Affected by 
Documentation
¶
Overview ¶
Package config defines the environment baased configuration for this project. Each server has a unique config type.
Index ¶
- func ProcessWith(ctx context.Context, spec interface{}, l envconfig.Lookuper) error
- type APIServerConfig
- type AdminAPIServerConfig
- func (c *AdminAPIServerConfig) GetAllowedSymptomAge() time.Duration
- func (c *AdminAPIServerConfig) GetCollisionRetryCount() uint
- func (c *AdminAPIServerConfig) GetENXRedirectDomain() string
- func (c *AdminAPIServerConfig) GetEnforceRealmQuotas() bool
- func (c *AdminAPIServerConfig) GetRateLimitConfig() *ratelimit.Config
- func (c *AdminAPIServerConfig) IsMaintenanceMode() bool
- func (c *AdminAPIServerConfig) ObservabilityExporterConfig() *observability.Config
- func (c *AdminAPIServerConfig) Validate() error
- type AppSyncConfig
- type Base64ByteSlice
- type CertificateSigningConfig
- type CleanupConfig
- type E2ERunnerConfig
- type FeatureConfig
- type FirebaseConfig
- type IssueAPIConfig
- type Modeler
- type PasswordRequirementsConfig
- type RedirectConfig
- type RotationConfig
- type SMSSigningConfig
- type ServerConfig
- func (c *ServerConfig) FirebaseConfig() *firebase.Config
- func (c *ServerConfig) GetAllowedSymptomAge() time.Duration
- func (c *ServerConfig) GetCollisionRetryCount() uint
- func (c *ServerConfig) GetENXRedirectDomain() string
- func (c *ServerConfig) GetEnforceRealmQuotas() bool
- func (c *ServerConfig) GetRateLimitConfig() *ratelimit.Config
- func (c *ServerConfig) IsMaintenanceMode() bool
- func (c *ServerConfig) ObservabilityExporterConfig() *observability.Config
- func (c *ServerConfig) Validate() error
- type StatsPullerConfig
- type TokenSigningConfig
- type Validatable
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ProcessWith ¶
ProcessWith creates a new config with the given lookuper for parsing config.
Types ¶
type APIServerConfig ¶
type APIServerConfig struct {
Database database.Config
Observability observability.Config
Cache cache.Config
Features FeatureConfig
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
MaintenanceMode bool `env:"MAINTENANCE_MODE"`
Port string `env:"PORT,default=8080"`
APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`
// Verification Token Config
VerificationTokenDuration time.Duration `env:"VERIFICATION_TOKEN_DURATION,default=24h"`
// Token signing
TokenSigning TokenSigningConfig
// Certificate signing
CertificateSigning CertificateSigningConfig
// Rate limiting configuration
RateLimit ratelimit.Config
}
APIServerConfig represnets the environment based configuration for the API server.
func NewAPIServerConfig ¶
func NewAPIServerConfig(ctx context.Context) (*APIServerConfig, error)
NewAPIServerConfig returns the environment config for the API server. Only needs to be called once per instance, but may be called multiple times.
func (*APIServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *APIServerConfig) ObservabilityExporterConfig() *observability.Config
func (*APIServerConfig) Validate ¶
func (c *APIServerConfig) Validate() error
type AdminAPIServerConfig ¶
type AdminAPIServerConfig struct {
Database database.Config
Observability observability.Config
Cache cache.Config
Features FeatureConfig
// SMSSigning defines the SMS signing configuration.
SMSSigning SMSSigningConfig
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
MaintenanceMode bool `env:"MAINTENANCE_MODE"`
// Rate limiting configuration
RateLimit ratelimit.Config
Port string `env:"PORT,default=8080"`
APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`
CollisionRetryCount uint `env:"COLLISION_RETRY_COUNT,default=6"`
AllowedSymptomAge time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=672h"` // 672h is 28 days.
EnforceRealmQuotas bool `env:"ENFORCE_REALM_QUOTAS, default=true"`
// For EN Express, the link will be
// https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode]
// This repository contains a redirect service that can be used for this purpose.
ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"`
}
AdminAPIServerConfig represents the environment based config for the Admin API Server.
func NewAdminAPIServerConfig ¶
func NewAdminAPIServerConfig(ctx context.Context) (*AdminAPIServerConfig, error)
NewAdminAPIServerConfig returns the environment config for the Admin API server. Only needs to be called once per instance, but may be called multiple times.
func (*AdminAPIServerConfig) GetAllowedSymptomAge ¶
func (c *AdminAPIServerConfig) GetAllowedSymptomAge() time.Duration
func (*AdminAPIServerConfig) GetCollisionRetryCount ¶ added in v0.3.0
func (c *AdminAPIServerConfig) GetCollisionRetryCount() uint
func (*AdminAPIServerConfig) GetENXRedirectDomain ¶ added in v0.9.0
func (c *AdminAPIServerConfig) GetENXRedirectDomain() string
func (*AdminAPIServerConfig) GetEnforceRealmQuotas ¶ added in v0.9.0
func (c *AdminAPIServerConfig) GetEnforceRealmQuotas() bool
func (*AdminAPIServerConfig) GetRateLimitConfig ¶ added in v0.9.0
func (c *AdminAPIServerConfig) GetRateLimitConfig() *ratelimit.Config
func (*AdminAPIServerConfig) IsMaintenanceMode ¶ added in v0.17.0
func (c *AdminAPIServerConfig) IsMaintenanceMode() bool
func (*AdminAPIServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *AdminAPIServerConfig) ObservabilityExporterConfig() *observability.Config
func (*AdminAPIServerConfig) Validate ¶
func (c *AdminAPIServerConfig) Validate() error
type AppSyncConfig ¶ added in v0.17.0
type AppSyncConfig struct {
Database database.Config
Observability observability.Config
Features FeatureConfig
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
Port string `env:"PORT,default=8080"`
RateLimit uint64 `env:"RATE_LIMIT,default=60"`
// AppSync config
AppSyncURL string `env:"APP_SYNC_URL"`
FileSizeLimitBytes int64 `env:"APP_SYNC_SIZE_LIMIT, default=64000"`
Timeout time.Duration `env:"APP_SYNC_TIMEOUT, default=1m"`
// AppSyncMinPeriod defines the period for which the app sync service will hold a lock
// which prevents other calls from entering.
AppSyncMinPeriod time.Duration `env:"APP_SYNC_MIN_PERIOD, default=5m"`
}
AppSyncConfig represents the environment based configuration for the app sync server.
func NewAppSyncConfig ¶ added in v0.17.0
func NewAppSyncConfig(ctx context.Context) (*AppSyncConfig, error)
NewAppSyncConfig returns the environment config for the appsync server. Only needs to be called once per instance, but may be called multiple times.
func (*AppSyncConfig) ObservabilityExporterConfig ¶ added in v0.17.0
func (c *AppSyncConfig) ObservabilityExporterConfig() *observability.Config
func (*AppSyncConfig) Validate ¶ added in v0.17.0
func (c *AppSyncConfig) Validate() error
type Base64ByteSlice ¶
type Base64ByteSlice []envconfig.Base64Bytes
Base64ByteSlice is a slice of base64-encoded strings that we want to convert to bytes.
func (Base64ByteSlice) AsBytes ¶
func (c Base64ByteSlice) AsBytes() [][]byte
AsBytes returns the value as a slice of bytes instead of its main type.
type CertificateSigningConfig ¶ added in v0.5.0
type CertificateSigningConfig struct {
// Keys determines the key manager configuration for this certificate signing
// configuration.
Keys keys.Config `env:",prefix=CERTIFICATE_"`
PublicKeyCacheDuration time.Duration `env:"PUBLIC_KEY_CACHE_DURATION, default=15m"`
SignerCacheDuration time.Duration `env:"CERTIFICATE_SIGNER_CACHE_DURATION, default=1m"`
CertificateSigningKey string `env:"CERTIFICATE_SIGNING_KEY, required"`
CertificateSigningKeyID string `env:"CERTIFICATE_SIGNING_KEY_ID, default=v1"`
CertificateIssuer string `env:"CERTIFICATE_ISSUER, default=diagnosis-verification-example"`
CertificateAudience string `env:"CERTIFICATE_AUDIENCE, default=exposure-notifications-server"`
CertificateDuration time.Duration `env:"CERTIFICATE_DURATION, default=15m"`
}
CertificateSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certificate keys externally.
type CleanupConfig ¶
type CleanupConfig struct {
Database database.Config
Observability observability.Config
Features FeatureConfig
// TokenSigning is the token signing configuration to purge old keys in the
// key manager when they are cleaned.
TokenSigning TokenSigningConfig
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
// Port is the port on which to bind.
Port string `env:"PORT,default=8080"`
// Cleanup config
AuditEntryMaxAge time.Duration `env:"AUDIT_ENTRY_MAX_AGE, default=720h"`
AuthorizedAppMaxAge time.Duration `env:"AUTHORIZED_APP_MAX_AGE, default=336h"`
CleanupMinPeriod time.Duration `env:"CLEANUP_MIN_PERIOD, default=15m"`
// KeyServerStatsMaxAge is the maximum amount of time to retain key-server stats.
KeyServerStatsMaxAge time.Duration `env:"KEY_SERVER_STATS_MAX_AGE, default=720h"`
MobileAppMaxAge time.Duration `env:"MOBILE_APP_MAX_AGE, default=168h"`
// SigningTokenKeyMaxAge is the maximum amount of time that a rotated signing
// token key should remain unpurged.
SigningTokenKeyMaxAge time.Duration `env:"SIGNING_TOKEN_KEY_MAX_AGE, default=36h"`
// VerificationSigningKeyMaxAge is the maximum amount of time that an already soft
// delted SigningKey will be kept in the database before being purged.
VerificationSigningKeyMaxAge time.Duration `env:"VERIFICATION_SIGNING_KEY_MAX_AGE, default=36h"`
UserPurgeMaxAge time.Duration `env:"USER_PURGE_MAX_AGE, default=720h"`
// VerificationCodeMaxAge is the period in which the full code should be available.
// After this time it will be recycled. The code will be zeroed out, but its status persist.
VerificationCodeMaxAge time.Duration `env:"VERIFICATION_CODE_MAX_AGE, default=48h"`
// VerificationCodeStatusMaxAge is the time after which, even the status of the code will be deleted
// and the entry will be purged. This value should be greater than VerificationCodeMaxAge
VerificationCodeStatusMaxAge time.Duration `env:"VERIFICATION_CODE_STATUS_MAX_AGE, default=336h"`
VerificationTokenMaxAge time.Duration `env:"VERIFICATION_TOKEN_MAX_AGE, default=24h"`
}
CleanupConfig represents the environment based configuration for the Cleanup server.
func NewCleanupConfig ¶
func NewCleanupConfig(ctx context.Context) (*CleanupConfig, error)
NewCleanupConfig returns the environment config for the cleanup server. Only needs to be called once per instance, but may be called multiple times.
func (*CleanupConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *CleanupConfig) ObservabilityExporterConfig() *observability.Config
func (*CleanupConfig) Validate ¶
func (c *CleanupConfig) Validate() error
type E2ERunnerConfig ¶ added in v0.6.0
type E2ERunnerConfig struct {
Database database.Config
Observability *observability.Config
Features FeatureConfig
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
Port string `env:"PORT,default=8080"`
VerificationAdminAPIServer string `env:"VERIFICATION_ADMIN_API, default=http://localhost:8081"`
VerificationAdminAPIKey string `env:"VERIFICATION_ADMIN_API_KEY"`
VerificationAPIServer string `env:"VERIFICATION_SERVER_API, default=http://localhost:8082"`
VerificationAPIServerKey string `env:"VERIFICATION_SERVER_API_KEY"`
KeyServer string `env:"KEY_SERVER, default=http://localhost:8080"`
HealthAuthorityCode string `env:"HEALTH_AUTHORITY_CODE,required"`
DoRevise bool `env:"DO_REVISIONS"`
// ENXRedirectURL is the host to use for testing the ENX redirector service.
// This should be the value of the e2e realm's host, like
// "https://e2e-realm.redirect-domain.com", where "redirect-domain.com" is
// your enx redirect domain. The protocol is required. If this value is blank,
// the enx redirect tests are not executed on the e2e-runner.
ENXRedirectURL string `env:"ENX_REDIRECT_URL"`
}
E2ERunnerConfig represents the environment based configuration for the e2e-runner server.
func NewE2ERunnerConfig ¶ added in v0.6.0
func NewE2ERunnerConfig(ctx context.Context) (*E2ERunnerConfig, error)
NewE2ERunnerConfig returns the environment config for the e2e-runner server. Only needs to be called once per instance, but may be called multiple times.
type FeatureConfig ¶ added in v0.21.0
type FeatureConfig struct {
// EnableAuthenticatedSMS allows for realms to managed SMS specific signing keys,
// and enable/disable this feature. There is no launch timeline for GA.
// This should not be used without prior coordination with Apple/Google.
EnableAuthenticatedSMS bool `env:"ENABLE_AUTHENTICATED_SMS, default=false"`
}
FeatureConfig represents features that are introduced as off by default allowing for server operators to control their release.
func (*FeatureConfig) AddToTemplate ¶ added in v0.21.0
func (f *FeatureConfig) AddToTemplate(m controller.TemplateMap) controller.TemplateMap
AddToTemplate takes TemplateMap and writes the status of all known feature flags for use in HTML templates.
type FirebaseConfig ¶
type FirebaseConfig struct {
APIKey string `env:"FIREBASE_API_KEY,required"`
AuthDomain string `env:"FIREBASE_AUTH_DOMAIN,required"`
DatabaseURL string `env:"FIREBASE_DATABASE_URL,required"`
ProjectID string `env:"FIREBASE_PROJECT_ID,required"`
StorageBucket string `env:"FIREBASE_STORAGE_BUCKET,required"`
MessageSenderID string `env:"FIREBASE_MESSAGE_SENDER_ID,required"`
AppID string `env:"FIREBASE_APP_ID,required"`
MeasurementID string `env:"FIREBASE_MEASUREMENT_ID,required"`
TermsOfServiceURL string `env:"FIREBASE_TERMS_OF_SERVICE_URL"`
PrivacyPolicyURL string `env:"FIREBASE_PRIVACY_POLICY_URL"`
}
FirebaseConfig represents configuration specific to firebase auth.
type IssueAPIConfig ¶
type IssueAPIConfig interface {
GetCollisionRetryCount() uint
GetAllowedSymptomAge() time.Duration
GetEnforceRealmQuotas() bool
GetRateLimitConfig() *ratelimit.Config
GetENXRedirectDomain() string
IsMaintenanceMode() bool
}
IssueAPIConfig is an interface that represents what is needed of the verification code issue API.
type Modeler ¶ added in v0.9.0
type Modeler struct {
Cache cache.Config
Database database.Config
Observability observability.Config
RateLimit ratelimit.Config
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
Port string `env:"PORT, default=8080"`
// MinValue and MaxValue determine the floor and ceiling limits for the
// modeler.
MinValue uint `env:"MODELER_MIN_VALUE, default=10"`
MaxValue uint `env:"MODELER_MAX_VALUE, default=20000"`
}
Modeler is the configuration for the modeler service.
func NewModeler ¶ added in v0.9.0
NewModeler returns the config for the modeler server.
func (*Modeler) ObservabilityExporterConfig ¶ added in v0.9.0
func (c *Modeler) ObservabilityExporterConfig() *observability.Config
type PasswordRequirementsConfig ¶ added in v0.9.0
type PasswordRequirementsConfig struct {
Length int `env:"MIN_PWD_LENGTH,default=8"`
Uppercase int `env:"MIN_PWD_UPPER,default=1"`
Lowercase int `env:"MIN_PWD_LOWER,default=1"`
Number int `env:"MIN_PWD_DIGITS,default=1"`
Special int `env:"MIN_PWD_SPECIAL,default=1"`
}
PasswordRequirementsConfig represents the password complexity requirements for the server.
func (*PasswordRequirementsConfig) HasRequirements ¶ added in v0.9.0
func (c *PasswordRequirementsConfig) HasRequirements() bool
HasRequirements is true if any requirements are set.
type RedirectConfig ¶ added in v0.9.0
type RedirectConfig struct {
Database database.Config
Observability observability.Config
Cache cache.Config
Features FeatureConfig
Port string `env:"PORT, default=8080"`
AssetsPath string `env:"ASSETS_PATH, default=./cmd/enx-redirect/assets"`
AppCacheTTL time.Duration `env:"APP_CACHE_TTL, default=5m"`
// If Dev mode is true, extended logging is enabled and template
// auto-reload is enabled.
DevMode bool `env:"DEV_MODE"`
// A map of hostnames to redirect to ens:// and a mapping to the region.
// For example to redirect
// region.example.com to region US-AA
// otherregion.example.com to region US-BB
// all matched hostnames are redirected to
// "ens://"
// The append region is added to the end
// "US-AA,US-BB"
//
// The config for this is passed as a map, example:
// HOSTNAME_TO_REGION="region.example.com:US-AA,otherregion.example.com:US-BB"
HostnameConfig map[string]string `env:"HOSTNAME_TO_REGION"`
}
RedirectConfig represents the environment based config for the redirect server.
func NewRedirectConfig ¶ added in v0.9.0
func NewRedirectConfig(ctx context.Context) (*RedirectConfig, error)
NewRedirectConfig initializes and validates a RedirectConfig struct.
func (*RedirectConfig) DatabaseConfig ¶ added in v0.10.0
func (c *RedirectConfig) DatabaseConfig() *database.Config
func (*RedirectConfig) HostnameToRegion ¶ added in v0.9.0
func (c *RedirectConfig) HostnameToRegion() (map[string]string, error)
HostnameToRegion returns a normalized map of the HOSTNAME_TO_REGION config value. Hostnames (key) are lowercased Regions (value) are uppercased
func (*RedirectConfig) ObservabilityExporterConfig ¶ added in v0.9.0
func (c *RedirectConfig) ObservabilityExporterConfig() *observability.Config
type RotationConfig ¶ added in v0.20.0
type RotationConfig struct {
Database database.Config
Observability observability.Config
Features FeatureConfig
// Port is the port upon which to bind.
Port string `env:"PORT, default=8080"`
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
// MinTTL is the minimum amount of time that must elapse between attempting
// rotation events. This is used to control whether rotation is actually
// attempted at the controller layer, independent of the data layer. In
// effect, it rate limits the number of rotation requests.
MinTTL time.Duration `env:"MIN_TTL, default=15m"`
// TokenSigning is the token signing configuration. This defines the parent
// key and common data like issuer, but the individual versions are controlled
// by the database table.
TokenSigning TokenSigningConfig
// TokenSigningKeyMaxAge is the maximum age for a token signing key.
TokenSigningKeyMaxAge time.Duration `env:"TOKEN_SIGNING_KEY_MAX_AGE, default=720h"` // 30 days
// Verification rotation frequency.
VerificationSigningKeyMaxAge time.Duration `env:"VERIFICATION_SIGNING_KEY_MAX_AGE, default=720h"` // 30 days
// How long to wait to activate a new key after creation. This gives
// the upstream key server time to import the new allowed public key.
// A deactivated key will also be kept for this time period.
VerificationActivationDelay time.Duration `env:"VERIFICATION_ACTIVATION_DELAY, default=1h"`
}
RotationConfig represents the environment-based configuration for the rotation service.
func NewRotationConfig ¶ added in v0.20.0
func NewRotationConfig(ctx context.Context) (*RotationConfig, error)
NewRotationConfig returns the config for the rotation service.
func (*RotationConfig) ObservabilityExporterConfig ¶ added in v0.20.0
func (c *RotationConfig) ObservabilityExporterConfig() *observability.Config
func (*RotationConfig) Validate ¶ added in v0.20.0
func (c *RotationConfig) Validate() error
type SMSSigningConfig ¶ added in v0.21.0
type SMSSigningConfig struct {
// Keys determines the key manager configuration for this SMS signing
// configuration.
Keys keys.Config `env:", prefix=SMS_"`
}
SMSSigningConfig represents the settings for SMS-signing.
type ServerConfig ¶
type ServerConfig struct {
Firebase FirebaseConfig
Database database.Config
Observability observability.Config
Cache cache.Config
Features FeatureConfig
// Certificate signing key settings, needed for public key / settings display.
CertificateSigning CertificateSigningConfig
// SMSSigning defines the SMS signing configuration.
SMSSigning SMSSigningConfig
Port string `env:"PORT,default=8080"`
// Login Config
SessionDuration time.Duration `env:"SESSION_DURATION, default=20h"`
SessionIdleTimeout time.Duration `env:"SESSION_IDLE_TIMEOUT, default=20m"`
RevokeCheckPeriod time.Duration `env:"REVOKE_CHECK_DURATION, default=5m"`
// Password Config
PasswordRequirements PasswordRequirementsConfig
// CookieKeys is a slice of bytes. The first is 64 bytes, the second is 32.
// They should be base64-encoded.
CookieKeys Base64ByteSlice `env:"COOKIE_KEYS,required"`
// CookieDomain is the domain for which cookie should be valid.
CookieDomain string `env:"COOKIE_DOMAIN"`
// CSRFAuthKey is the authentication key. It must be 32-bytes and can be
// generated with tools/gen-secret. The value's should be base64 encoded.
CSRFAuthKey envconfig.Base64Bytes `env:"CSRF_AUTH_KEY,required"`
// Application Config
ServerName string `env:"SERVER_NAME,default=Diagnosis Verification Server"`
CollisionRetryCount uint `env:"COLLISION_RETRY_COUNT,default=6"`
AllowedSymptomAge time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=672h"` // 672h is 28 days.
EnforceRealmQuotas bool `env:"ENFORCE_REALM_QUOTAS, default=true"`
AssetsPath string `env:"ASSETS_PATH, default=./cmd/server/assets"`
LocalesPath string `env:"LOCALES_PATH, default=./internal/i18n/locales"`
// For EN Express, the link will be
// https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode]
// This repository contains a redirect service that can be used for this purpose.
ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"`
// If Dev mode is true, cookies aren't required to be sent over secure channels.
// This includes CSRF protection base cookie. You want this false in production (the default).
DevMode bool `env:"DEV_MODE"`
// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
MaintenanceMode bool `env:"MAINTENANCE_MODE"`
// Rate limiting configuration
RateLimit ratelimit.Config
}
ServerConfig represents the environment based config for the server.
func NewServerConfig ¶
func NewServerConfig(ctx context.Context) (*ServerConfig, error)
NewServerConfig initializes and validates a ServerConfig struct.
func (*ServerConfig) FirebaseConfig ¶
func (c *ServerConfig) FirebaseConfig() *firebase.Config
FirebaseConfig returns the firebase SDK config based on the local env config.
func (*ServerConfig) GetAllowedSymptomAge ¶
func (c *ServerConfig) GetAllowedSymptomAge() time.Duration
func (*ServerConfig) GetCollisionRetryCount ¶ added in v0.3.0
func (c *ServerConfig) GetCollisionRetryCount() uint
func (*ServerConfig) GetENXRedirectDomain ¶ added in v0.9.0
func (c *ServerConfig) GetENXRedirectDomain() string
func (*ServerConfig) GetEnforceRealmQuotas ¶ added in v0.9.0
func (c *ServerConfig) GetEnforceRealmQuotas() bool
func (*ServerConfig) GetRateLimitConfig ¶ added in v0.9.0
func (c *ServerConfig) GetRateLimitConfig() *ratelimit.Config
func (*ServerConfig) IsMaintenanceMode ¶ added in v0.17.0
func (c *ServerConfig) IsMaintenanceMode() bool
func (*ServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *ServerConfig) ObservabilityExporterConfig() *observability.Config
func (*ServerConfig) Validate ¶
func (c *ServerConfig) Validate() error
type StatsPullerConfig ¶ added in v0.20.0
type StatsPullerConfig struct {
Database database.Config
Observability observability.Config
Features FeatureConfig
// Certificate signing
CertificateSigning CertificateSigningConfig
// KeyServerURL is the default URL of the key server - individual realms may override it
KeyServerURL string `env:"KEY_SERVER_URL, required"`
// The audience value to send to the keyserver.
// Default matches: https://github.com/google/exposure-notifications-server/blob/main/internal/verification/config.go
KeyServerStatsAudience string `env:"KEY_SERVER_STATS_AUDIENCE, default=keyserver"`
FileSizeLimitBytes int64 `env:"STATS_PULLER_SIZE_LIMIT, default=64000"`
DownloadTimeout time.Duration `env:"STATS_PULLER_DOWNLOAD_TIMEOUT, default=1m"`
// Port is the port upon which to bind.
Port string `env:"PORT, default=8080"`
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
// MinTTL is the minimum amount of time that must elapse between attempting
// stats-pull events. This is used to control whether the pull is actually
// attempted at the controller layer, independent of the data layer. In
// effect, it rate limits the number of rotation requests.
MinTTL time.Duration `env:"MIN_TTL, default=15m"`
// StatsPullerMinPeriod defines the period for which the stats puller will hold a lock
// which prevents other calls from entering.
StatsPullerMinPeriod time.Duration `env:"STATS_PULLER_MIN_PERIOD, default=5m"`
}
StatsPullerConfig represents the environment-based configuration for the stats-puller service.
func NewStatsPullerConfig ¶ added in v0.20.0
func NewStatsPullerConfig(ctx context.Context) (*StatsPullerConfig, error)
NewStatsPullerConfig returns the config for the stats-puller service.
func (*StatsPullerConfig) ObservabilityExporterConfig ¶ added in v0.20.0
func (c *StatsPullerConfig) ObservabilityExporterConfig() *observability.Config
type TokenSigningConfig ¶ added in v0.5.1
type TokenSigningConfig struct {
// Keys determines the key manager configuration for this token signing
// configuration.
Keys keys.Config `env:", prefix=TOKEN_"`
// TokenSigningKeys is the parent token signing key (not the actual signing
// version). It is an array for backwards-compatibility, but in practice it
// should only have one element.
//
// Previously it was a list of all possible signing key versions, but those
// have moved into the database.
//
// TODO(sethvargo): Convert to string in 0.22+.
TokenSigningKeys []string `env:"TOKEN_SIGNING_KEY, required"`
// TokenSigningKeyIDs specifies the list of kids, corresponding to the
// TokenSigningKey
//
// TODO(sethvargo): Remove in 0.22+.
//
// Deprecated: moved into the database.
TokenSigningKeyIDs []string `env:"TOKEN_SIGNING_KEY_ID, default=v1"`
// TokenIssuer is the `iss` field on the JWT.
TokenIssuer string `env:"TOKEN_ISSUER, default=diagnosis-verification-example"`
}
TokenSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certificate keys externally.
func (*TokenSigningConfig) FindKeyByKid ¶ added in v0.20.0
func (t *TokenSigningConfig) FindKeyByKid(kid string) (string, bool)
FindKeyByKid attempts to find the matching signing key for the given kid. The boolean indicates whether the search was successful.
TODO(sethvargo): remove in 0.22+.
func (*TokenSigningConfig) ParentKeyName ¶ added in v0.20.0
func (t *TokenSigningConfig) ParentKeyName() string
ParentKeyName returns the name of the parent key.
func (*TokenSigningConfig) Validate ¶ added in v0.5.1
func (t *TokenSigningConfig) Validate() error
Validate validates the configuration.
type Validatable ¶
type Validatable interface {
Validate() error
}
Validatable indicates that a type can be validated.
Source Files
¶
- admin_server_config.go
- api_server_config.go
- appsync_server_config.go
- certificate_signing_config.go
- cleanup_server_config.go
- config.go
- e2e_runner_server_config.go
- feature_config.go
- issue.go
- modeler.go
- redirect_config.go
- rotation_config.go
- server_config.go
- sms_signing_config.go
- stats_puller_config.go
- token_signing_config.go
Click to show internal directories.
Click to hide internal directories.