Documentation
¶
Index ¶
- Constants
- Variables
- type AuthMiddleware
- type AutoProvisionClaims
- type CSP
- type Cache
- type ClaimsSelectorConf
- type Config
- type Debug
- type Events
- type HTTP
- type JWKS
- type Log
- type OIDC
- type OIDCRoleMapper
- type PoliciesMiddleware
- type Policy
- type PolicySelector
- type PreSignedURL
- type RegexRuleConf
- type RegexSelectorConf
- type RoleAssignment
- type RoleMapping
- type Route
- type RouteType
- type Service
- type ServiceAccount
- type SigningKeys
- type StaticSelectorConf
- type Tracing
Constants ¶
View Source
const ( AccessTokenVerificationNone = "none" AccessTokenVerificationJWT = "jwt" )
Variables ¶
View Source
var DefaultCSPConfig string
View Source
var ( // RouteTypes is an array of the available route types RouteTypes = []RouteType{QueryRoute, RegexRoute, PrefixRoute} )
Functions ¶
This section is empty.
Types ¶
type AuthMiddleware ¶
type AuthMiddleware struct {
CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent"`
AllowAppAuth bool `` /* 236-byte string literal not displayed */
}
AuthMiddleware configures the proxy http auth middleware.
type AutoProvisionClaims ¶
type AutoProvisionClaims struct {
Username string `` /* 143-byte string literal not displayed */
Email string `` /* 134-byte string literal not displayed */
DisplayName string `` /* 154-byte string literal not displayed */
Groups string `` /* 137-byte string literal not displayed */
}
AutoProvisionClaims defines which claims from the OIDC userinfo response should be used for auto-provisioning user accounts
type Cache ¶
type Cache struct {
Store string `` /* 239-byte string literal not displayed */
Nodes []string `` /* 379-byte string literal not displayed */
Database string `yaml:"database" env:"OC_CACHE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
Table string `` /* 126-byte string literal not displayed */
TTL time.Duration `` /* 269-byte string literal not displayed */
DisablePersistence bool `` /* 253-byte string literal not displayed */
AuthUsername string `` /* 221-byte string literal not displayed */
AuthPassword string `` /* 221-byte string literal not displayed */
}
Cache is a TTL cache configuration.
type ClaimsSelectorConf ¶
type ClaimsSelectorConf struct {
DefaultPolicy string `yaml:"default_policy"`
UnauthenticatedPolicy string `yaml:"unauthenticated_policy"`
SelectorCookieName string `yaml:"selector_cookie_name"`
}
ClaimsSelectorConf is the config for the claims-selector
type Config ¶
type Config struct {
Commons *shared.Commons `yaml:"-" mask:"struct"` // don't use this directly as configuration for a service
Service Service `yaml:"-"`
Tracing *Tracing `yaml:"tracing"`
Log *Log `yaml:"log"`
Debug Debug `yaml:"debug" mask:"struct"`
HTTP HTTP `yaml:"http"`
Reva *shared.Reva `yaml:"reva"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
GrpcClient client.Client `yaml:"-"`
RoleQuotas map[string]uint64 `yaml:"role_quotas"`
Policies []Policy `yaml:"policies"`
AdditionalPolicies []Policy `yaml:"additional_policies"`
OIDC OIDC `yaml:"oidc"`
ServiceAccount ServiceAccount `yaml:"service_account"`
RoleAssignment RoleAssignment `yaml:"role_assignment"`
PolicySelector *PolicySelector `yaml:"policy_selector"`
PreSignedURL PreSignedURL `yaml:"pre_signed_url"`
AccountBackend string `` /* 175-byte string literal not displayed */
UserOIDCClaim string `` /* 471-byte string literal not displayed */
UserCS3Claim string `` /* 226-byte string literal not displayed */
MachineAuthAPIKey string `` /* 242-byte string literal not displayed */
AutoprovisionAccounts bool `` /* 307-byte string literal not displayed */
AutoProvisionClaims AutoProvisionClaims `yaml:"auto_provision_claims"`
EnableBasicAuth bool `` /* 160-byte string literal not displayed */
InsecureBackends bool `` /* 158-byte string literal not displayed */
BackendHTTPSCACert string `` /* 209-byte string literal not displayed */
AuthMiddleware AuthMiddleware `yaml:"auth_middleware"`
PoliciesMiddleware PoliciesMiddleware `yaml:"policies_middleware"`
CSPConfigFileLocation string `` /* 147-byte string literal not displayed */
Events Events `yaml:"events"`
Context context.Context `json:"-" yaml:"-"`
}
Config combines all available configuration parts.
type Debug ¶
type Debug struct {
Addr string `` /* 170-byte string literal not displayed */
Token string `mask:"password" yaml:"token" env:"PROXY_DEBUG_TOKEN" desc:"Token to secure the metrics endpoint." introductionVersion:"1.0.0"`
Pprof bool `yaml:"pprof" env:"PROXY_DEBUG_PPROF" desc:"Enables pprof, which can be used for profiling." introductionVersion:"1.0.0"`
Zpages bool `` /* 152-byte string literal not displayed */
}
Debug defines the available debug configuration.
type Events ¶
type Events struct {
Endpoint string `` /* 293-byte string literal not displayed */
Cluster string `` /* 242-byte string literal not displayed */
TLSInsecure bool `` /* 145-byte string literal not displayed */
TLSRootCACertificate string `` /* 274-byte string literal not displayed */
EnableTLS bool `` /* 255-byte string literal not displayed */
AuthUsername string `` /* 260-byte string literal not displayed */
AuthPassword string `` /* 260-byte string literal not displayed */
}
Events combines the configuration options for the event bus.
type HTTP ¶
type HTTP struct {
Addr string `yaml:"addr" env:"PROXY_HTTP_ADDR" desc:"The bind address of the HTTP service." introductionVersion:"1.0.0"`
Root string `` /* 128-byte string literal not displayed */
Namespace string `yaml:"-"`
TLSCert string `` /* 248-byte string literal not displayed */
TLSKey string `` /* 278-byte string literal not displayed */
TLS bool `` /* 227-byte string literal not displayed */
}
HTTP defines the available http configuration.
type JWKS ¶
type JWKS struct {
RefreshInterval uint64 `` /* 217-byte string literal not displayed */
RefreshTimeout uint64 `` /* 148-byte string literal not displayed */
RefreshRateLimit uint64 `` /* 281-byte string literal not displayed */
RefreshUnknownKID bool `` /* 250-byte string literal not displayed */
}
type Log ¶
type Log struct {
Level string `` /* 184-byte string literal not displayed */
Pretty bool `mapstructure:"pretty" env:"OC_LOG_PRETTY;PROXY_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
Color bool `mapstructure:"color" env:"OC_LOG_COLOR;PROXY_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
File string `` /* 152-byte string literal not displayed */
}
Log defines the available log configuration.
type OIDC ¶
type OIDC struct {
Issuer string `` /* 157-byte string literal not displayed */
Insecure bool `` /* 214-byte string literal not displayed */
AccessTokenVerifyMethod string `` /* 460-byte string literal not displayed */
SkipUserInfo bool `` /* 250-byte string literal not displayed */
UserinfoCache *Cache `yaml:"user_info_cache"`
JWKS JWKS `yaml:"jwks"`
RewriteWellKnown bool `` /* 273-byte string literal not displayed */
}
OIDC is the config for the OpenID-Connect middleware. If set the proxy will try to authenticate every request with the configured oidc-provider
type OIDCRoleMapper ¶
type OIDCRoleMapper struct {
RoleClaim string `` /* 148-byte string literal not displayed */
RolesMap []RoleMapping `` /* 216-byte string literal not displayed */
}
OIDCRoleMapper contains the configuration for the "oidc" role assignment driver
type PoliciesMiddleware ¶
type PoliciesMiddleware struct {
Query string `` /* 229-byte string literal not displayed */
}
PoliciesMiddleware configures the proxy's policies middleware.
type PolicySelector ¶
type PolicySelector struct {
Static *StaticSelectorConf `yaml:"static"`
Claims *ClaimsSelectorConf `yaml:"claims"`
Regex *RegexSelectorConf `yaml:"regex"`
}
PolicySelector is the toplevel-configuration for different selectors
type PreSignedURL ¶
type PreSignedURL struct {
AllowedHTTPMethods []string `yaml:"allowed_http_methods"`
Enabled bool `` /* 131-byte string literal not displayed */
SigningKeys *SigningKeys `yaml:"signing_keys"`
}
PreSignedURL is the config for the pre-signed url middleware
type RegexRuleConf ¶
type RegexSelectorConf ¶
type RegexSelectorConf struct {
DefaultPolicy string `yaml:"default_policy"`
MatchesPolicies []RegexRuleConf `yaml:"matches_policies"`
UnauthenticatedPolicy string `yaml:"unauthenticated_policy"`
SelectorCookieName string `yaml:"selector_cookie_name"`
}
RegexSelectorConf is the config for the regex-selector
type RoleAssignment ¶
type RoleAssignment struct {
Driver string `` /* 432-byte string literal not displayed */
OIDCRoleMapper OIDCRoleMapper `yaml:"oidc_role_mapper"`
}
RoleAssignment contains the configuration for how to assign roles to users during login
type RoleMapping ¶
type RoleMapping struct {
RoleName string `yaml:"role_name" desc:"The name of an OpenCloud role that this mapping should apply for."`
ClaimValue string `yaml:"claim_value" desc:"The value of the 'PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM' that matches the role defined in 'role_name'."`
}
RoleMapping defines which OpenCloud role matches a specific claim value
type Route ¶
type Route struct {
Type RouteType `yaml:"type,omitempty"`
// Method optionally limits the route to this HTTP method
Method string `yaml:"method,omitempty"`
Endpoint string `yaml:"endpoint,omitempty"`
// Backend is a static URL to forward the request to
Backend string `yaml:"backend,omitempty"`
// Service name to look up in the registry
Service string `yaml:"service,omitempty"`
ApacheVHost bool `yaml:"apache_vhost,omitempty"`
Unprotected bool `yaml:"unprotected,omitempty"`
}
Route defines forwarding routes
type RouteType ¶
type RouteType string
RouteType defines the type of route
const ( // PrefixRoute are routes matched by a prefix PrefixRoute RouteType = "prefix" // QueryRoute are routes matched by a prefix and query parameters QueryRoute RouteType = "query" // RegexRoute are routes matched by a pattern RegexRoute RouteType = "regex" // DefaultRouteType is the PrefixRoute DefaultRouteType RouteType = PrefixRoute )
type Service ¶
type Service struct {
Name string `yaml:"-"`
}
Service defines the available service configuration.
type ServiceAccount ¶
type ServiceAccount struct {
ServiceAccountID string `` /* 228-byte string literal not displayed */
ServiceAccountSecret string `` /* 153-byte string literal not displayed */
}
ServiceAccount is the configuration for the used service account
type SigningKeys ¶
type SigningKeys struct {
Store string `` /* 274-byte string literal not displayed */
Nodes []string `` /* 331-byte string literal not displayed */
TTL time.Duration `` /* 210-byte string literal not displayed */
DisablePersistence bool `` /* 264-byte string literal not displayed */
AuthUsername string `` /* 233-byte string literal not displayed */
AuthPassword string `` /* 233-byte string literal not displayed */
}
SigningKeys is a store configuration.
type StaticSelectorConf ¶
type StaticSelectorConf struct {
Policy string `yaml:"policy"`
}
StaticSelectorConf is the config for the static-policy-selector
type Tracing ¶
type Tracing struct {
Enabled bool `yaml:"enabled" env:"OC_TRACING_ENABLED;PROXY_TRACING_ENABLED" desc:"Activates tracing." introductionVersion:"1.0.0"`
Type string `` /* 208-byte string literal not displayed */
Endpoint string `` /* 134-byte string literal not displayed */
Collector string `` /* 254-byte string literal not displayed */
}
Tracing defines the available tracing configuration.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.