config

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package config contains all knobs and defaults used to configure features of OpenFGA when running as a standalone server.

Index

Constants

View Source 
const (
	DefaultMaxRPCMessageSizeInBytes         = 512 * 1_204 // 512 KB
	DefaultMaxTuplesPerWrite                = 100
	DefaultMaxTypesPerAuthorizationModel    = 100
	DefaultMaxAuthorizationModelSizeInBytes = 256 * 1_024
	DefaultChangelogHorizonOffset           = 0
	DefaultResolveNodeLimit                 = 25
	DefaultResolveNodeBreadthLimit          = 100
	DefaultListObjectsDeadline              = 3 * time.Second
	DefaultListObjectsMaxResults            = 1000
	DefaultMaxConcurrentReadsForCheck       = math.MaxUint32
	DefaultMaxConcurrentReadsForListObjects = math.MaxUint32

	DefaultWriteContextByteLimit = 32 * 1_024 // 32KB
	DefaultCheckQueryCacheLimit  = 10000
	DefaultCheckQueryCacheTTL    = 10 * time.Second
	DefaultCheckQueryCacheEnable = false

	// care should be taken here - decreasing can cause API compatibility problems with Conditions
	DefaultMaxConditionEvaluationCost = 100
	DefaultInterruptCheckFrequency    = 100

	DefaultDispatchThrottlingEnabled   = false
	DefaultDispatchThrottlingFrequency = 10 * time.Microsecond
	DefaultDispatchThrottlingThreshold = 100
)

Variables

This section is empty.

Functions

func TCPRandomPort added in v1.5.2 

func TCPRandomPort() (int, func())

TCPRandomPort tries to find a random TCP Port. If it can't find one, it panics. Else, it returns the port and a function that releases the port. It is the responsibility of the caller to call the release function right before trying to listen on the given port.

Types

type AuthnConfig 

type AuthnConfig struct {

	// Method is the authentication method that should be enforced (e.g. 'none', 'preshared',
	// 'oidc')
	Method                   string
	*AuthnOIDCConfig         `mapstructure:"oidc"`
	*AuthnPresharedKeyConfig `mapstructure:"preshared"`
}

AuthnConfig defines OpenFGA server configurations for authentication specific settings.

type AuthnOIDCConfig 

type AuthnOIDCConfig struct {
	Issuer        string
	IssuerAliases []string
	Audience      string
}

AuthnOIDCConfig defines configurations for the 'oidc' method of authentication.

type AuthnPresharedKeyConfig 

type AuthnPresharedKeyConfig struct {
	// Keys define the preshared keys to verify authn tokens against.
	Keys []string
}

AuthnPresharedKeyConfig defines configurations for the 'preshared' method of authentication.

type CheckQueryCache 

type CheckQueryCache struct {
	Enabled bool
	Limit   uint32 // (in items)
	TTL     time.Duration
}

CheckQueryCache defines configuration for caching when resolving check

type Config 

type Config struct {

	// ListObjectsDeadline defines the maximum amount of time to accumulate ListObjects results
	// before the server will respond. This is to protect the server from misuse of the
	// ListObjects endpoints. It cannot be larger than HTTPConfig.UpstreamTimeout.
	ListObjectsDeadline time.Duration

	// ListObjectsMaxResults defines the maximum number of results to accumulate
	// before the non-streaming ListObjects API will respond to the client.
	// This is to protect the server from misuse of the ListObjects endpoints.
	ListObjectsMaxResults uint32

	// MaxTuplesPerWrite defines the maximum number of tuples per Write endpoint.
	MaxTuplesPerWrite int

	// MaxTypesPerAuthorizationModel defines the maximum number of type definitions per
	// authorization model for the WriteAuthorizationModel endpoint.
	MaxTypesPerAuthorizationModel int

	// MaxAuthorizationModelSizeInBytes defines the maximum size in bytes allowed for
	// persisting an Authorization Model.
	MaxAuthorizationModelSizeInBytes int

	// MaxConcurrentReadsForListObjects defines the maximum number of concurrent database reads
	// allowed in ListObjects queries
	MaxConcurrentReadsForListObjects uint32

	// MaxConcurrentReadsForCheck defines the maximum number of concurrent database reads allowed in
	// Check queries
	MaxConcurrentReadsForCheck uint32

	// ChangelogHorizonOffset is an offset in minutes from the current time. Changes that occur
	// after this offset will not be included in the response of ReadChanges.
	ChangelogHorizonOffset int

	// Experimentals is a list of the experimental features to enable in the OpenFGA server.
	Experimentals []string

	// ResolveNodeLimit indicates how deeply nested an authorization model can be before a query
	// errors out.
	ResolveNodeLimit uint32

	// ResolveNodeBreadthLimit indicates how many nodes on a given level can be evaluated
	// concurrently in a query
	ResolveNodeBreadthLimit uint32

	Datastore          DatastoreConfig
	GRPC               GRPCConfig
	HTTP               HTTPConfig
	Authn              AuthnConfig
	Log                LogConfig
	Trace              TraceConfig
	Playground         PlaygroundConfig
	Profiler           ProfilerConfig
	Metrics            MetricConfig
	CheckQueryCache    CheckQueryCache
	DispatchThrottling DispatchThrottlingConfig

	RequestDurationDatastoreQueryCountBuckets []string
	RequestDurationDispatchCountBuckets       []string
}

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig is the OpenFGA server default configurations.

func MustDefaultConfig added in v1.5.2 

func MustDefaultConfig() *Config

MustDefaultConfig returns default server config with the playground, tracing and metrics turned off.

func MustDefaultConfigWithRandomPorts added in v1.5.2 

func MustDefaultConfigWithRandomPorts() *Config

MustDefaultConfigWithRandomPorts returns default server config but with random ports for the grpc and http addresses and with the playground, tracing and metrics turned off. This function may panic if somehow a random port cannot be chosen.

func (*Config) Verify 

func (cfg *Config) Verify() error

type DatastoreConfig 

type DatastoreConfig struct {
	// Engine is the datastore engine to use (e.g. 'memory', 'postgres', 'mysql')
	Engine   string
	URI      string
	Username string
	Password string

	// MaxCacheSize is the maximum number of cache keys that the storage cache can store before
	// evicting
	// old keys. The storage cache is used to cache query results for various static resources
	// such as type definitions.
	MaxCacheSize int

	// MaxOpenConns is the maximum number of open connections to the database.
	MaxOpenConns int

	// MaxIdleConns is the maximum number of connections to the datastore in the idle connection
	// pool.
	MaxIdleConns int

	// ConnMaxIdleTime is the maximum amount of time a connection to the datastore may be idle.
	ConnMaxIdleTime time.Duration

	// ConnMaxLifetime is the maximum amount of time a connection to the datastore may be reused.
	ConnMaxLifetime time.Duration

	// Metrics is configuration for the Datastore metrics.
	Metrics DatastoreMetricsConfig
}

DatastoreConfig defines OpenFGA server configurations for datastore specific settings.

type DatastoreMetricsConfig added in v1.3.5 

type DatastoreMetricsConfig struct {
	// Enabled enables export of the Datastore metrics.
	Enabled bool
}

type DispatchThrottlingConfig added in v1.5.1 

type DispatchThrottlingConfig struct {
	Enabled   bool
	Frequency time.Duration
	Threshold uint32
}

DispatchThrottlingConfig defines configurations for dispatch throttling

type GRPCConfig 

type GRPCConfig struct {
	Addr string
	TLS  *TLSConfig
}

GRPCConfig defines OpenFGA server configurations for grpc server specific settings.

type HTTPConfig 

type HTTPConfig struct {
	Enabled bool
	Addr    string
	TLS     *TLSConfig

	// UpstreamTimeout is the timeout duration for proxying HTTP requests upstream
	// to the grpc endpoint. It cannot be smaller than Config.ListObjectsDeadline.
	UpstreamTimeout time.Duration

	CORSAllowedOrigins []string
	CORSAllowedHeaders []string
}

HTTPConfig defines OpenFGA server configurations for HTTP server specific settings.

type LogConfig 

type LogConfig struct {
	// Format is the log format to use in the log output (e.g. 'text' or 'json')
	Format string

	// Level is the log level to use in the log output (e.g. 'none', 'debug', or 'info')
	Level string

	// Format of the timestamp in the log output (e.g. 'Unix'(default) or 'ISO8601')
	TimestampFormat string
}

LogConfig defines OpenFGA server configurations for log specific settings. For production we recommend using the 'json' log format.

type MetricConfig 

type MetricConfig struct {
	Enabled             bool
	Addr                string
	EnableRPCHistograms bool
}

MetricConfig defines configurations for serving custom metrics from OpenFGA.

type OTLPTraceConfig 

type OTLPTraceConfig struct {
	Endpoint string
	TLS      OTLPTraceTLSConfig
}

type OTLPTraceTLSConfig 

type OTLPTraceTLSConfig struct {
	Enabled bool
}

type PlaygroundConfig 

type PlaygroundConfig struct {
	Enabled bool
	Port    int
}

PlaygroundConfig defines OpenFGA server configurations for the Playground specific settings.

type ProfilerConfig 

type ProfilerConfig struct {
	Enabled bool
	Addr    string
}

ProfilerConfig defines server configurations specific to pprof profiling.

type TLSConfig 

type TLSConfig struct {
	Enabled  bool
	CertPath string `mapstructure:"cert"`
	KeyPath  string `mapstructure:"key"`
}

TLSConfig defines configuration specific to Transport Layer Security (TLS) settings.

type TraceConfig 

type TraceConfig struct {
	Enabled     bool
	OTLP        OTLPTraceConfig `mapstructure:"otlp"`
	SampleRatio float64
	ServiceName string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.