config

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrCheckingServerCerts = errors.New("failed to check if server certificate and key can be read")
	ErrServerCertsNotFound = errors.New("server certificate and key files are missing or unreadable")
	ErrInvalidServerCerts  = errors.New("failed to parse or load server certificate and key")
)

Functions

func CertificateDir 

func CertificateDir() string

func ClientConfigFile 

func ClientConfigFile() string

func ConfigDir 

func ConfigDir() string

func ConfigFile 

func ConfigFile() string

func LoadServerCertificates added in v1.0.0 

func LoadServerCertificates(cfg *Config, log *logrus.Logger) (*crypto.TLSCertificateConfig, error)

func Save 

func Save(cfg *Config, cfgFile string) error

func Validate 

func Validate(cfg *Config) error

Types

type Config 

type Config struct {
	Database         *dbConfig               `json:"database,omitempty"`
	Service          *svcConfig              `json:"service,omitempty"`
	KV               *kvConfig               `json:"kv,omitempty"`
	Alertmanager     *alertmanagerConfig     `json:"alertmanager,omitempty"`
	Auth             *authConfig             `json:"auth,omitempty"`
	Metrics          *metricsConfig          `json:"metrics,omitempty"`
	CA               *ca.Config              `json:"ca,omitempty"`
	Tracing          *tracingConfig          `json:"tracing,omitempty"`
	GitOps           *gitOpsConfig           `json:"gitOps,omitempty"`
	Periodic         *periodicConfig         `json:"periodic,omitempty"`
	Organizations    *organizationsConfig    `json:"organizations,omitempty"`
	TelemetryGateway *telemetryGatewayConfig `json:"telemetrygateway,omitempty"`
}

func Load 

func Load(cfgFile string) (*Config, error)

func LoadOrGenerate 

func LoadOrGenerate(cfgFile string) (*Config, error)

func NewDefault 

func NewDefault(opts ...ConfigOption) *Config

func NewFromFile 

func NewFromFile(cfgFile string) (*Config, error)

func (*Config) String 

func (cfg *Config) String() string

type ConfigOption added in v0.8.1 

type ConfigOption func(*Config)

func WithAAPAuth added in v1.0.0 

func WithAAPAuth(apiUrl, externalApiUrl string) ConfigOption

func WithK8sAuth added in v1.0.0 

func WithK8sAuth(apiUrl, rbacNs string) ConfigOption

func WithOAuth2Auth added in v1.0.0 

func WithOAuth2Auth(authorizationUrl, tokenUrl, userinfoUrl, issuer, clientId string, enabled bool) ConfigOption

func WithOIDCAuth added in v1.0.0 

func WithOIDCAuth(issuer, clientId string, enabled bool) ConfigOption

func WithPAMOIDCIssuer added in v1.0.0 

func WithPAMOIDCIssuer(issuer, clientId, clientSecret, pamService string) ConfigOption

func WithTracingEnabled added in v0.8.1 

func WithTracingEnabled() ConfigOption

type EnrollmentService added in v0.6.0 

type EnrollmentService struct {
	client.Config

	// EnrollmentUIEndpoint is the address of the device enrollment UI
	EnrollmentUIEndpoint string `json:"enrollment-ui-endpoint,omitempty"`
}

func (*EnrollmentService) Equal added in v0.6.0 

func (s *EnrollmentService) Equal(s2 *EnrollmentService) bool

type ManagementService added in v0.6.0 

type ManagementService struct {
	client.Config
}

func (*ManagementService) Equal added in v0.6.0 

func (s *ManagementService) Equal(s2 *ManagementService) bool

type PAMOIDCIssuer added in v1.0.0 

type PAMOIDCIssuer struct {
	// Address is the listen address for the PAM issuer service (e.g., ":8444")
	Address string `json:"address,omitempty"`
	// Issuer is the base URL for the OIDC issuer (e.g., "https://flightctl.example.com")
	Issuer string `json:"issuer,omitempty"`
	// ClientID is the OAuth2 client ID for this issuer
	ClientID string `json:"clientId,omitempty"`
	// ClientSecret is the OAuth2 client secret for this issuer
	ClientSecret string `json:"clientSecret,omitempty"`
	// Scopes are the supported OAuth2 scopes
	Scopes []string `json:"scopes,omitempty"`
	// RedirectURIs are the allowed redirect URIs for OAuth2 flows
	RedirectURIs []string `json:"redirectUris,omitempty"`
	// PAMService is the PAM service name to use for authentication (default: "flightctl")
	PAMService string `json:"pamService" validate:"required"`
	// AllowPublicClientWithoutPKCE allows public clients (no client secret) to skip PKCE
	// SECURITY WARNING: This should only be enabled for testing or backward compatibility
	// Default: false (PKCE required for public clients per OAuth 2.0 Security BCP)
	AllowPublicClientWithoutPKCE bool `json:"allowPublicClientWithoutPKCE,omitempty"`
	// AccessTokenExpiration is the expiration duration for access tokens and ID tokens
	// Default: 1 hour
	AccessTokenExpiration util.Duration `json:"accessTokenExpiration,omitempty"`
	// RefreshTokenExpiration is the expiration duration for refresh tokens
	// Default: 7 days
	RefreshTokenExpiration util.Duration `json:"refreshTokenExpiration,omitempty"`
	// PendingSessionCookieMaxAge is the MaxAge duration for pending session cookies
	// Default: 10 minutes
	PendingSessionCookieMaxAge util.Duration `json:"pendingSessionCookieMaxAge,omitempty"`
	// AuthenticatedSessionCookieMaxAge is the MaxAge duration for authenticated session cookies
	// Default: 30 minutes
	AuthenticatedSessionCookieMaxAge util.Duration `json:"authenticatedSessionCookieMaxAge,omitempty"`
}

PAMOIDCIssuer represents an OIDC issuer that uses Linux PAM for authentication

type RateLimitConfig added in v0.9.0 

type RateLimitConfig struct {
	Enabled      bool          `json:"enabled,omitempty"`      // Enable/disable rate limiting
	Requests     int           `json:"requests,omitempty"`     // max requests per window
	Window       util.Duration `json:"window,omitempty"`       // e.g. "1m" for one minute
	AuthRequests int           `json:"authRequests,omitempty"` // max auth requests per window
	AuthWindow   util.Duration `json:"authWindow,omitempty"`   // e.g. "1h" for one hour
	// TrustedProxies specifies IP addresses/networks that are allowed to set proxy headers
	// If empty, proxy headers are ignored for security (only direct connection IPs are used)
	TrustedProxies []string `json:"trustedProxies,omitempty"`
}

type ServiceConfig added in v0.6.0 

type ServiceConfig struct {
	// EnrollmentService is the client configuration for connecting to the device enrollment server
	EnrollmentService EnrollmentService `json:"enrollment-service,omitempty"`
	// ManagementService is the client configuration for connecting to the device management server
	ManagementService ManagementService `json:"management-service,omitempty"`
}

func NewServiceConfig added in v0.6.0 

func NewServiceConfig() ServiceConfig

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.