Documentation
¶
Index ¶
- Constants
- Variables
- func ExtractManagementMutationError(err error) (code, detail string, ok bool)
- func NewManagementMutationError(base error, code, detail string) error
- type Authorizer
- type Handler
- type ManagementApplication
- type ManagementEndpoint
- type ManagementEndpointDeleteRequest
- type ManagementEndpointMutationResult
- type ManagementEndpointPublishPolicy
- type ManagementEndpointUpsertRequest
- type ManagementModel
- type ManagementMutationAuditEvent
- type ManagementMutationError
- type PublishResultEvent
- type SecretLookup
- type SecretMutationAuditEvent
- type SecretPool
- type SecretRecord
- type SecretVersionMetadata
- type Server
Constants ¶
View Source
const ( ManagementMutationCodeRouteAlreadyMapped = "management_route_already_mapped" ManagementMutationCodeRoutePublishDisabled = "management_route_publish_disabled" ManagementMutationCodeRouteTargetMismatch = "management_route_target_mismatch" ManagementMutationCodeRouteBacklogActive = "management_route_backlog_active" )
Variables ¶
View Source
var ( ErrSecretDuplicate = errors.New("admin: duplicate secret id") ErrSecretPoolFull = errors.New("admin: secret pool is full") ErrSecretInvalid = errors.New("admin: invalid secret version") )
Sentinel errors the SecretPool.Add implementation should return. The host app's adapter translates internal/secrets errors to these.
Functions ¶
Types ¶
type Authorizer ¶
func BearerTokenAuthorizer ¶
func BearerTokenAuthorizer(tokens [][]byte) Authorizer
type ManagementApplication ¶
type ManagementApplication struct {
Name string `json:"name"`
EndpointCount int `json:"endpoint_count"`
Endpoints []ManagementEndpoint `json:"endpoints"`
}
type ManagementEndpoint ¶
type ManagementEndpoint struct {
Name string `json:"name"`
Route string `json:"route"`
Mode string `json:"mode"`
Targets []string `json:"targets"`
PublishPolicy ManagementEndpointPublishPolicy `json:"publish_policy"`
}
type ManagementEndpointMutationResult ¶
type ManagementEndpointMutationResult struct {
Applied bool
Action string
Route string
// PostWriteValidate is called after the config file is written but before
// reload. If non-nil and it returns an error, the file write is rolled back.
// Used to re-check invariants (e.g. backlog emptiness) after config mutation.
PostWriteValidate func() error `json:"-"`
}
type ManagementModel ¶
type ManagementModel struct {
RouteCount int `json:"route_count"`
ApplicationCount int `json:"application_count"`
EndpointCount int `json:"endpoint_count"`
Applications []ManagementApplication `json:"applications"`
}
type ManagementMutationError ¶
type ManagementMutationError struct {
// contains filtered or unexported fields
}
ManagementMutationError carries explicit conflict classification metadata while preserving sentinel compatibility via error wrapping.
func (*ManagementMutationError) Error ¶
func (e *ManagementMutationError) Error() string
func (*ManagementMutationError) Unwrap ¶
func (e *ManagementMutationError) Unwrap() error
type PublishResultEvent ¶
type SecretLookup ¶
type SecretLookup func(name string) (SecretPool, bool)
type SecretPool ¶
type SecretPool interface {
Name() string
Runtime() bool
// Add inserts a new version into the pool. Implementations must return
// errors matching ErrSecret{Duplicate,PoolFull,Invalid} so the handler can
// map them to HTTP responses.
Add(id string, value []byte, notBefore, notAfter time.Time) error
Remove(id string) (removed bool)
ListMetadata() []SecretVersionMetadata
}
SecretPool is the admin-facing view of a runtime-mutable secret pool. The host app wires this by adapting *secrets.Pool so admin does not import internal/secrets directly.
type SecretRecord ¶
type SecretRecord struct {
PoolName string
ID string
Sealed []byte
NotBefore time.Time
NotAfter time.Time
CreatedAt time.Time
}
SecretRecord is the persisted shape handed to PersistSecret. The admin package mirrors secrets.Record shape so internal/secrets stays decoupled.
type SecretVersionMetadata ¶
type Server ¶
type Server struct {
Store queue.Store
Authorize Authorizer
HealthDiagnostics func() map[string]any
ResolveTrendSignalConfig func() queue.BacklogTrendSignalConfig
ResolveManaged func(application, endpointName string) (route string, targets []string, ok bool)
ManagedRouteInfoForRoute func(route string) (application, endpointName string, managed bool, available bool)
ManagedRouteSet func() (routes map[string]struct{}, available bool)
TargetsForRoute func(route string) []string
ModeForRoute func(route string) string
PublishEnabledForRoute func(route string) bool
PublishDirectEnabledForRoute func(route string) bool
PublishManagedEnabledForRoute func(route string) bool
LimitsForRoute func(route string) (maxBodyBytes int64, maxHeaderBytes int)
ManagementModel func() ManagementModel
RequireManagementAuditReason bool
MaxBodyBytes int64
MaxHeaderBytes int
PublishGlobalDirectEnabled bool
PublishScopedManagedEnabled bool
PublishAllowPullRoutes bool
PublishAllowDeliverRoutes bool
PublishRequireAuditActor bool
PublishRequireAuditRequestID bool
PublishScopedManagedFailClosed bool
PublishScopedManagedActorAllowlist []string
PublishScopedManagedActorPrefixes []string
AuditManagementMutation func(event ManagementMutationAuditEvent)
ObservePublishResult func(event PublishResultEvent)
UpsertManagedEndpoint func(req ManagementEndpointUpsertRequest) (ManagementEndpointMutationResult, error)
DeleteManagedEndpoint func(req ManagementEndpointDeleteRequest) (ManagementEndpointMutationResult, error)
// Runtime secret rotation (see handle_secrets.go).
SecretLookup SecretLookup
PersistSecret func(rec SecretRecord) error
DeleteSecretRecord func(poolName, id string) (bool, error)
SealSecret func(plain []byte) ([]byte, error)
AuditSecretMutation func(event SecretMutationAuditEvent)
// contains filtered or unexported fields
}
Source Files
Click to show internal directories.
Click to hide internal directories.