Documentation
¶
Overview ¶
Package proxy provides the credential proxy for server-side upstream access. The proxy holds datasource credentials and serves raw credentialed routes.
Index ¶
- Variables
- func GetUserID(ctx context.Context) string
- type AuditConfig
- type AuditEntry
- type Auditor
- type AuditorConfig
- type AuthConfig
- type AuthMetadataResponse
- type AuthMode
- type AuthUser
- type Authenticator
- type Authorizer
- type BaseDatasourceConfig
- type ClickHouseClusterConfig
- type Client
- type ClientConfig
- type DatasourceConfig
- type DatasourcesResponse
- type EmbedCheckRequest
- type EmbedCheckResponse
- type EmbedItem
- type EmbedRequest
- type EmbedResponse
- type EmbedResult
- type EmbeddingCacheConfig
- type EmbeddingConfig
- type EmbeddingService
- type EthNodeInstanceConfig
- type HTTPServerConfig
- type LokiInstanceConfig
- type MetricsConfig
- type OIDCAuthenticatorConfig
- type PrometheusInstanceConfig
- type RateLimitConfig
- type RateLimiter
- type RateLimiterConfig
- type Server
- type ServerConfig
- type Service
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ProxyRequestsTotal counts proxy requests by datasource, method, and status. ProxyRequestsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "requests_total", Help: "Total number of proxy requests", }, []string{"datasource_type", "datasource", "method", "status_code"}, ) // ProxyRequestDurationSeconds measures proxy request duration. ProxyRequestDurationSeconds = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "request_duration_seconds", Help: "Duration of proxy requests in seconds", Buckets: []float64{0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10, 30, 60, 120, 300}, }, []string{"datasource_type", "datasource", "method"}, ) // ProxyResponseSizeBytes measures proxy response sizes. ProxyResponseSizeBytes = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "response_size_bytes", Help: "Size of proxy responses in bytes", Buckets: prometheus.ExponentialBuckets(100, 10, 8), }, []string{"datasource_type"}, ) // ProxyActiveRequests tracks currently in-flight requests. ProxyActiveRequests = prometheus.NewGaugeVec( prometheus.GaugeOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "active_requests", Help: "Number of currently active proxy requests", }, []string{"datasource_type"}, ) // ProxyRateLimitRejectionsTotal counts rate limit rejections. ProxyRateLimitRejectionsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "rate_limit_rejections_total", Help: "Total number of rate limit rejections", }, []string{"datasource_type"}, ) )
Request metrics.
View Source
var ( // EmbeddingRequestsTotal counts OpenRouter embedding API calls. EmbeddingRequestsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "embedding_requests_total", Help: "Total number of embedding API calls to the upstream provider", }, []string{"status"}, ) // EmbeddingRequestDurationSeconds measures OpenRouter API call duration. EmbeddingRequestDurationSeconds = prometheus.NewHistogram( prometheus.HistogramOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "embedding_request_duration_seconds", Help: "Duration of embedding API calls in seconds", Buckets: []float64{0.1, 0.25, 0.5, 1, 2.5, 5, 10, 30, 60, 120}, }, ) // EmbeddingTokensTotal tracks token consumption from the embedding API. EmbeddingTokensTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "embedding_tokens_total", Help: "Total number of tokens consumed by the embedding API", }, []string{"type"}, ) // EmbeddingCostUSD tracks estimated cost in USD from the embedding API. EmbeddingCostUSD = prometheus.NewCounter( prometheus.CounterOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "embedding_cost_usd", Help: "Estimated cumulative cost in USD for embedding API calls", }, ) // EmbeddingItemsTotal counts embedding items by resolution source. EmbeddingItemsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Namespace: proxyMetricsNamespace, Subsystem: proxyMetricsSubsystem, Name: "embedding_items_total", Help: "Total embedding items processed, by source", }, []string{"source"}, ) )
Embedding metrics.
View Source
var ErrAuthenticationRequired = errors.New("proxy authentication required")
Functions ¶
Types ¶
type AuditConfig ¶
type AuditConfig struct {
// Enabled controls whether audit logging is active.
Enabled bool `yaml:"enabled"`
}
AuditConfig holds audit logging configuration.
type AuditEntry ¶
type AuditEntry struct {
Subject string `json:"subject,omitempty"`
Username string `json:"username,omitempty"`
Groups []string `json:"groups,omitempty"`
Method string `json:"method"`
Path string `json:"path"`
DatasourceType string `json:"datasource_type"`
DatasourceName string `json:"datasource_name,omitempty"`
StatusCode int `json:"status_code"`
ResponseBytes int `json:"response_bytes"`
Duration string `json:"duration"`
UserAgent string `json:"user_agent,omitempty"`
}
AuditEntry represents a single audit log entry.
type Auditor ¶
type Auditor struct {
// contains filtered or unexported fields
}
Auditor logs audit entries for proxy requests.
func NewAuditor ¶
func NewAuditor(log logrus.FieldLogger, cfg AuditorConfig) *Auditor
NewAuditor creates a new auditor.
type AuthConfig ¶
type AuthConfig struct {
// Mode is the authentication mode.
Mode AuthMode `yaml:"mode"`
// IssuerURL is the external URL clients should use for auth and token validation.
IssuerURL string `yaml:"issuer_url,omitempty"`
// ClientID is the OIDC client identifier expected in bearer token audiences.
ClientID string `yaml:"client_id,omitempty"`
// GitHub configures the GitHub OAuth app used for user authentication.
GitHub *simpleauth.GitHubConfig `yaml:"github,omitempty"`
// AllowedOrgs restricts access to members of these GitHub orgs.
AllowedOrgs []string `yaml:"allowed_orgs,omitempty"`
// Tokens configures proxy-issued bearer tokens.
Tokens simpleauth.TokensConfig `yaml:"tokens"`
// AccessTokenTTL is the lifetime of proxy-issued access tokens.
AccessTokenTTL time.Duration `yaml:"access_token_ttl,omitempty"`
// RefreshTokenTTL is the lifetime of proxy-issued refresh tokens.
RefreshTokenTTL time.Duration `yaml:"refresh_token_ttl,omitempty"`
// SuccessPage customizes the OAuth callback success page shown in the browser.
SuccessPage *simpleauth.SuccessPageConfig `yaml:"success_page,omitempty"`
}
AuthConfig holds authentication configuration for the proxy.
type AuthMetadataResponse ¶ added in v0.12.0
type AuthMetadataResponse struct {
Enabled bool `json:"enabled"`
Mode string `json:"mode"`
IssuerURL string `json:"issuer_url,omitempty"`
ClientID string `json:"client_id,omitempty"`
}
AuthMetadataResponse describes the proxy's auth configuration for client discovery.
type AuthMode ¶
type AuthMode string
AuthMode determines how the proxy authenticates requests.
const ( // AuthModeNone disables authentication (for local development only). AuthModeNone AuthMode = "none" // AuthModeOAuth enables the embedded GitHub-backed OAuth server on the proxy control plane // and validates proxy-issued bearer tokens on data-plane routes. AuthModeOAuth AuthMode = "oauth" // AuthModeOIDC validates bearer tokens from an external OpenID Connect issuer. AuthModeOIDC AuthMode = "oidc" )
type AuthUser ¶ added in v0.11.0
AuthUser represents the authenticated identity for proxy requests.
func GetAuthUser ¶ added in v0.11.0
GetAuthUser returns the authenticated proxy user from the request context.
type Authenticator ¶
type Authenticator interface {
// Middleware returns an HTTP middleware that authenticates requests.
Middleware() func(http.Handler) http.Handler
// Start starts any background processes.
Start(ctx context.Context) error
// Stop stops any background processes.
Stop() error
}
Authenticator validates incoming requests to the proxy.
func NewNoneAuthenticator ¶
func NewNoneAuthenticator(log logrus.FieldLogger) Authenticator
NewNoneAuthenticator creates an authenticator that allows all requests.
func NewOIDCAuthenticator ¶ added in v0.11.0
func NewOIDCAuthenticator(log logrus.FieldLogger, cfg OIDCAuthenticatorConfig) (Authenticator, error)
func NewSimpleServiceAuthenticator ¶
func NewSimpleServiceAuthenticator(svc simpleauth.SimpleService) Authenticator
type Authorizer ¶ added in v0.12.0
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer enforces per-datasource access control based on GitHub org membership. Rules are built from datasource configs at startup and checked on every request.
func NewAuthorizer ¶ added in v0.12.0
func NewAuthorizer(log logrus.FieldLogger, cfg ServerConfig) *Authorizer
NewAuthorizer creates an Authorizer from the server config.
func (*Authorizer) FilterDatasources ¶ added in v0.12.0
func (a *Authorizer) FilterDatasources(ctx context.Context, resp DatasourcesResponse) DatasourcesResponse
FilterDatasources returns a copy of the response with only the datasources the authenticated user is allowed to access.
func (*Authorizer) Middleware ¶ added in v0.12.0
func (a *Authorizer) Middleware() func(http.Handler) http.Handler
Middleware returns an HTTP middleware that checks datasource access.
type BaseDatasourceConfig ¶ added in v0.12.0
type BaseDatasourceConfig struct {
Name string `yaml:"name"`
Description string `yaml:"description,omitempty"`
AllowedOrgs []string `yaml:"allowed_orgs,omitempty"`
}
BaseDatasourceConfig holds fields common to all datasource configurations. Embed this in every datasource config struct to get compile-time enforcement of authorization support via the DatasourceConfig interface.
func (BaseDatasourceConfig) DatasourceAllowedOrgs ¶ added in v0.12.0
func (b BaseDatasourceConfig) DatasourceAllowedOrgs() []string
DatasourceAllowedOrgs returns the list of GitHub orgs allowed to access this datasource.
func (BaseDatasourceConfig) DatasourceDescription ¶ added in v0.12.0
func (b BaseDatasourceConfig) DatasourceDescription() string
DatasourceDescription returns the datasource description.
func (BaseDatasourceConfig) DatasourceName ¶ added in v0.12.0
func (b BaseDatasourceConfig) DatasourceName() string
DatasourceName returns the datasource name.
type ClickHouseClusterConfig ¶
type ClickHouseClusterConfig struct {
BaseDatasourceConfig `yaml:",inline"`
Host string `yaml:"host"`
Port int `yaml:"port"`
Database string `yaml:"database,omitempty"`
Username string `yaml:"username"`
Password string `yaml:"password"`
Secure bool `yaml:"secure"`
SkipVerify bool `yaml:"skip_verify,omitempty"`
Timeout int `yaml:"timeout,omitempty"`
}
ClickHouseClusterConfig holds ClickHouse cluster configuration.
type Client ¶
type Client interface {
// Start starts the client and performs initial discovery.
Start(ctx context.Context) error
// Stop stops the client.
Stop(ctx context.Context) error
// URL returns the proxy URL.
URL() string
// RegisterToken returns the current proxy access token for server-to-proxy calls.
RegisterToken(executionID string) string
// RevokeToken is a no-op for client-managed bearer tokens.
RevokeToken(executionID string)
// ClickHouseDatasources returns the discovered ClickHouse datasource names.
ClickHouseDatasources() []string
// ClickHouseDatasourceInfo returns detailed ClickHouse datasource info.
ClickHouseDatasourceInfo() []types.DatasourceInfo
// PrometheusDatasources returns the discovered Prometheus datasource names.
PrometheusDatasources() []string
// PrometheusDatasourceInfo returns detailed Prometheus datasource info.
PrometheusDatasourceInfo() []types.DatasourceInfo
// LokiDatasources returns the discovered Loki datasource names.
LokiDatasources() []string
// LokiDatasourceInfo returns detailed Loki datasource info.
LokiDatasourceInfo() []types.DatasourceInfo
// EthNodeAvailable returns true if the proxy has ethnode credentials configured.
EthNodeAvailable() bool
// EmbeddingAvailable returns true if the proxy has embedding configured.
EmbeddingAvailable() bool
// EmbeddingModel returns the configured embedding model name.
EmbeddingModel() string
// Discover fetches datasource information from the proxy.
Discover(ctx context.Context) error
// EnsureAuthenticated checks if the user has valid credentials.
EnsureAuthenticated(ctx context.Context) error
}
Client connects to a proxy server and provides datasource discovery plus proxy-scoped bearer tokens for server-to-proxy calls.
func NewClient ¶
func NewClient(log logrus.FieldLogger, cfg ClientConfig) Client
NewClient creates a new proxy client.
type ClientConfig ¶
type ClientConfig struct {
// URL is the base URL of the proxy server (e.g., http://localhost:18081).
URL string
// IssuerURL is the OAuth issuer URL for proxy authentication.
// If empty, URL is used and the client will only work against auth.mode=none proxies.
IssuerURL string
// ClientID is the OAuth client ID for authentication.
ClientID string
// Resource is the OAuth protected resource to request tokens for.
// Leave empty for standard OIDC providers that do not use RFC 8707 resource parameters.
Resource string
// RefreshTokenTTL is the expected lifetime of the refresh token.
// When set, the credential store will refresh at 50% of this duration
// to keep the refresh token alive via provider rotation.
RefreshTokenTTL time.Duration
// DiscoveryInterval is how often to refresh datasource info (default: 5 minutes).
// Set to 0 to disable background refresh.
DiscoveryInterval time.Duration
// HTTPTimeout is the timeout for HTTP requests (default: 30 seconds).
HTTPTimeout time.Duration
}
ClientConfig configures the proxy client.
func (*ClientConfig) ApplyDefaults ¶
func (c *ClientConfig) ApplyDefaults()
ApplyDefaults sets default values for the client config.
type DatasourceConfig ¶ added in v0.12.0
type DatasourceConfig interface {
DatasourceName() string
DatasourceDescription() string
DatasourceAllowedOrgs() []string
}
DatasourceConfig is the interface every datasource config must satisfy. The Authorizer uses this to build access rules generically, ensuring that any new datasource type added to the proxy must include authorization support.
type DatasourcesResponse ¶
type DatasourcesResponse struct {
ClickHouse []string `json:"clickhouse,omitempty"`
Prometheus []string `json:"prometheus,omitempty"`
Loki []string `json:"loki,omitempty"`
ClickHouseInfo []types.DatasourceInfo `json:"clickhouse_info,omitempty"`
PrometheusInfo []types.DatasourceInfo `json:"prometheus_info,omitempty"`
LokiInfo []types.DatasourceInfo `json:"loki_info,omitempty"`
EthNodeAvailable bool `json:"ethnode_available,omitempty"`
EmbeddingAvailable bool `json:"embedding_available,omitempty"`
EmbeddingModel string `json:"embedding_model,omitempty"`
}
DatasourcesResponse is the response from the /datasources endpoint. This is used by the MCP server client to discover available datasources.
type EmbedCheckRequest ¶ added in v0.14.0
EmbedCheckRequest is the request payload for the /embed/check endpoint.
type EmbedCheckResponse ¶ added in v0.14.0
type EmbedCheckResponse struct {
Cached []EmbedResult `json:"cached"`
}
EmbedCheckResponse is the response from /embed/check.
type EmbedRequest ¶ added in v0.14.0
type EmbedRequest struct {
Items []EmbedItem `json:"items"`
}
EmbedRequest is the request payload for the /embed endpoint.
type EmbedResponse ¶ added in v0.14.0
type EmbedResponse struct {
Results []EmbedResult `json:"results"`
Model string `json:"model"`
}
EmbedResponse is the response payload from the /embed endpoint.
type EmbedResult ¶ added in v0.14.0
EmbedResult is a single embedding result.
type EmbeddingCacheConfig ¶ added in v0.14.0
type EmbeddingCacheConfig struct {
// Backend is the cache backend: "memory" (default) or "redis".
Backend string `yaml:"backend,omitempty"`
// RedisURL is the Redis connection URL (required when backend is "redis").
RedisURL string `yaml:"redis_url,omitempty"`
}
EmbeddingCacheConfig holds cache configuration for embeddings.
type EmbeddingConfig ¶ added in v0.14.0
type EmbeddingConfig struct {
// APIKey is the API key for the embedding provider (e.g., OpenRouter).
APIKey string `yaml:"api_key"`
// Model is the embedding model name (default: "openai/text-embedding-3-small").
Model string `yaml:"model,omitempty"`
// APIURL is the base URL of the embedding API (default: "https://openrouter.ai/api/v1").
APIURL string `yaml:"api_url,omitempty"`
// Cache holds embedding cache configuration.
Cache EmbeddingCacheConfig `yaml:"cache"`
}
EmbeddingConfig holds configuration for the remote embedding API.
type EmbeddingService ¶ added in v0.14.0
type EmbeddingService struct {
// contains filtered or unexported fields
}
EmbeddingService handles embedding requests using a remote API with caching.
func NewEmbeddingService ¶ added in v0.14.0
func NewEmbeddingService( log logrus.FieldLogger, c cache.Cache, apiKey, model, apiURL string, costPerToken float64, ) *EmbeddingService
NewEmbeddingService creates a new EmbeddingService. If costPerToken is 0, the service fetches pricing from the API's /models endpoint.
func (*EmbeddingService) CheckCached ¶ added in v0.14.0
func (s *EmbeddingService) CheckCached(ctx context.Context, hashes []string) ([]EmbedResult, error)
CheckCached returns cached vectors for the given hashes. Only hashes that exist in the cache are returned.
func (*EmbeddingService) Close ¶ added in v0.14.0
func (s *EmbeddingService) Close() error
Close releases resources held by the embedding service.
func (*EmbeddingService) Embed ¶ added in v0.14.0
func (s *EmbeddingService) Embed(ctx context.Context, items []EmbedItem) (*EmbedResponse, error)
Embed computes embeddings for the given items, using the cache where possible.
func (*EmbeddingService) Model ¶ added in v0.14.0
func (s *EmbeddingService) Model() string
Model returns the configured embedding model name.
type EthNodeInstanceConfig ¶
type EthNodeInstanceConfig struct {
BaseDatasourceConfig `yaml:",inline"`
Username string `yaml:"username"`
Password string `yaml:"password"`
}
EthNodeInstanceConfig holds Ethereum node API access configuration. A single credential pair is used for all beacon and execution node endpoints.
type HTTPServerConfig ¶
type HTTPServerConfig struct {
// ListenAddr is the address to listen on (default: ":18081").
ListenAddr string `yaml:"listen_addr,omitempty"`
// ReadTimeout is the maximum duration for reading the entire request.
ReadTimeout time.Duration `yaml:"read_timeout,omitempty"`
// WriteTimeout is the maximum duration before timing out writes of the response.
WriteTimeout time.Duration `yaml:"write_timeout,omitempty"`
// IdleTimeout is the maximum amount of time to wait for the next request.
IdleTimeout time.Duration `yaml:"idle_timeout,omitempty"`
}
HTTPServerConfig holds HTTP server configuration.
type LokiInstanceConfig ¶
type LokiInstanceConfig struct {
BaseDatasourceConfig `yaml:",inline"`
URL string `yaml:"url"`
Username string `yaml:"username,omitempty"`
Password string `yaml:"password,omitempty"`
}
LokiInstanceConfig holds Loki instance configuration.
type MetricsConfig ¶
type MetricsConfig struct {
// Enabled controls whether the Prometheus metrics server is active.
Enabled bool `yaml:"enabled"`
// ListenAddr is the address to serve the /metrics endpoint on.
ListenAddr string `yaml:"listen_addr,omitempty"`
// Port is the port to serve the /metrics endpoint on (default: 9090).
Port int `yaml:"port,omitempty"`
}
MetricsConfig holds Prometheus metrics configuration for the proxy.
type OIDCAuthenticatorConfig ¶ added in v0.11.0
type PrometheusInstanceConfig ¶
type PrometheusInstanceConfig struct {
BaseDatasourceConfig `yaml:",inline"`
URL string `yaml:"url"`
Username string `yaml:"username,omitempty"`
Password string `yaml:"password,omitempty"`
}
PrometheusInstanceConfig holds Prometheus instance configuration.
type RateLimitConfig ¶
type RateLimitConfig struct {
// Enabled controls whether rate limiting is active.
Enabled bool `yaml:"enabled"`
// RequestsPerMinute is the maximum requests per minute per user.
RequestsPerMinute int `yaml:"requests_per_minute,omitempty"`
// BurstSize is the maximum burst size.
BurstSize int `yaml:"burst_size,omitempty"`
}
RateLimitConfig holds rate limiting configuration.
type RateLimiter ¶
type RateLimiter struct {
// contains filtered or unexported fields
}
RateLimiter provides per-user rate limiting for the proxy.
func NewRateLimiter ¶
func NewRateLimiter(log logrus.FieldLogger, cfg RateLimiterConfig) *RateLimiter
NewRateLimiter creates a new rate limiter.
func (*RateLimiter) Allow ¶
func (rl *RateLimiter) Allow(userID string) bool
Allow checks if a request is allowed for the given user ID.
func (*RateLimiter) Middleware ¶
func (rl *RateLimiter) Middleware() func(http.Handler) http.Handler
Middleware returns an HTTP middleware that enforces rate limiting.
func (*RateLimiter) Stop ¶
func (rl *RateLimiter) Stop()
Stop stops the rate limiter cleanup goroutine.
type RateLimiterConfig ¶
type RateLimiterConfig struct {
// RequestsPerMinute is the maximum requests per minute per user.
RequestsPerMinute int
// BurstSize is the maximum burst size.
BurstSize int
}
RateLimiterConfig configures the rate limiter.
type Server ¶
type Server interface {
// Start starts the proxy server.
Start(ctx context.Context) error
// Stop stops the proxy server.
Stop(ctx context.Context) error
// URL returns the proxy URL.
URL() string
// ClickHouseDatasources returns the list of ClickHouse datasource names.
ClickHouseDatasources() []string
// PrometheusDatasources returns the list of Prometheus datasource names.
PrometheusDatasources() []string
// LokiDatasources returns the list of Loki datasource names.
LokiDatasources() []string
}
Server is the credential proxy server interface. This is the standalone proxy server that runs separately from the MCP server.
func NewServer ¶
func NewServer(log logrus.FieldLogger, cfg ServerConfig) (Server, error)
NewServer creates a new proxy server.
type ServerConfig ¶
type ServerConfig struct {
// Server holds HTTP server configuration.
Server HTTPServerConfig `yaml:"server"`
// Auth holds authentication configuration.
Auth AuthConfig `yaml:"auth"`
// ClickHouse holds ClickHouse cluster configurations.
ClickHouse []ClickHouseClusterConfig `yaml:"clickhouse,omitempty"`
// Prometheus holds Prometheus instance configurations.
Prometheus []PrometheusInstanceConfig `yaml:"prometheus,omitempty"`
// Loki holds Loki instance configurations.
Loki []LokiInstanceConfig `yaml:"loki,omitempty"`
// EthNode holds Ethereum node API access configuration.
EthNode *EthNodeInstanceConfig `yaml:"ethnode,omitempty"`
// RateLimiting holds rate limiting configuration.
RateLimiting RateLimitConfig `yaml:"rate_limiting"`
// Audit holds audit logging configuration.
Audit AuditConfig `yaml:"audit"`
// Metrics holds Prometheus metrics configuration.
Metrics MetricsConfig `yaml:"metrics"`
// Embedding holds optional embedding API configuration.
Embedding *EmbeddingConfig `yaml:"embedding,omitempty"`
}
ServerConfig is the configuration for the proxy server. This is the single configuration schema used for both local and K8s deployments.
func LoadServerConfig ¶
func LoadServerConfig(path string) (*ServerConfig, error)
LoadServerConfig loads a proxy server config from a YAML file.
func (*ServerConfig) ApplyDefaults ¶
func (c *ServerConfig) ApplyDefaults()
ApplyDefaults sets default values for the server config.
func (*ServerConfig) ToHandlerConfigs ¶
func (c *ServerConfig) ToHandlerConfigs() ([]handlers.ClickHouseConfig, []handlers.PrometheusConfig, []handlers.LokiConfig, *handlers.EthNodeConfig)
ToHandlerConfigs converts the server config to handler configs.
func (*ServerConfig) Validate ¶
func (c *ServerConfig) Validate() error
Validate validates the server config.
type Service ¶
type Service interface {
// Start starts the service.
Start(ctx context.Context) error
// Stop stops the service.
Stop(ctx context.Context) error
// URL returns the proxy URL.
URL() string
// RegisterToken returns the current access token for server-to-proxy requests.
RegisterToken(executionID string) string
// RevokeToken is a no-op for client-managed bearer tokens.
RevokeToken(executionID string)
// ClickHouseDatasources returns the list of ClickHouse datasource names.
ClickHouseDatasources() []string
// ClickHouseDatasourceInfo returns detailed ClickHouse datasource info.
ClickHouseDatasourceInfo() []types.DatasourceInfo
// PrometheusDatasources returns the list of Prometheus datasource names.
PrometheusDatasources() []string
// PrometheusDatasourceInfo returns detailed Prometheus datasource info.
PrometheusDatasourceInfo() []types.DatasourceInfo
// LokiDatasources returns the list of Loki datasource names.
LokiDatasources() []string
// LokiDatasourceInfo returns detailed Loki datasource info.
LokiDatasourceInfo() []types.DatasourceInfo
// EthNodeAvailable returns true if ethnode proxy access is configured.
EthNodeAvailable() bool
// EmbeddingAvailable returns true if the proxy has embedding configured.
EmbeddingAvailable() bool
// EmbeddingModel returns the configured embedding model name.
EmbeddingModel() string
}
Service is the credential proxy service interface. This is implemented by both Client (for connecting to a proxy) and directly by the proxy Server.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.