config

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 21, 2025 License: Apache-2.0, Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultExpiration 

func DefaultExpiration() string

DefaultExpiration returns the default certificate expiration duration

func DefaultExtensions 

func DefaultExtensions() map[string]string

DefaultExtensions returns the default SSH certificate extensions

Types

type DefaultPolicy 

type DefaultPolicy struct {
	Allow      map[string][]string `yaml:"allow,omitempty" json:"allow,omitempty"`           // principal → allowed tags
	Expiration string              `yaml:"expiration,omitempty" json:"expiration,omitempty"` // Default cert expiration (e.g., "5m")
	Extensions map[string]string   `yaml:"extensions,omitempty" json:"extensions,omitempty"` // Default cert extensions
}

DefaultPolicy defines default policy settings

type HostPolicy 

type HostPolicy struct {
	Allow      map[string][]string `yaml:"allow,omitempty" json:"allow,omitempty"`           // principal → allowed tags
	Expiration string              `yaml:"expiration,omitempty" json:"expiration,omitempty"` // Override expiration
	Extensions map[string]string   `yaml:"extensions,omitempty" json:"extensions,omitempty"` // Override extensions
}

HostPolicy defines per-host policy overrides

type OIDCConfig 

type OIDCConfig struct {
	Issuer   string `yaml:"issuer" json:"issuer"`
	Audience string `yaml:"audience" json:"audience"`
}

OIDCConfig represents OIDC configuration

type PolicyConfig 

type PolicyConfig struct {
	CAPublicKey string                 `yaml:"ca_public_key" json:"ca_public_key"`
	OIDC        OIDCConfig             `yaml:"oidc" json:"oidc"`
	Users       map[string][]string    `yaml:"users" json:"users"` // user identity → tags
	Defaults    *DefaultPolicy         `yaml:"defaults,omitempty" json:"defaults,omitempty"`
	Hosts       map[string]*HostPolicy `yaml:"hosts,omitempty" json:"hosts,omitempty"` // hostname → host policy
}

PolicyConfig represents the policy server configuration

func LoadFromFile 

func LoadFromFile(path string) (*PolicyConfig, error)

LoadFromFile loads policy configuration from a file or directory.

For .cue files: Uses CUE's load.Instances to support CUE packages with imports and modules. For .yaml/.yml/.json files: Uses direct parsing for standalone data files. For directories: Loads all .cue files as a package (supports imports between files).

Examples:

  • Single YAML: LoadFromFile("policy.yaml")
  • Single CUE: LoadFromFile("policy.cue")
  • CUE directory: LoadFromFile("./config") // loads all .cue files as a package
  • With imports: CUE files in a directory can import each other

func (*PolicyConfig) Validate 

func (c *PolicyConfig) Validate() error

Validate checks that the configuration is valid

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.