Documentation
¶
Index ¶
- Constants
- Variables
- func Validate(mode int, conf Config) error
- type Config
- type Debug
- type HTTP
- type HTTPCheck
- type Log
- type OAuth2
- type OAuth2AuthStyle
- type OAuth2Client
- type OAuth2Endpoints
- type OAuth2Refresh
- type OAuth2RefreshNonce
- type OAuth2Validate
- type OpenVPN
- type OpenVPNBypass
- type OpenVPNCommonName
- type OpenVPNCommonNameMode
- type OpenVPNConfig
- type OpenVPNPassthrough
Constants ¶
View Source
const ( Plugin = iota ManagementClient )
View Source
const (
CommonName = "common_name"
)
View Source
const CommonNameModeOmitValue = "-"
Variables ¶
View Source
var Defaults = Config{ Debug: Debug{ Listen: ":9001", }, Log: Log{ Format: "console", Level: slog.LevelInfo, VPNClientIP: true, }, HTTP: HTTP{ AssetPath: types.FS{FS: assets.FS}, BaseURL: types.URL{URL: &url.URL{ Scheme: "http", Host: "localhost:9000", }}, Listen: ":9000", TLS: false, Check: HTTPCheck{ IPAddr: false, }, Template: types.Template{Template: template.Must(template.New("index.gohtml").ParseFS(ui.Template, "index.gohtml"))}, }, OpenVPN: OpenVPN{ Addr: types.URL{URL: &url.URL{ Scheme: "unix", Path: "/run/openvpn/server.sock", OmitHost: true, }}, AuthTokenUser: true, AuthPendingTimeout: 3 * time.Minute, ClientConfig: OpenVPNConfig{ Enabled: false, Path: types.FS{FS: os.DirFS("/etc/openvpn-auth-oauth2/client-config-dir/")}, }, CommonName: OpenVPNCommonName{ EnvironmentVariableName: "common_name", Mode: CommonNameModePlain, }, OverrideUsername: false, Bypass: OpenVPNBypass{ CommonNames: types.RegexpSlice{}, }, Passthrough: OpenVPNPassthrough{ Enabled: false, Address: types.URL{URL: &url.URL{ Scheme: "unix", Path: "/run/openvpn-auth-oauth2/server.sock", OmitHost: true, }}, SocketMode: 660, SocketGroup: "", }, CommandTimeout: 10 * time.Second, ReAuthentication: true, }, OAuth2: OAuth2{ AuthStyle: OAuth2AuthStyle(oauth2.AuthStyleInParams), Client: OAuth2Client{}, Endpoints: OAuth2Endpoints{ Auth: types.URL{URL: &url.URL{Scheme: "", Host: ""}}, Discovery: types.URL{URL: &url.URL{Scheme: "", Host: ""}}, Token: types.URL{URL: &url.URL{Scheme: "", Host: ""}}, }, Issuer: types.URL{URL: &url.URL{Scheme: "", Host: ""}}, Nonce: true, RefreshNonce: OAuth2RefreshNonceAuto, PKCE: true, UserInfo: false, GroupsClaim: "groups", Provider: "generic", Refresh: OAuth2Refresh{ Expires: time.Hour * 8, ValidateUser: true, }, Scopes: make([]string, 0), Validate: OAuth2Validate{ Groups: make([]string, 0), IPAddr: false, Issuer: true, Roles: make([]string, 0), }, }, }
View Source
var ErrRequired = errors.New("required")
View Source
var ErrVersion = errors.New("flag: version requested")
Functions ¶
Types ¶
type Config ¶
type Config struct {
ConfigFile string `json:"config" yaml:"config"`
HTTP HTTP `json:"http" yaml:"http"`
Debug Debug `json:"debug" yaml:"debug"`
Log Log `json:"log" yaml:"log"`
OpenVPN OpenVPN `json:"openvpn" yaml:"openvpn"`
OAuth2 OAuth2 `json:"oauth2" yaml:"oauth2"`
}
func New ¶ added in v1.23.1
New loads the configuration from configuration files, command line arguments and environment variables in that order.
func (*Config) ReadFromConfigFile ¶ added in v1.23.1
ReadFromConfigFile reads the configuration from a configuration file and command line arguments.
func (*Config) ReadFromFlagAndEnvironment ¶ added in v1.23.1
ReadFromFlagAndEnvironment reads the configuration from command line arguments and environment variables.
type HTTP ¶ added in v1.7.0
type HTTP struct {
BaseURL types.URL `json:"baseurl" yaml:"baseurl"`
AssetPath types.FS `json:"assets-path" yaml:"assets-path"`
Template types.Template `json:"template" yaml:"template"`
Listen string `json:"listen" yaml:"listen"`
CertFile string `json:"cert" yaml:"cert"`
KeyFile string `json:"key" yaml:"key"`
Secret types.Secret `json:"secret" yaml:"secret"`
TLS bool `json:"tls" yaml:"tls"`
Check HTTPCheck `json:"check" yaml:"check"`
EnableProxyHeaders bool `json:"enable-proxy-headers" yaml:"enable-proxy-headers"`
ShortURL bool `json:"short-url" yaml:"short-url"`
}
func (HTTP) MarshalJSON ¶ added in v1.22.6
type HTTPCheck ¶ added in v1.7.0
type HTTPCheck struct {
IPAddr bool `json:"ipaddr" yaml:"ipaddr"`
}
type OAuth2 ¶ added in v1.0.0
type OAuth2 struct {
Endpoints OAuth2Endpoints `json:"endpoint" yaml:"endpoint"`
Issuer types.URL `json:"issuer" yaml:"issuer"`
Client OAuth2Client `json:"client" yaml:"client"`
GroupsClaim string `json:"groups-claim" yaml:"groups-claim"`
AuthorizeParams string `json:"authorize-params" yaml:"authorize-params"`
Provider string `json:"provider" yaml:"provider"`
Scopes types.StringSlice `json:"scopes" yaml:"scopes"`
Validate OAuth2Validate `json:"validate" yaml:"validate"`
Refresh OAuth2Refresh `json:"refresh" yaml:"refresh"`
AuthStyle OAuth2AuthStyle `json:"auth-style" yaml:"auth-style"`
RefreshNonce OAuth2RefreshNonce `json:"refresh-nonce" yaml:"refresh-nonce"`
Nonce bool `json:"nonce" yaml:"nonce"`
PKCE bool `json:"pkce" yaml:"pkce"`
UserInfo bool `json:"user-info" yaml:"user-info"`
}
type OAuth2AuthStyle ¶ added in v1.17.0
func (OAuth2AuthStyle) AuthStyle ¶ added in v1.17.0
func (s OAuth2AuthStyle) AuthStyle() oauth2.AuthStyle
AuthStyle converts the wrapper type to oauth2.AuthStyle.
func (OAuth2AuthStyle) MarshalText ¶ added in v1.17.0
func (s OAuth2AuthStyle) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (OAuth2AuthStyle) String ¶ added in v1.17.0
func (s OAuth2AuthStyle) String() string
String returns the string representation of the auth style.
func (*OAuth2AuthStyle) UnmarshalText ¶ added in v1.17.0
func (s *OAuth2AuthStyle) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type OAuth2Client ¶ added in v1.0.0
type OAuth2Endpoints ¶ added in v1.2.0
type OAuth2Refresh ¶ added in v1.13.0
type OAuth2Refresh struct {
Secret types.Secret `json:"secret" yaml:"secret"`
Expires time.Duration `json:"expires" yaml:"expires"`
Enabled bool `json:"enabled" yaml:"enabled"`
UseSessionID bool `json:"use-session-id" yaml:"use-session-id"`
ValidateUser bool `json:"validate-user" yaml:"validate-user"`
}
type OAuth2RefreshNonce ¶ added in v1.26.0
type OAuth2RefreshNonce int
const ( OAuth2RefreshNonceAuto OAuth2RefreshNonce = iota OAuth2RefreshNonceEmpty OAuth2RefreshNonceEqual )
func (OAuth2RefreshNonce) MarshalText ¶ added in v1.26.0
func (s OAuth2RefreshNonce) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (OAuth2RefreshNonce) String ¶ added in v1.26.0
func (s OAuth2RefreshNonce) String() string
String returns the string representation of the refresh nonce mode.
func (*OAuth2RefreshNonce) UnmarshalText ¶ added in v1.26.0
func (s *OAuth2RefreshNonce) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type OAuth2Validate ¶ added in v1.0.0
type OAuth2Validate struct {
CommonName string `json:"common-name" yaml:"common-name"`
Acr types.StringSlice `json:"acr" yaml:"acr"`
Groups types.StringSlice `json:"groups" yaml:"groups"`
Roles types.StringSlice `json:"roles" yaml:"roles"`
IPAddr bool `json:"ipaddr" yaml:"ipaddr"`
Issuer bool `json:"issuer" yaml:"issuer"`
CommonNameCaseSensitive bool `json:"common-name-case-sensitive" yaml:"common-name-case-sensitive"`
}
type OpenVPN ¶ added in v1.23.1
type OpenVPN struct {
Addr types.URL `json:"addr" yaml:"addr"`
Password types.Secret `json:"password" yaml:"password"`
ClientConfig OpenVPNConfig `json:"client-config" yaml:"client-config"`
Bypass OpenVPNBypass `json:"bypass" yaml:"bypass"`
CommonName OpenVPNCommonName `json:"common-name" yaml:"common-name"`
Passthrough OpenVPNPassthrough `json:"pass-through" yaml:"pass-through"`
AuthPendingTimeout time.Duration `json:"auth-pending-timeout" yaml:"auth-pending-timeout"`
CommandTimeout time.Duration `json:"command-timeout" yaml:"command-timeout"`
AuthTokenUser bool `json:"auth-token-user" yaml:"auth-token-user"`
OverrideUsername bool `json:"override-username" yaml:"override-username"`
ReAuthentication bool `json:"reauthentication" yaml:"reauthentication"`
}
type OpenVPNBypass ¶ added in v1.23.1
type OpenVPNBypass struct {
CommonNames types.RegexpSlice `json:"common-names" yaml:"common-names"`
}
type OpenVPNCommonName ¶ added in v1.12.0
type OpenVPNCommonName struct {
EnvironmentVariableName string `json:"environment-variable-name" yaml:"environment-variable-name"`
Mode OpenVPNCommonNameMode `json:"mode" yaml:"mode"`
}
type OpenVPNCommonNameMode ¶ added in v1.12.0
type OpenVPNCommonNameMode int
const ( CommonNameModePlain OpenVPNCommonNameMode = iota CommonNameModeOmit )
func (OpenVPNCommonNameMode) MarshalText ¶ added in v1.12.0
func (s OpenVPNCommonNameMode) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface.
func (OpenVPNCommonNameMode) String ¶ added in v1.12.0
func (s OpenVPNCommonNameMode) String() string
String returns the string representation of the common name mode.
func (*OpenVPNCommonNameMode) UnmarshalText ¶ added in v1.12.0
func (s *OpenVPNCommonNameMode) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface.
type OpenVPNConfig ¶ added in v1.23.1
type OpenVPNPassthrough ¶ added in v1.16.0
type OpenVPNPassthrough struct {
Address types.URL `json:"address" yaml:"address"`
Password types.Secret `json:"password" yaml:"password"`
SocketGroup string `json:"socket-group" yaml:"socket-group"`
SocketMode uint `json:"socket-mode" yaml:"socket-mode"`
Enabled bool `json:"enabled" yaml:"enabled"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.