIncludeSubdomains controls whether the includeSubDomains directive
// is added to the HSTS header. If this is true, HSTSMaxAge must be
// greater than 0.
HSTSIncludeSubdomains bool `yaml:"HSTS-include-subdomains"`
// TLSCipherSuites holds a list of enabled TLS cipher suites.
// If empty, Go's default secure cipher suites are used.
// Values should be standard cipher suite names (e.g., "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256").
TLSCipherSuites []string `yaml:"TLS-cipher-suites"`
// PublicKey and PrivateKey holds the key pair used by the Candid
// server for encryption and decryption of third party caveats.
// These must be specified.
// TODO generate these automatically if not specified and store
// them in the database.
PublicKey *bakery.PublicKey `yaml:"public-key"`
PrivateKey *bakery.PrivateKey `yaml:"private-key"`
// AdminAgentPublicKey holds the public part of a key pair that
// can be used to authenticate as the admin user. If not specified
// no public-key-based authentication can be used for the admin
// user.
AdminAgentPublicKey *bakery.PublicKey `yaml:"admin-agent-public-key"`
// AdminPassword holds the password for basic-auth admin
// access. If this is empty, no basic-auth authentication will
// be allowed.
AdminPassword string `yaml:"admin-password"`
// ResourcePath holds the path to the directory holding
// resources used by the server, including web page templates.
ResourcePath string `yaml:"resource-path"`
// HTTPProxy holds the address of an HTTP proxy to use for
// outgoing HTTP requests, in the same form as the HTTP_PROXY
// environment variable.
HTTPProxy string `yaml:"http-proxy"`
// NoProxy holds which hosts not to use the HTTProxy for,
// in the same form as the NO_PROXY environment variable.
NoProxy string `yaml:"no-proxy"`
// RedirectLoginTrustedURLs contains a list of URLs that are
// trusted to be used as return_to URLs during an interactive
// login.
RedirectLoginTrustedURLs []string `yaml:"redirect-login-trusted-urls"`
// RedirectLoginTrustedDomains contains a list of domains that are
// trusted to be used as return_to URLs during an interactive
// login.
RedirectLoginTrustedDomains []string `yaml:"redirect-login-trusted-domains"`
// APIMacaroonTimeout is the maximum age an API macaroon can get
// before requiring re-authorization.
APIMacaroonTimeout DurationString `yaml:"api-macaroon-timeout"`
// DischargeMacaroonTimeout is the maximum age a discharge
// macaroon can get before it becomes invalid.
DischargeMacaroonTimeout DurationString `yaml:"discharge-macaroon-timeout"`
// DischargeTokenTimeout is the maximum age a discharge token can
// get before it becomes invalid.
DischargeTokenTimeout DurationString `yaml:"discharge-token-timeout"`
// SkipLocationForCookiePaths instructs if the Cookie Paths are to
// be set relative to the Location Path or not.
SkipLocationForCookiePaths bool `yaml:"skip-location-for-cookie-paths"`
// EnableEmailLogin enables the login with email address link on the
// authentication required page.
EnableEmailLogin bool `yaml:"enable-email-login"`
// MFARPDisplayName holds the relying party display name for MFA.
MFARPDisplayName string `yaml:"mfa-rp-display-name"`
// MFARPID holds the relying party id for MFA.
MFARPID string `yaml:"mfa-rp-id"`
// MFARPOrigin holds the relying party origin for MFA.
MFARPOrigin string `yaml:"mfa-rp-origin"`
// BrandName holds the name of the entity running candid.
BrandName string `yaml:"brand-name"`
// BrandLogoLocation holds the location of the logo of the entity
// running candid.
BrandLogoLocation string `yaml:"brand-logo-location"`
}
Config holds the configuration parameters for the identity service.
type DurationString ¶
DurationString holds a duration that marshals and unmarshals as a string in the form printed by time.Duration.String.
func (*DurationString) UnmarshalText ¶
func (dp *DurationString) UnmarshalText(data []byte) error
Source Files
Click to show internal directories.
Click to hide internal directories.