Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateSelfSignedCertificate(certPath, keyPath string, validityDuration time.Duration) error
- type AdminBasicAuth
- type AppStore
- func (a *AppStore) ActiveContainerNames() map[container.ContainerName]bool
- func (a *AppStore) AddAppIfUnchanged(app *app.App, generation uint64) bool
- func (a *AppStore) ClearApps(pathDomains []types.AppPathDomain)
- func (a *AppStore) ClearAppsAudit(ctx context.Context, pathDomains []types.AppPathDomain, op string) error
- func (a *AppStore) ClearAppsNoNotify(pathDomains []types.AppPathDomain)
- func (a *AppStore) ClearLinkedApps(pathDomain types.AppPathDomain) error
- func (a *AppStore) Generation() uint64
- func (a *AppStore) GetAllAppsInfo() ([]types.AppInfo, error)
- func (a *AppStore) GetAllDomains() (map[string]bool, error)
- func (a *AppStore) GetApp(pathDomain types.AppPathDomain) (*app.App, error)
- func (a *AppStore) GetAppInfo(appId types.AppId) (types.AppInfo, bool)
- func (a *AppStore) GetAppsFullInfo() (map[string][]types.AppInfo, map[string]bool, error)
- func (a *AppStore) ResetAllAppCache()
- type CacheDir
- type ContainerDetail
- type ContainerInfo
- type ContainerMount
- type ContainerStats
- type ContextShared
- type Handler
- type InmemoryKVStore
- func (s *InmemoryKVStore) DeleteKV(ctx context.Context, key string) error
- func (s *InmemoryKVStore) FetchKV(ctx context.Context, key string) (map[string]any, error)
- func (s *InmemoryKVStore) FetchKVBlob(ctx context.Context, key string) ([]byte, error)
- func (s *InmemoryKVStore) StoreKV(ctx context.Context, key string, value map[string]any, expireAt *time.Time) error
- func (s *InmemoryKVStore) StoreKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error
- func (s *InmemoryKVStore) UpdateKV(ctx context.Context, key string, value map[string]any) error
- func (s *InmemoryKVStore) UpdateKVBlob(ctx context.Context, key string, value []byte) error
- func (s *InmemoryKVStore) UpsertKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error
- type KVSessionStore
- func (s *KVSessionStore) Get(r *http.Request, name string) (*sessions.Session, error)
- func (s *KVSessionStore) MaxAge(age int)
- func (s *KVSessionStore) New(r *http.Request, name string) (*sessions.Session, error)
- func (s *KVSessionStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error
- type KVStore
- type OAuthAuthInfo
- type OAuthManager
- func (s *OAuthManager) CheckAuth(w http.ResponseWriter, r *http.Request, appProvider string) (string, []string, error)
- func (s *OAuthManager) CheckAuthInfo(w http.ResponseWriter, r *http.Request, appProvider string) (OAuthAuthInfo, error)
- func (s *OAuthManager) RegisterRoutes(csrfMiddleware *http.CrossOriginProtection, mux *chi.Mux)
- func (s *OAuthManager) Setup(sessionKey []byte, sessionBlockKey []byte) error
- func (s *OAuthManager) ValidateAuthType(authType string) bool
- func (s *OAuthManager) ValidateProviderName(provider string) bool
- type RateLimitedErrorLogger
- type Repo
- type RepoCache
- type SAMLManager
- type Server
- func (s *Server) Apply(ctx context.Context, inputTx types.Transaction, applyPath string, ...) (_ *types.AppApplyResponse, _ []types.AppPathDomain, _ *bindingAccountManager, ...)
- func (s *Server) ApproveApps(ctx context.Context, appPathGlob string, dryRun, promote bool) (*types.AppStagedUpdateResponse, error)
- func (s *Server) AuthorizeList(ctx context.Context, userId string, app *types.AppInfo, groups []string) (bool, error)
- func (s *Server) CheckAppValid(domain, matchPath string) (string, error)
- func (s *Server) CleanupVersions()
- func (s *Server) CompleteTransaction(ctx context.Context, tx types.Transaction, entries []types.AppPathDomain, ...) error
- func (s *Server) CreateApp(ctx context.Context, appPath string, approve, dryRun bool, ...) (*types.AppCreateResponse, error)
- func (s *Server) CreateAppTx(ctx context.Context, currentTx types.Transaction, appPath string, ...) (*types.AppCreateResponse, error)
- func (s *Server) CreateBinding(ctx context.Context, createRequest *types.CreateBindingRequest, dryRun bool) (*types.Binding, error)
- func (s *Server) CreateService(ctx context.Context, service *types.Service, dryRun bool) error
- func (s *Server) CreateSyncEntry(ctx context.Context, path string, scheduled, dryRun bool, ...) (_ *types.SyncCreateResponse, retErr error)
- func (s *Server) DeleteApps(ctx context.Context, appPathGlob string, dryRun bool) (*types.AppDeleteResponse, error)
- func (s *Server) DeleteBinding(ctx context.Context, path string, dryRun bool) error
- func (s *Server) DeleteService(ctx context.Context, name, serviceType string, dryRun bool) error
- func (s *Server) DeleteSyncEntry(ctx context.Context, id string, dryRun bool) (*types.SyncDeleteResponse, error)
- func (s *Server) DiscardRBACDraft(ctx context.Context, draftVersion string) error
- func (s *Server) FilterApps(appappPathGlob string, includeInternal bool) ([]types.AppInfo, error)
- func (s *Server) FlushAuditEvents()
- func (s *Server) GetApp(ctx context.Context, pathDomain types.AppPathDomain, init bool) (*app.App, error)
- func (s *Server) GetAppApi(ctx context.Context, appPath string) (*types.AppGetResponse, error)
- func (s *Server) GetAppEntry(ctx context.Context, tx types.Transaction, pathDomain types.AppPathDomain) (*types.AppEntry, error)
- func (s *Server) GetAppSpec(name types.AppSpec) types.SpecFiles
- func (s *Server) GetApps(ctx context.Context, appPathGlob string, internal bool) ([]types.AppResponse, error)
- func (s *Server) GetBinding(ctx context.Context, path string) (*types.Binding, error)
- func (s *Server) GetBindingAccount(ctx context.Context, path string, useStaging bool) (map[string]string, error)
- func (s *Server) GetBindingWithAccount(ctx context.Context, tx types.Transaction, path string) (*types.Binding, error)
- func (s *Server) GetConfigVersion(ctx context.Context, versionId string) (*types.DynamicConfig, error)
- func (s *Server) GetDynamicConfig() types.DynamicConfig
- func (s *Server) GetListAppsApp(ctx context.Context) (*app.App, error)
- func (s *Server) GetManagedContainer(ctx context.Context, id string, withStats bool) (*ContainerDetail, error)
- func (s *Server) GetManagedContainerLogs(ctx context.Context, id string, tail int) (string, error)
- func (s *Server) GetRBACDynamicConfig(ctx context.Context) (*types.DynamicConfig, *types.ConfigDraft, error)
- func (s *Server) InsertAuditEvent(event *types.AuditEvent) error
- func (s *Server) KVInitConstant(ctx context.Context, keyName string, newValue []byte) ([]byte, error)
- func (s *Server) ListAppAuths() []string
- func (s *Server) ListBindings(ctx context.Context, source string) ([]*types.Binding, error)
- func (s *Server) ListConfigHistory(ctx context.Context) ([]types.ConfigHistoryEntry, error)
- func (s *Server) ListManagedContainers(ctx context.Context) ([]ContainerInfo, error)
- func (s *Server) ListServices(ctx context.Context, serviceType, name string) ([]*types.Service, error)
- func (s *Server) ListSyncEntries(ctx context.Context) (*types.SyncListResponse, error)
- func (s *Server) MatchApp(hostHeader, matchPath string) (types.AppInfo, error)
- func (s *Server) ParseGlob(appGlob string) ([]types.AppInfo, error)
- func (s *Server) PreviewApp(ctx context.Context, mainAppPath, commitId string, approve, dryRun bool) (*types.AppPreviewResponse, error)
- func (s *Server) PromoteApps(ctx context.Context, appPathGlob string, dryRun bool) (*types.AppPromoteResponse, error)
- func (s *Server) PublishRBACConfig(ctx context.Context, draftVersion string, force bool) (*types.DynamicConfig, error)
- func (s *Server) ReloadApp(ctx context.Context, tx types.Transaction, appEntry *types.AppEntry, ...) (*types.AppReloadResult, error)
- func (s *Server) ReloadApps(ctx context.Context, appPathGlob string, approve, dryRun, promote bool, ...) (_ *types.AppReloadResponse, retErr error)
- func (s *Server) ReplaceAppParams(ctx context.Context, appPathGlob string, dryRun, promote bool, ...) (*types.AppStagedUpdateResponse, error)
- func (s *Server) RequestStop()
- func (s *Server) RestoreConfig(ctx context.Context, historyVersionId string, force bool) (*types.DynamicConfig, error)
- func (s *Server) RunBindingCommand(ctx context.Context, bindingName string, useStaging bool, command string) (map[string]any, error)
- func (s *Server) RunSync(ctx context.Context, id string, dryRun bool) (_ *types.SyncJobStatus, retErr error)
- func (s *Server) SaveDynamicConfig(ctx context.Context) error
- func (s *Server) StagedUpdate(ctx context.Context, appPathGlob string, dryRun, promote bool, ...) (*types.AppStagedUpdateResponse, error)
- func (s *Server) StagedUpdateAppsTx(ctx context.Context, tx types.Transaction, appPathGlob string, promote bool, ...) ([]any, []types.AppPathDomain, []types.AppPathDomain, error)
- func (s *Server) Start() error
- func (s *Server) StartManagedContainer(ctx context.Context, id string) error
- func (s *Server) Stop(ctx context.Context) error
- func (s *Server) StopManagedContainer(ctx context.Context, id string) error
- func (s *Server) StopNotify() <-chan struct{}
- func (s *Server) TokenCreate(ctx context.Context, appPath string, webhookType types.WebhookType, ...) (*types.TokenCreateResponse, error)
- func (s *Server) TokenDelete(ctx context.Context, appPath string, webhookType types.WebhookType, ...) (*types.TokenDeleteResponse, error)
- func (s *Server) TokenList(ctx context.Context, appPath string) (*types.TokenListResponse, error)
- func (s *Server) UpdateAppParams(ctx context.Context, appPathGlob string, dryRun, promote bool, ...) (*types.AppStagedUpdateResponse, error)
- func (s *Server) UpdateAppSettings(ctx context.Context, appPathGlob string, dryRun bool, ...) (*types.AppUpdateSettingsResponse, error)
- func (s *Server) UpdateBinding(ctx context.Context, updateRequest types.UpdateBindingRequest, ...) (*types.Binding, error)
- func (s *Server) UpdateDynamicConfig(ctx context.Context, newConfig *types.DynamicConfig, force bool) (*types.DynamicConfig, error)
- func (s *Server) UpdateRBACDraft(ctx context.Context, draftVersion string, mutate func(*types.RBACConfig) error) (*types.ConfigDraft, error)
- func (s *Server) UpdateService(ctx context.Context, service *types.Service, dryRun bool) error
- func (s *Server) VersionFiles(ctx context.Context, mainAppPath, version string) (*types.AppVersionFilesResponse, error)
- func (s *Server) VersionList(ctx context.Context, mainAppPath string) (*types.AppVersionListResponse, error)
- func (s *Server) VersionSwitch(ctx context.Context, mainAppPath string, dryRun bool, version string) (*types.AppVersionSwitchResponse, error)
Constants ¶
const ( APP = "app" BINDING = "binding" )
const ( // AUDIT_QUEUE_SIZE is the audit event queue length; when full, enqueue // blocks and applies backpressure to the request path AUDIT_QUEUE_SIZE = 1000 // AUDIT_MAX_BATCH_SIZE caps how many events are written per transaction AUDIT_MAX_BATCH_SIZE = 200 )
const ( PROVIDER_NAME_DELIMITER = "_" AUTH_KEY = "authenticated" USER_KEY = "user" // email/userid/nickname (for git email/nickname/userid) USER_ID_KEY = "user_id" USER_EMAIL_KEY = "email" USER_NICKNAME_KEY = "nickname" PROVIDER_NAME_KEY = "provider_name" GROUPS_KEY = "groups" SESSION_INDEX_KEY = "session_index" NONCE_KEY = "nonce" REDIRECT_URL = "redirect" REQUEST_ID_KEY = "request_id" // SAML AuthnRequest ID, used to enforce InResponseTo )
const ( DRY_RUN_ARG = "dryRun" PROMOTE_ARG = "promote" REAPPLY_ALL_ARG = "reapplyAll" DELEGATE_BUILD_OP = "delegate_build" MAX_DELEGATE_UPLOAD_SIZE = 512 << 20 // 512 MiB )
const ( DEFAULT_CERT_FILE = "default.crt" DEFAULT_KEY_FILE = "default.key" APPSPECS = "appspecs" )
const AUTH_FAILURE_EVENT_INTERVAL = time.Minute
AUTH_FAILURE_EVENT_INTERVAL is the minimum interval between audit events for the same failed-auth operation/target/user combination
const CURRENT_AUDIT_DB_VERSION = 1
const (
REALM = "openrun"
)
const REPO_FOLDER_SEPERATOR = "//"
const SAML_AUTH_PREFIX = "saml_"
The flow is 1. At service startup, SAMLServiceProvider is initialized 2. For apps using SAML, CheckSAMLAuth is called to check if the user is authenticated 3. CheckSAMLAuth verifies the session cookie to see if the user is authenticated. If yes, done 4. If the user is not authenticated, login function is called (API is currently on the app domain) 5. Login creates a sessionid and nonce. Saves entry in DB with sessionid as key and state map as value 6. Login creates a cookie with the nonce and redirect url. Redirects to the SAML provider's login page, with sessionid in RelayState 7. SAML provider's login page redirects to the ACS api on the callback domain, with sessionid in RelayState 8. ACS api validates the sessionid, and updates the state map in the DB with the user id and groups info 9. ACS api redirects to the redirect API on the app domain, again passing the sessionid in the relay parameter 10. redirect API validates the passed sessionid, nonce from DB statemap against nonce from cookie, 11. redirect stores the authenticated session, with the user id and groups info and deletes the DB entry 12. Redirects back to original app url, which will again call CheckSAMLAuth and find the authenticated cookie
Variables ¶
var (
COMPRESSION_ENABLED_MIME_TYPES = []string{
"text/html",
"text/css",
"text/plain",
"text/xml",
"text/x-component",
"text/javascript",
"application/x-javascript",
"application/javascript",
"application/json",
"application/manifest+json",
"application/vnd.api+json",
"application/xml",
"application/xhtml+xml",
"application/rss+xml",
"application/atom+xml",
"application/vnd.ms-fontobject",
"application/x-font-ttf",
"application/x-font-opentype",
"application/x-font-truetype",
"image/svg+xml",
"image/x-icon",
"image/vnd.microsoft.icon",
"font/ttf",
"font/eot",
"font/otf",
"font/opentype",
}
)
Functions ¶
Types ¶
type AdminBasicAuth ¶
AdminBasicAuth implements basic auth for the admin user account. Cache the success auth header to avoid the bcrypt hash check penalty Basic auth is supported for admin user only, and changing it requires service restart. Caching the sha of the successful auth header allows us to skip the bcrypt check which significantly improves performance.
func NewAdminBasicAuth ¶
func NewAdminBasicAuth(logger *types.Logger, config *types.ServerConfig) *AdminBasicAuth
type AppStore ¶
AppStore is a store of apps. List of apps is stored in memory. Apps are initialized lazily, AddApp has to be called before GetApp to initialize the app
func (*AppStore) ActiveContainerNames ¶ added in v0.17.3
func (a *AppStore) ActiveContainerNames() map[container.ContainerName]bool
ActiveContainerNames returns the container names currently referenced by loaded apps.
func (*AppStore) AddAppIfUnchanged ¶ added in v0.18.4
AddAppIfUnchanged adds the app to the store only if no apps have been removed from the store since the given generation was read. It returns false without adding when the store changed: the DB state the app was built from may have been superseded (e.g. a reload committed in between), so the caller must discard the app and rebuild from a fresh read.
func (*AppStore) ClearApps ¶
func (a *AppStore) ClearApps(pathDomains []types.AppPathDomain)
ClearApps removes the specified apps from the in memory App cache Also clears the app info cache for all apps (so that it is reloaded on next request)
func (*AppStore) ClearAppsAudit ¶
func (a *AppStore) ClearAppsAudit(ctx context.Context, pathDomains []types.AppPathDomain, op string) error
ClearApps removes the specified apps from the in memory App cache and creates an audit entry. Also clears the app info cache for all apps (so that it is reloaded on next request)
func (*AppStore) ClearAppsNoNotify ¶
func (a *AppStore) ClearAppsNoNotify(pathDomains []types.AppPathDomain)
ClearApps removes the specified apps from the in memory App cache Also clears the app info cache for all apps (so that it is reloaded on next request) This does not notify other servers of the app update (intended for use from the listener)
func (*AppStore) ClearLinkedApps ¶
func (a *AppStore) ClearLinkedApps(pathDomain types.AppPathDomain) error
func (*AppStore) Generation ¶ added in v0.18.4
Generation returns the current store generation. Read it before loading app state from the DB and pass it to AddAppIfUnchanged.
func (*AppStore) GetAppInfo ¶
func (*AppStore) GetAppsFullInfo ¶
GetAppsFullInfo returns the apps indexed by effective domain and the set of all configured domains, for request matching.
func (*AppStore) ResetAllAppCache ¶
func (a *AppStore) ResetAllAppCache()
type ContainerDetail ¶ added in v0.18.4
type ContainerDetail struct {
ContainerInfo
Command string `json:"command"`
StartedAt string `json:"started_at"`
CreatedAt string `json:"created_at"`
RestartCount int `json:"restart_count"`
ExitCode int `json:"exit_code"`
Health string `json:"health"`
AppVersion string `json:"app_version"`
SizeRw int64 `json:"size_rw"` // writable layer disk usage
SizeRootFs int64 `json:"size_root_fs"` // total disk usage
PortBindings []string `json:"port_bindings"` // host->container port mappings
Mounts []ContainerMount `json:"mounts"`
Stats *ContainerStats `json:"stats"`
}
ContainerDetail is the full detail of a container managed by OpenRun
type ContainerInfo ¶ added in v0.18.4
type ContainerInfo struct {
Id string `json:"id"`
Name string `json:"name"`
AppId string `json:"app_id"`
AppPath string `json:"app_path"`
Image string `json:"image"`
State string `json:"state"` // running / exited / ...
Status string `json:"status"` // human readable, "Up 2 hours"
Ports string `json:"ports"`
Env string `json:"env"` // prod / stage / dev / preview
Runtime string `json:"runtime"` // docker / podman / kubernetes
}
ContainerInfo is the summary of a container managed by OpenRun
type ContainerMount ¶ added in v0.18.4
type ContainerMount struct {
Type string `json:"type"`
Source string `json:"source"`
Destination string `json:"destination"`
ReadWrite bool `json:"read_write"`
}
ContainerMount is a mount point of a container
type ContainerStats ¶ added in v0.18.4
type ContainerStats struct {
CPUPercent string `json:"cpu_percent"`
MemUsage string `json:"mem_usage"`
MemPercent string `json:"mem_percent"`
NetIO string `json:"net_io"`
BlockIO string `json:"block_io"`
PIDs string `json:"pids"`
}
ContainerStats are the live resource stats of a container
type ContextShared ¶
type ContextShared struct {
}
type Handler ¶
func NewTCPHandler ¶
NewTCPHandler creates a new handler for HTTP/HTTPS requests. App API's are mounted amd authentication is enabled. It also mounts the internal APIs if admin over TCP is enabled
func NewUDSHandler ¶
NewUDSHandler creates a new handler for admin APIs over the unix domain socket
type InmemoryKVStore ¶ added in v0.15.3
type InmemoryKVStore struct {
// contains filtered or unexported fields
}
func NewInmemoryKVStore ¶ added in v0.15.3
func NewInmemoryKVStore() *InmemoryKVStore
func (*InmemoryKVStore) DeleteKV ¶ added in v0.15.3
func (s *InmemoryKVStore) DeleteKV(ctx context.Context, key string) error
func (*InmemoryKVStore) FetchKVBlob ¶ added in v0.17.1
func (*InmemoryKVStore) StoreKVBlob ¶ added in v0.15.3
func (*InmemoryKVStore) UpdateKVBlob ¶ added in v0.15.3
func (*InmemoryKVStore) UpsertKVBlob ¶ added in v0.17.1
type KVSessionStore ¶ added in v0.17.1
type KVSessionStore struct {
Codecs []securecookie.Codec
Options *sessions.Options
// contains filtered or unexported fields
}
KVSessionStore keeps session payloads server-side and puts only an opaque, signed session id in the browser cookie.
func NewKVSessionStore ¶ added in v0.17.1
func NewKVSessionStore(db KVStore, keyPairs ...[]byte) *KVSessionStore
func (*KVSessionStore) MaxAge ¶ added in v0.17.1
func (s *KVSessionStore) MaxAge(age int)
func (*KVSessionStore) Save ¶ added in v0.17.1
func (s *KVSessionStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error
type KVStore ¶ added in v0.15.3
type KVStore interface {
FetchKV(ctx context.Context, key string) (map[string]any, error)
FetchKVBlob(ctx context.Context, key string) ([]byte, error)
StoreKV(ctx context.Context, key string, value map[string]any, expireAt *time.Time) error
StoreKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error
UpsertKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error
UpdateKV(ctx context.Context, key string, value map[string]any) error
UpdateKVBlob(ctx context.Context, key string, value []byte) error
DeleteKV(ctx context.Context, key string) error
}
KVStore is an interface for a key-value store. Implemented by metadata.Metadata
type OAuthAuthInfo ¶ added in v0.17.3
type OAuthManager ¶ added in v0.15.3
OAuthManager manages the OAuth providers and their configurations (also OIDC)
func NewOAuthManager ¶ added in v0.15.3
func NewOAuthManager(logger *types.Logger, config *types.ServerConfig, db KVStore) *OAuthManager
func (*OAuthManager) CheckAuth ¶ added in v0.15.3
func (s *OAuthManager) CheckAuth(w http.ResponseWriter, r *http.Request, appProvider string) (string, []string, error)
func (*OAuthManager) CheckAuthInfo ¶ added in v0.17.3
func (s *OAuthManager) CheckAuthInfo(w http.ResponseWriter, r *http.Request, appProvider string) (OAuthAuthInfo, error)
func (*OAuthManager) RegisterRoutes ¶ added in v0.15.3
func (s *OAuthManager) RegisterRoutes(csrfMiddleware *http.CrossOriginProtection, mux *chi.Mux)
func (*OAuthManager) Setup ¶ added in v0.15.3
func (s *OAuthManager) Setup(sessionKey []byte, sessionBlockKey []byte) error
func (*OAuthManager) ValidateAuthType ¶ added in v0.15.3
func (s *OAuthManager) ValidateAuthType(authType string) bool
func (*OAuthManager) ValidateProviderName ¶ added in v0.15.3
func (s *OAuthManager) ValidateProviderName(provider string) bool
type RateLimitedErrorLogger ¶ added in v0.16.16
type RateLimitedErrorLogger struct {
// contains filtered or unexported fields
}
RateLimitedErrorLogger wraps an io.Writer and rate-limits repeated TLS handshake errors. It logs the first occurrence immediately, then suppresses for a configurable duration. After the suppression period, it logs again with the count of suppressed occurrences.
func NewRateLimitedErrorLogger ¶ added in v0.16.16
func NewRateLimitedErrorLogger(out io.Writer) *RateLimitedErrorLogger
NewRateLimitedErrorLogger creates a new rate-limited error logger. It starts a background goroutine that cleans up old entries every 30 minutes.
func (*RateLimitedErrorLogger) Stop ¶ added in v0.16.16
func (r *RateLimitedErrorLogger) Stop()
Stop stops the background cleanup goroutine
type RepoCache ¶
type RepoCache struct {
// contains filtered or unexported fields
}
func NewRepoCache ¶
func (*RepoCache) CheckoutRepo ¶
type SAMLManager ¶ added in v0.15.3
SAMLManager manages the SAML providers and their configurations
func NewSAMLManager ¶ added in v0.15.3
func NewSAMLManager(logger *types.Logger, config *types.ServerConfig, cookieStore sessions.Store, db KVStore) *SAMLManager
func (*SAMLManager) CheckSAMLAuth ¶ added in v0.15.3
func (s *SAMLManager) CheckSAMLAuth(w http.ResponseWriter, r *http.Request, appProvider string) (string, []string, error)
func (*SAMLManager) RegisterRoutes ¶ added in v0.15.3
func (s *SAMLManager) RegisterRoutes(mux *chi.Mux)
func (*SAMLManager) ValidateSAMLProvider ¶ added in v0.15.3
func (s *SAMLManager) ValidateSAMLProvider(authType string) bool
type Server ¶
Server is the instance of the OpenRun Server
func NewServer ¶
func NewServer(config *types.ServerConfig) (*Server, error)
NewServer creates a new instance of the OpenRun Server
func (*Server) Apply ¶
func (s *Server) Apply(ctx context.Context, inputTx types.Transaction, applyPath string, appPathGlob string, approve, dryRun, promote bool, reload types.AppReloadOption, branch, commit, gitAuth string, clobber, forceReload, verify bool, lastRunCommitId string, repoCache *RepoCache, isDev bool) (_ *types.AppApplyResponse, _ []types.AppPathDomain, _ *bindingAccountManager, retErr error)
func (*Server) ApproveApps ¶ added in v0.18.4
func (s *Server) ApproveApps(ctx context.Context, appPathGlob string, dryRun, promote bool) (*types.AppStagedUpdateResponse, error)
ApproveApps approves the plugin and permission usage for apps matching the glob. With dryRun, the pending permissions are returned without approving
func (*Server) AuthorizeList ¶ added in v0.15.0
func (s *Server) AuthorizeList(ctx context.Context, userId string, app *types.AppInfo, groups []string) (bool, error)
AuthorizeList checks if the user has access to list the specified app. When RBAC enforcement is active for the calling app (RBAC config enabled and the caller has rbac: auth), the app:read permission gates listing (with the owner rule). Otherwise, list visibility falls back to whether the app uses the same authentication type as used by the caller
func (*Server) CheckAppValid ¶
func (*Server) CleanupVersions ¶ added in v0.16.22
func (s *Server) CleanupVersions()
func (*Server) CompleteTransaction ¶
func (s *Server) CompleteTransaction(ctx context.Context, tx types.Transaction, entries []types.AppPathDomain, dryRun bool, op string) error
func (*Server) CreateApp ¶
func (s *Server) CreateApp(ctx context.Context, appPath string, approve, dryRun bool, appRequest *types.CreateAppRequest) (*types.AppCreateResponse, error)
func (*Server) CreateAppTx ¶
func (s *Server) CreateAppTx(ctx context.Context, currentTx types.Transaction, appPath string, approve, dryRun bool, appRequest *types.CreateAppRequest, repoCache *RepoCache) (*types.AppCreateResponse, error)
func (*Server) CreateBinding ¶ added in v0.17.2
func (*Server) CreateService ¶ added in v0.17.2
func (*Server) CreateSyncEntry ¶
func (s *Server) CreateSyncEntry(ctx context.Context, path string, scheduled, dryRun bool, sync *types.SyncMetadata) (_ *types.SyncCreateResponse, retErr error)
func (*Server) DeleteApps ¶
func (*Server) DeleteBinding ¶ added in v0.17.2
func (*Server) DeleteService ¶ added in v0.17.2
func (*Server) DeleteSyncEntry ¶
func (*Server) DiscardRBACDraft ¶ added in v0.18.4
DiscardRBACDraft drops the staged config changes. draftVersion is the CAS token: only a draft state the caller has actually seen can be discarded
func (*Server) FilterApps ¶
func (*Server) FlushAuditEvents ¶ added in v0.18.4
func (s *Server) FlushAuditEvents()
FlushAuditEvents blocks until all audit events queued before the call have been written to the audit DB. Used before audit queries (read-after-write consistency) and during shutdown.
func (*Server) GetAppEntry ¶
func (s *Server) GetAppEntry(ctx context.Context, tx types.Transaction, pathDomain types.AppPathDomain) (*types.AppEntry, error)
func (*Server) GetBinding ¶ added in v0.17.2
func (*Server) GetBindingAccount ¶ added in v0.17.4
func (*Server) GetBindingWithAccount ¶ added in v0.17.5
func (s *Server) GetBindingWithAccount(ctx context.Context, tx types.Transaction, path string) (*types.Binding, error)
GetBindingWithAccount gets the binding with the account info un-redacted.
func (*Server) GetConfigVersion ¶ added in v0.18.4
func (s *Server) GetConfigVersion(ctx context.Context, versionId string) (*types.DynamicConfig, error)
GetConfigVersion returns one full config snapshot from the history
func (*Server) GetDynamicConfig ¶ added in v0.14.10
func (s *Server) GetDynamicConfig() types.DynamicConfig
func (*Server) GetListAppsApp ¶
func (*Server) GetManagedContainer ¶ added in v0.18.4
func (s *Server) GetManagedContainer(ctx context.Context, id string, withStats bool) (*ContainerDetail, error)
GetManagedContainer returns the details of one OpenRun managed container. withStats also collects live resource stats and disk usage, which are slow (docker stats samples for about two seconds)
func (*Server) GetManagedContainerLogs ¶ added in v0.18.4
GetManagedContainerLogs returns the last tail lines of the container logs
func (*Server) GetRBACDynamicConfig ¶ added in v0.18.4
func (s *Server) GetRBACDynamicConfig(ctx context.Context) (*types.DynamicConfig, *types.ConfigDraft, error)
GetRBACDynamicConfig returns the live dynamic config and the staged draft (nil when there is none) for the configuration UI
func (*Server) InsertAuditEvent ¶
func (s *Server) InsertAuditEvent(event *types.AuditEvent) error
InsertAuditEvent queues the event for the background audit writer. The write happens asynchronously (batched into one transaction per burst) so the request path does not block on a database write per event. A copy of the event is queued, callers can reuse the struct. Call FlushAuditEvents before reading the audit table to see previously queued events.
func (*Server) KVInitConstant ¶ added in v0.15.3
func (s *Server) KVInitConstant(ctx context.Context, keyName string, newValue []byte) ([]byte, error)
KVInitConstant initializes a constant value in the DB. If the value already exists, it returns the existing value. If the value does not exist, it inserts the new value and returns it. If another server inserts the value concurrently, it fetches the value from the DB and returns it.
func (*Server) ListAppAuths ¶ added in v0.18.4
ListAppAuths returns the auth types an app can be configured with: the built-in types followed by the oauth, saml (saml_ prefixed) and client cert auth entries configured on this server. The rbac: prefix and +forward_ modifiers are not expanded here
func (*Server) ListBindings ¶ added in v0.17.2
func (*Server) ListConfigHistory ¶ added in v0.18.4
ListConfigHistory returns the dynamic config snapshots, newest first
func (*Server) ListManagedContainers ¶ added in v0.18.4
func (s *Server) ListManagedContainers(ctx context.Context) ([]ContainerInfo, error)
ListManagedContainers lists the containers managed by OpenRun. For docker or podman these are the containers carrying the OpenRun labels; for Kubernetes these are the pods in the OpenRun apps namespace
func (*Server) ListServices ¶ added in v0.17.2
func (*Server) ListSyncEntries ¶
func (*Server) PreviewApp ¶
func (*Server) PromoteApps ¶
func (*Server) PublishRBACConfig ¶ added in v0.18.4
func (s *Server) PublishRBACConfig(ctx context.Context, draftVersion string, force bool) (*types.DynamicConfig, error)
PublishRBACConfig validates the draft config and swaps it live atomically. draftVersion must match the current draft (the publisher has seen the latest edits); the live config must still be the draft's base version unless force is set (a CLI file upload mid-draft surfaces here)
func (*Server) ReloadApps ¶
func (*Server) ReplaceAppParams ¶ added in v0.18.4
func (s *Server) ReplaceAppParams(ctx context.Context, appPathGlob string, dryRun, promote bool, params map[string]string) (*types.AppStagedUpdateResponse, error)
ReplaceAppParams replaces all the param values for apps matching the glob. The change applies to staging and is promoted to prod when promote is set
func (*Server) RequestStop ¶ added in v0.17.8
func (s *Server) RequestStop()
func (*Server) RestoreConfig ¶ added in v0.18.4
func (s *Server) RestoreConfig(ctx context.Context, historyVersionId string, force bool) (*types.DynamicConfig, error)
RestoreConfig restores the full dynamic config from a history snapshot. The restore is validated like a publish and written as a new version, keeping the history linear. An open draft is unaffected (it CAS's against its base version at publish time)
func (*Server) RunBindingCommand ¶ added in v0.17.4
func (*Server) SaveDynamicConfig ¶ added in v0.14.10
func (*Server) StagedUpdate ¶
func (*Server) StagedUpdateAppsTx ¶
func (s *Server) StagedUpdateAppsTx(ctx context.Context, tx types.Transaction, appPathGlob string, promote bool, handler stagedUpdateHandler, args map[string]any) ([]any, []types.AppPathDomain, []types.AppPathDomain, error)
func (*Server) StartManagedContainer ¶ added in v0.18.4
StartManagedContainer starts a stopped OpenRun managed container
func (*Server) StopManagedContainer ¶ added in v0.18.4
StopManagedContainer stops a running OpenRun managed container
func (*Server) StopNotify ¶ added in v0.17.8
func (s *Server) StopNotify() <-chan struct{}
func (*Server) TokenCreate ¶
func (s *Server) TokenCreate(ctx context.Context, appPath string, webhookType types.WebhookType, dryRun bool) (*types.TokenCreateResponse, error)
func (*Server) TokenDelete ¶
func (s *Server) TokenDelete(ctx context.Context, appPath string, webhookType types.WebhookType, dryRun bool) (*types.TokenDeleteResponse, error)
func (*Server) UpdateAppParams ¶ added in v0.18.4
func (s *Server) UpdateAppParams(ctx context.Context, appPathGlob string, dryRun, promote bool, paramName, paramValue string) (*types.AppStagedUpdateResponse, error)
UpdateAppParams updates a single param value for apps matching the glob. A value of "-" deletes the param. The change applies to staging and is promoted to prod when promote is set
func (*Server) UpdateAppSettings ¶
func (s *Server) UpdateAppSettings(ctx context.Context, appPathGlob string, dryRun bool, updateAppRequest types.UpdateAppRequest) (*types.AppUpdateSettingsResponse, error)
func (*Server) UpdateBinding ¶ added in v0.17.2
func (*Server) UpdateDynamicConfig ¶ added in v0.14.10
func (s *Server) UpdateDynamicConfig(ctx context.Context, newConfig *types.DynamicConfig, force bool) (*types.DynamicConfig, error)
func (*Server) UpdateRBACDraft ¶ added in v0.18.4
func (s *Server) UpdateRBACDraft(ctx context.Context, draftVersion string, mutate func(*types.RBACConfig) error) (*types.ConfigDraft, error)
UpdateRBACDraft applies one mutation to the draft config. The draft is created from the live config on first edit; draftVersion is the CAS token for edits on an existing draft (two operators editing concurrently conflict instead of overwriting each other). Draft edits do not touch the live config and are not recorded in the config history
func (*Server) UpdateService ¶ added in v0.17.2
func (*Server) VersionFiles ¶
func (*Server) VersionList ¶
Source Files
¶
- access_log.go
- app_apis.go
- app_bindings.go
- app_updates.go
- apply.go
- apps.go
- audit_middleware.go
- auth.go
- cert.go
- config_apis.go
- container_apis.go
- container_cleanup.go
- deploy_rollback.go
- error_logger.go
- forward_auth.go
- kv_session_store.go
- oauth.go
- openrun_admin_plugin.go
- openrun_config_plugin.go
- openrun_plugin.go
- rbac_enforce.go
- repo_cache.go
- router.go
- saml.go
- server.go
- service_binding.go
- session_validation.go
- sync.go
- test_helper.go
- version_apis.go
- webhook_apis.go