server

package
v0.18.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 6, 2026 License: Apache-2.0 Imports: 96 Imported by: 0

Documentation

Index

Constants

View Source
const (
	APP     = "app"
	BINDING = "binding"
)
View Source
const (
	// AUDIT_QUEUE_SIZE is the audit event queue length; when full, enqueue
	// blocks and applies backpressure to the request path
	AUDIT_QUEUE_SIZE = 1000
	// AUDIT_MAX_BATCH_SIZE caps how many events are written per transaction
	AUDIT_MAX_BATCH_SIZE = 200
)
View Source
const (
	PROVIDER_NAME_DELIMITER = "_"
	AUTH_KEY                = "authenticated"
	USER_KEY                = "user" // email/userid/nickname (for git email/nickname/userid)
	USER_ID_KEY             = "user_id"
	USER_EMAIL_KEY          = "email"
	USER_NICKNAME_KEY       = "nickname"
	PROVIDER_NAME_KEY       = "provider_name"
	GROUPS_KEY              = "groups"
	SESSION_INDEX_KEY       = "session_index"
	NONCE_KEY               = "nonce"
	REDIRECT_URL            = "redirect"
	REQUEST_ID_KEY          = "request_id" // SAML AuthnRequest ID, used to enforce InResponseTo
)
View Source
const (
	DRY_RUN_ARG              = "dryRun"
	PROMOTE_ARG              = "promote"
	REAPPLY_ALL_ARG          = "reapplyAll"
	DELEGATE_BUILD_OP        = "delegate_build"
	MAX_DELEGATE_UPLOAD_SIZE = 512 << 20 // 512 MiB
)
View Source
const (
	DEFAULT_CERT_FILE = "default.crt"
	DEFAULT_KEY_FILE  = "default.key"
	APPSPECS          = "appspecs"
)
View Source
const AUTH_FAILURE_EVENT_INTERVAL = time.Minute

AUTH_FAILURE_EVENT_INTERVAL is the minimum interval between audit events for the same failed-auth operation/target/user combination

View Source
const CURRENT_AUDIT_DB_VERSION = 2
View Source
const (
	REALM = "openrun"
)
View Source
const REPO_FOLDER_SEPERATOR = "//"
View Source
const SAML_AUTH_PREFIX = "saml_"

The flow is 1. At service startup, SAMLServiceProvider is initialized 2. For apps using SAML, CheckSAMLAuth is called to check if the user is authenticated 3. CheckSAMLAuth verifies the session cookie to see if the user is authenticated. If yes, done 4. If the user is not authenticated, login function is called (API is currently on the app domain) 5. Login creates a sessionid and nonce. Saves entry in DB with sessionid as key and state map as value 6. Login creates a cookie with the nonce and redirect url. Redirects to the SAML provider's login page, with sessionid in RelayState 7. SAML provider's login page redirects to the ACS api on the callback domain, with sessionid in RelayState 8. ACS api validates the sessionid, and updates the state map in the DB with the user id and groups info 9. ACS api redirects to the redirect API on the app domain, again passing the sessionid in the relay parameter 10. redirect API validates the passed sessionid, nonce from DB statemap against nonce from cookie, 11. redirect stores the authenticated session, with the user id and groups info and deletes the DB entry 12. Redirects back to original app url, which will again call CheckSAMLAuth and find the authenticated cookie

Variables

View Source
var (
	COMPRESSION_ENABLED_MIME_TYPES = []string{
		"text/html",
		"text/css",
		"text/plain",
		"text/xml",
		"text/x-component",
		"text/javascript",
		"application/x-javascript",
		"application/javascript",
		"application/json",
		"application/manifest+json",
		"application/vnd.api+json",
		"application/xml",
		"application/xhtml+xml",
		"application/rss+xml",
		"application/atom+xml",
		"application/vnd.ms-fontobject",
		"application/x-font-ttf",
		"application/x-font-opentype",
		"application/x-font-truetype",
		"image/svg+xml",
		"image/x-icon",
		"image/vnd.microsoft.icon",
		"font/ttf",
		"font/eot",
		"font/otf",
		"font/opentype",
	}
)

Functions

func GenerateSelfSignedCertificate

func GenerateSelfSignedCertificate(certPath, keyPath string, validityDuration time.Duration) error

Types

type AdminBasicAuth

type AdminBasicAuth struct {
	*types.Logger
	// contains filtered or unexported fields
}

AdminBasicAuth implements basic auth for the admin user account. Cache the success auth header to avoid the bcrypt hash check penalty Basic auth is supported for admin user only, and changing it requires service restart. Caching the sha of the successful auth header allows us to skip the bcrypt check which significantly improves performance.

func NewAdminBasicAuth

func NewAdminBasicAuth(logger *types.Logger, config *types.ServerConfig) *AdminBasicAuth

func (*AdminBasicAuth) BasicAuth

func (a *AdminBasicAuth) BasicAuth(authHeader string) (username, password string, ok bool)

type AppStore

type AppStore struct {
	*types.Logger
	// contains filtered or unexported fields
}

AppStore is a store of apps. List of apps is stored in memory. Apps are initialized lazily, AddApp has to be called before GetApp to initialize the app

func NewAppStore

func NewAppStore(logger *types.Logger, server *Server) *AppStore

func (*AppStore) ActiveContainerNames added in v0.17.3

func (a *AppStore) ActiveContainerNames() map[container.ContainerName]bool

ActiveContainerNames returns the container names currently referenced by loaded apps.

func (*AppStore) AddAppIfUnchanged added in v0.18.4

func (a *AppStore) AddAppIfUnchanged(app *app.App, generation uint64) bool

AddAppIfUnchanged adds the app to the store only if no apps have been removed from the store since the given generation was read. It returns false without adding when the store changed: the DB state the app was built from may have been superseded (e.g. a reload committed in between), so the caller must discard the app and rebuild from a fresh read.

func (*AppStore) ClearApps

func (a *AppStore) ClearApps(pathDomains []types.AppPathDomain)

ClearApps removes the specified apps from the in memory App cache Also clears the app info cache for all apps (so that it is reloaded on next request)

func (*AppStore) ClearAppsAudit

func (a *AppStore) ClearAppsAudit(ctx context.Context, pathDomains []types.AppPathDomain, op string) error

ClearApps removes the specified apps from the in memory App cache and creates an audit entry. Also clears the app info cache for all apps (so that it is reloaded on next request)

func (*AppStore) ClearAppsNoNotify

func (a *AppStore) ClearAppsNoNotify(pathDomains []types.AppPathDomain)

ClearApps removes the specified apps from the in memory App cache Also clears the app info cache for all apps (so that it is reloaded on next request) This does not notify other servers of the app update (intended for use from the listener)

func (*AppStore) ClearLinkedApps

func (a *AppStore) ClearLinkedApps(pathDomain types.AppPathDomain) error

func (*AppStore) Generation added in v0.18.4

func (a *AppStore) Generation() uint64

Generation returns the current store generation. Read it before loading app state from the DB and pass it to AddAppIfUnchanged.

func (*AppStore) GetAllAppsInfo

func (a *AppStore) GetAllAppsInfo() ([]types.AppInfo, error)

func (*AppStore) GetAllDomains

func (a *AppStore) GetAllDomains() (map[string]bool, error)

func (*AppStore) GetApp

func (a *AppStore) GetApp(pathDomain types.AppPathDomain) (*app.App, error)

func (*AppStore) GetAppInfo

func (a *AppStore) GetAppInfo(appId types.AppId) (types.AppInfo, bool)

func (*AppStore) GetAppsFullInfo

func (a *AppStore) GetAppsFullInfo() (map[string][]types.AppInfo, map[string]bool, error)

GetAppsFullInfo returns the apps indexed by effective domain and the set of all configured domains, for request matching.

func (*AppStore) ResetAllAppCache

func (a *AppStore) ResetAllAppCache()

type CacheDir

type CacheDir struct {
	// contains filtered or unexported fields
}

type ContainerDetail added in v0.18.4

type ContainerDetail struct {
	ContainerInfo
	Command      string           `json:"command"`
	StartedAt    string           `json:"started_at"`
	CreatedAt    string           `json:"created_at"`
	RestartCount int              `json:"restart_count"`
	ExitCode     int              `json:"exit_code"`
	Health       string           `json:"health"`
	AppVersion   string           `json:"app_version"`
	SizeRw       int64            `json:"size_rw"`       // writable layer disk usage
	SizeRootFs   int64            `json:"size_root_fs"`  // total disk usage
	PortBindings []string         `json:"port_bindings"` // host->container port mappings
	Mounts       []ContainerMount `json:"mounts"`
	Stats        *ContainerStats  `json:"stats"`
}

ContainerDetail is the full detail of a container managed by OpenRun

type ContainerInfo added in v0.18.4

type ContainerInfo struct {
	Id      string `json:"id"`
	Name    string `json:"name"`
	AppId   string `json:"app_id"`
	AppPath string `json:"app_path"`
	Image   string `json:"image"`
	State   string `json:"state"`  // running / exited / ...
	Status  string `json:"status"` // human readable, "Up 2 hours"
	Ports   string `json:"ports"`
	Env     string `json:"env"`     // prod / stage / dev / preview
	Runtime string `json:"runtime"` // docker / podman / kubernetes
}

ContainerInfo is the summary of a container managed by OpenRun

type ContainerMount added in v0.18.4

type ContainerMount struct {
	Type        string `json:"type"`
	Source      string `json:"source"`
	Destination string `json:"destination"`
	ReadWrite   bool   `json:"read_write"`
}

ContainerMount is a mount point of a container

type ContainerStats added in v0.18.4

type ContainerStats struct {
	CPUPercent string `json:"cpu_percent"`
	MemUsage   string `json:"mem_usage"`
	MemPercent string `json:"mem_percent"`
	NetIO      string `json:"net_io"`
	BlockIO    string `json:"block_io"`
	PIDs       string `json:"pids"`
}

ContainerStats are the live resource stats of a container

type ContextShared

type ContextShared struct {
	UserId    string
	AppId     string
	Operation string
	Target    string
	DryRun    bool
}

type Handler

type Handler struct {
	*types.Logger
	// contains filtered or unexported fields
}

func NewTCPHandler

func NewTCPHandler(logger *types.Logger, config *types.ServerConfig, server *Server) *Handler

NewTCPHandler creates a new handler for HTTP/HTTPS requests. App API's are mounted amd authentication is enabled. It also mounts the internal APIs if admin over TCP is enabled

func NewUDSHandler

func NewUDSHandler(logger *types.Logger, config *types.ServerConfig, server *Server) *Handler

NewUDSHandler creates a new handler for admin APIs over the unix domain socket

type InmemoryKVStore added in v0.15.3

type InmemoryKVStore struct {
	// contains filtered or unexported fields
}

func NewInmemoryKVStore added in v0.15.3

func NewInmemoryKVStore() *InmemoryKVStore

func (*InmemoryKVStore) DeleteKV added in v0.15.3

func (s *InmemoryKVStore) DeleteKV(ctx context.Context, key string) error

func (*InmemoryKVStore) FetchKV added in v0.15.3

func (s *InmemoryKVStore) FetchKV(ctx context.Context, key string) (map[string]any, error)

func (*InmemoryKVStore) FetchKVBlob added in v0.17.1

func (s *InmemoryKVStore) FetchKVBlob(ctx context.Context, key string) ([]byte, error)

func (*InmemoryKVStore) StoreKV added in v0.15.3

func (s *InmemoryKVStore) StoreKV(ctx context.Context, key string, value map[string]any, expireAt *time.Time) error

func (*InmemoryKVStore) StoreKVBlob added in v0.15.3

func (s *InmemoryKVStore) StoreKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error

func (*InmemoryKVStore) UpdateKV added in v0.15.3

func (s *InmemoryKVStore) UpdateKV(ctx context.Context, key string, value map[string]any) error

func (*InmemoryKVStore) UpdateKVBlob added in v0.15.3

func (s *InmemoryKVStore) UpdateKVBlob(ctx context.Context, key string, value []byte) error

func (*InmemoryKVStore) UpsertKVBlob added in v0.17.1

func (s *InmemoryKVStore) UpsertKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error

type KVSessionStore added in v0.17.1

type KVSessionStore struct {
	Codecs []securecookie.Codec

	Options *sessions.Options
	// contains filtered or unexported fields
}

KVSessionStore keeps session payloads server-side and puts only an opaque, signed session id in the browser cookie.

func NewKVSessionStore added in v0.17.1

func NewKVSessionStore(db KVStore, keyPairs ...[]byte) *KVSessionStore

func (*KVSessionStore) Get added in v0.17.1

func (s *KVSessionStore) Get(r *http.Request, name string) (*sessions.Session, error)

func (*KVSessionStore) MaxAge added in v0.17.1

func (s *KVSessionStore) MaxAge(age int)

func (*KVSessionStore) New added in v0.17.1

func (s *KVSessionStore) New(r *http.Request, name string) (*sessions.Session, error)

func (*KVSessionStore) Save added in v0.17.1

type KVStore added in v0.15.3

type KVStore interface {
	FetchKV(ctx context.Context, key string) (map[string]any, error)
	FetchKVBlob(ctx context.Context, key string) ([]byte, error)
	StoreKV(ctx context.Context, key string, value map[string]any, expireAt *time.Time) error
	StoreKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error
	UpsertKVBlob(ctx context.Context, key string, value []byte, expireAt *time.Time) error

	UpdateKV(ctx context.Context, key string, value map[string]any) error
	UpdateKVBlob(ctx context.Context, key string, value []byte) error
	DeleteKV(ctx context.Context, key string) error
}

KVStore is an interface for a key-value store. Implemented by metadata.Metadata

type OAuthAuthInfo added in v0.17.3

type OAuthAuthInfo struct {
	UserId      string
	Groups      []string
	UserSubject string
	UserEmail   string
}

type OAuthManager added in v0.15.3

type OAuthManager struct {
	*types.Logger
	// contains filtered or unexported fields
}

OAuthManager manages the OAuth providers and their configurations (also OIDC)

func NewOAuthManager added in v0.15.3

func NewOAuthManager(logger *types.Logger, config *types.ServerConfig, db KVStore) *OAuthManager

func (*OAuthManager) CheckAuth added in v0.15.3

func (s *OAuthManager) CheckAuth(w http.ResponseWriter, r *http.Request, appProvider string) (string, []string, error)

func (*OAuthManager) CheckAuthInfo added in v0.17.3

func (s *OAuthManager) CheckAuthInfo(w http.ResponseWriter, r *http.Request, appProvider string) (OAuthAuthInfo, error)

func (*OAuthManager) RegisterRoutes added in v0.15.3

func (s *OAuthManager) RegisterRoutes(csrfMiddleware *http.CrossOriginProtection, mux *chi.Mux)

func (*OAuthManager) Setup added in v0.15.3

func (s *OAuthManager) Setup(sessionKey []byte, sessionBlockKey []byte) error

func (*OAuthManager) ValidateAuthType added in v0.15.3

func (s *OAuthManager) ValidateAuthType(authType string) bool

func (*OAuthManager) ValidateProviderName added in v0.15.3

func (s *OAuthManager) ValidateProviderName(provider string) bool

type RateLimitedErrorLogger added in v0.16.16

type RateLimitedErrorLogger struct {
	// contains filtered or unexported fields
}

RateLimitedErrorLogger wraps an io.Writer and rate-limits repeated TLS handshake errors. It logs the first occurrence immediately, then suppresses for a configurable duration. After the suppression period, it logs again with the count of suppressed occurrences.

func NewRateLimitedErrorLogger added in v0.16.16

func NewRateLimitedErrorLogger(out io.Writer) *RateLimitedErrorLogger

NewRateLimitedErrorLogger creates a new rate-limited error logger. It starts a background goroutine that cleans up old entries every 30 minutes.

func (*RateLimitedErrorLogger) Stop added in v0.16.16

func (r *RateLimitedErrorLogger) Stop()

Stop stops the background cleanup goroutine

func (*RateLimitedErrorLogger) Write added in v0.16.16

func (r *RateLimitedErrorLogger) Write(p []byte) (n int, err error)

Write implements io.Writer. It rate-limits TLS handshake errors while passing through other messages unchanged.

type Repo

type Repo struct {
	// contains filtered or unexported fields
}

type RepoCache

type RepoCache struct {
	// contains filtered or unexported fields
}

func NewRepoCache

func NewRepoCache(server *Server) (*RepoCache, error)

func (*RepoCache) CheckoutRepo

func (r *RepoCache) CheckoutRepo(sourceUrl, branch, commit, gitAuth string, isDev bool) (string, string, string, string, error)

func (*RepoCache) Cleanup

func (r *RepoCache) Cleanup()

func (*RepoCache) GetSha

func (r *RepoCache) GetSha(sourceUrl, branch, gitAuth string) (string, error)

type SAMLManager added in v0.15.3

type SAMLManager struct {
	*types.Logger
	// contains filtered or unexported fields
}

SAMLManager manages the SAML providers and their configurations

func NewSAMLManager added in v0.15.3

func NewSAMLManager(logger *types.Logger, config *types.ServerConfig, cookieStore sessions.Store, db KVStore) *SAMLManager

func (*SAMLManager) CheckSAMLAuth added in v0.15.3

func (s *SAMLManager) CheckSAMLAuth(w http.ResponseWriter, r *http.Request, appProvider string) (string, []string, error)

func (*SAMLManager) RegisterRoutes added in v0.15.3

func (s *SAMLManager) RegisterRoutes(mux *chi.Mux)

func (*SAMLManager) Setup added in v0.15.3

func (s *SAMLManager) Setup(ctx context.Context) error

func (*SAMLManager) ValidateSAMLProvider added in v0.15.3

func (s *SAMLManager) ValidateSAMLProvider(authType string) bool

type Server

type Server struct {
	*types.Logger
	// contains filtered or unexported fields
}

Server is the instance of the OpenRun Server

func NewServer

func NewServer(config *types.ServerConfig) (*Server, error)

NewServer creates a new instance of the OpenRun Server

func (*Server) Apply

func (s *Server) Apply(ctx context.Context, inputTx types.Transaction, applyPath string, appPathGlob string, approve, dryRun, promote bool,
	reload types.AppReloadOption, branch, commit, gitAuth string, clobber,
	forceReload, verify bool, lastRunCommitId string, repoCache *RepoCache, isDev bool) (_ *types.AppApplyResponse, _ []types.AppPathDomain, retErr error)

func (*Server) ApproveApps added in v0.18.4

func (s *Server) ApproveApps(ctx context.Context, appPathGlob string, dryRun, promote bool) (*types.AppStagedUpdateResponse, error)

ApproveApps approves the plugin and permission usage for apps matching the glob. With dryRun, the pending permissions are returned without approving

func (*Server) AuthorizeList added in v0.15.0

func (s *Server) AuthorizeList(ctx context.Context, userId string, app *types.AppInfo, groups []string) (bool, error)

AuthorizeList checks if the user has access to list the specified app. When RBAC enforcement is active for the calling app (RBAC config enabled and the caller has rbac: auth), the app:read permission gates listing (with the owner rule). Otherwise, list visibility falls back to whether the app uses the same authentication type as used by the caller

func (*Server) CheckAppValid

func (s *Server) CheckAppValid(domain, matchPath string) (string, error)

func (*Server) CleanupVersions added in v0.16.22

func (s *Server) CleanupVersions()

func (*Server) CompleteTransaction

func (s *Server) CompleteTransaction(ctx context.Context, tx types.Transaction, entries []types.AppPathDomain, dryRun bool, op string) error

func (*Server) CreateApp

func (s *Server) CreateApp(ctx context.Context, appPath string,
	approve, dryRun bool, appRequest *types.CreateAppRequest) (_ *types.AppCreateResponse, retErr error)

func (*Server) CreateAppTx

func (s *Server) CreateAppTx(ctx context.Context, currentTx types.Transaction, appPath string,
	approve, dryRun bool, appRequest *types.CreateAppRequest, repoCache *RepoCache,
	bindingAccounts *bindingAccountManager) (*types.AppCreateResponse, error)

func (*Server) CreateBinding added in v0.17.2

func (s *Server) CreateBinding(ctx context.Context, createRequest *types.CreateBindingRequest, dryRun bool) (_ *types.Binding, retErr error)

func (*Server) CreateService added in v0.17.2

func (s *Server) CreateService(ctx context.Context, service *types.Service, dryRun bool) error

func (*Server) CreateSyncEntry

func (s *Server) CreateSyncEntry(ctx context.Context, path string, scheduled, dryRun bool, sync *types.SyncMetadata) (_ *types.SyncCreateResponse, retErr error)

func (*Server) DeleteApps

func (s *Server) DeleteApps(ctx context.Context, appPathGlob string, dryRun bool) (*types.AppDeleteResponse, error)

func (*Server) DeleteBinding added in v0.17.2

func (s *Server) DeleteBinding(ctx context.Context, path string, dryRun bool) error

func (*Server) DeleteService added in v0.17.2

func (s *Server) DeleteService(ctx context.Context, name, serviceType string, dryRun bool) error

func (*Server) DeleteSyncEntry

func (s *Server) DeleteSyncEntry(ctx context.Context, id string, dryRun bool) (*types.SyncDeleteResponse, error)

func (*Server) DiscardRBACDraft added in v0.18.4

func (s *Server) DiscardRBACDraft(ctx context.Context, draftVersion string) error

DiscardRBACDraft drops the staged config changes. draftVersion is the CAS token: only a draft state the caller has actually seen can be discarded

func (*Server) FilterApps

func (s *Server) FilterApps(appappPathGlob string, includeInternal bool) ([]types.AppInfo, error)

func (*Server) FlushAuditEvents added in v0.18.4

func (s *Server) FlushAuditEvents()

FlushAuditEvents blocks until all audit events queued before the call have been written to the audit DB. Used before audit queries (read-after-write consistency) and during shutdown.

func (*Server) GetApp

func (s *Server) GetApp(ctx context.Context, pathDomain types.AppPathDomain, init bool) (*app.App, error)

func (*Server) GetAppApi

func (s *Server) GetAppApi(ctx context.Context, appPath string) (*types.AppGetResponse, error)

func (*Server) GetAppEntry

func (s *Server) GetAppEntry(ctx context.Context, tx types.Transaction, pathDomain types.AppPathDomain) (*types.AppEntry, error)

func (*Server) GetAppSpec

func (s *Server) GetAppSpec(name types.AppSpec) types.SpecFiles

func (*Server) GetApps

func (s *Server) GetApps(ctx context.Context, appPathGlob string, internal bool) ([]types.AppResponse, error)

func (*Server) GetBinding added in v0.17.2

func (s *Server) GetBinding(ctx context.Context, path string) (*types.Binding, error)

func (*Server) GetBindingAccount added in v0.17.4

func (s *Server) GetBindingAccount(ctx context.Context, path string, useStaging bool) (map[string]string, error)

func (*Server) GetBindingWithAccount added in v0.17.5

func (s *Server) GetBindingWithAccount(ctx context.Context, tx types.Transaction, path string) (*types.Binding, error)

GetBindingWithAccount gets the binding with the account info un-redacted.

func (*Server) GetConfigVersion added in v0.18.4

func (s *Server) GetConfigVersion(ctx context.Context, versionId string) (*types.DynamicConfig, error)

GetConfigVersion returns one full config snapshot from the history

func (*Server) GetDynamicConfig added in v0.14.10

func (s *Server) GetDynamicConfig() types.DynamicConfig

func (*Server) GetListAppsApp

func (s *Server) GetListAppsApp(ctx context.Context) (*app.App, error)

func (*Server) GetManagedContainer added in v0.18.4

func (s *Server) GetManagedContainer(ctx context.Context, id string, withStats bool) (*ContainerDetail, error)

GetManagedContainer returns the details of one OpenRun managed container. withStats also collects live resource stats and disk usage, which are slow (docker stats samples for about two seconds)

func (*Server) GetManagedContainerLogs added in v0.18.4

func (s *Server) GetManagedContainerLogs(ctx context.Context, id string, tail int) (string, error)

GetManagedContainerLogs returns the last tail lines of the container logs

func (*Server) GetRBACDynamicConfig added in v0.18.4

func (s *Server) GetRBACDynamicConfig(ctx context.Context) (*types.DynamicConfig, *types.ConfigDraft, error)

GetRBACDynamicConfig returns the live dynamic config and the staged draft (nil when there is none) for the configuration UI

func (*Server) InsertAuditEvent

func (s *Server) InsertAuditEvent(event *types.AuditEvent) error

InsertAuditEvent queues the event for the background audit writer. The write happens asynchronously (batched into one transaction per burst) so the request path does not block on a database write per event. A copy of the event is queued, callers can reuse the struct. Call FlushAuditEvents before reading the audit table to see previously queued events.

func (*Server) KVInitConstant added in v0.15.3

func (s *Server) KVInitConstant(ctx context.Context, keyName string, newValue []byte) ([]byte, error)

KVInitConstant initializes a constant value in the DB. If the value already exists, it returns the existing value. If the value does not exist, it inserts the new value and returns it. If another server inserts the value concurrently, it fetches the value from the DB and returns it.

func (*Server) ListAppAuths added in v0.18.4

func (s *Server) ListAppAuths() []string

ListAppAuths returns the auth types an app can be configured with: the built-in types followed by the oauth, saml (saml_ prefixed) and client cert auth entries configured on this server. The rbac: prefix and +forward_ modifiers are not expanded here

func (*Server) ListBindings added in v0.17.2

func (s *Server) ListBindings(ctx context.Context, source string) ([]*types.Binding, error)

func (*Server) ListConfigHistory added in v0.18.4

func (s *Server) ListConfigHistory(ctx context.Context) ([]types.ConfigHistoryEntry, error)

ListConfigHistory returns the dynamic config snapshots, newest first

func (*Server) ListManagedContainers added in v0.18.4

func (s *Server) ListManagedContainers(ctx context.Context) ([]ContainerInfo, error)

ListManagedContainers lists the containers managed by OpenRun. For docker or podman these are the containers carrying the OpenRun labels; for Kubernetes these are the pods in the OpenRun apps namespace

func (*Server) ListServices added in v0.17.2

func (s *Server) ListServices(ctx context.Context, serviceType, name string) ([]*types.Service, error)

func (*Server) ListSyncEntries

func (s *Server) ListSyncEntries(ctx context.Context) (*types.SyncListResponse, error)

func (*Server) MatchApp

func (s *Server) MatchApp(hostHeader, matchPath string) (types.AppInfo, error)

func (*Server) ParseGlob

func (s *Server) ParseGlob(appGlob string) ([]types.AppInfo, error)

func (*Server) PreviewApp

func (s *Server) PreviewApp(ctx context.Context, mainAppPath, commitId string, approve, dryRun bool) (*types.AppPreviewResponse, error)

func (*Server) PromoteApps

func (s *Server) PromoteApps(ctx context.Context, appPathGlob string, dryRun bool) (*types.AppPromoteResponse, error)

func (*Server) PublishRBACConfig added in v0.18.4

func (s *Server) PublishRBACConfig(ctx context.Context, draftVersion string, force bool) (*types.DynamicConfig, error)

PublishRBACConfig validates the draft config and swaps it live atomically. draftVersion must match the current draft (the publisher has seen the latest edits); the live config must still be the draft's base version unless force is set (a CLI file upload mid-draft surfaces here)

func (*Server) ReloadApp

func (s *Server) ReloadApp(ctx context.Context, tx types.Transaction, appEntry *types.AppEntry, stageAppEntry *types.AppEntry,
	approve, dryRun, promote bool, branch, commit, gitAuth string, repoCache *RepoCache, forceReload, verify bool) (*types.AppReloadResult, error)

func (*Server) ReloadApps

func (s *Server) ReloadApps(ctx context.Context, appPathGlob string, approve, dryRun, promote bool,
	branch, commit, gitAuth string, forceReload, verify bool) (_ *types.AppReloadResponse, retErr error)

func (*Server) ReplaceAppParams added in v0.18.4

func (s *Server) ReplaceAppParams(ctx context.Context, appPathGlob string, dryRun, promote bool, params map[string]string) (*types.AppStagedUpdateResponse, error)

ReplaceAppParams replaces all the param values for apps matching the glob. The change applies to staging and is promoted to prod when promote is set

func (*Server) RequestStop added in v0.17.8

func (s *Server) RequestStop()

func (*Server) RestoreConfig added in v0.18.4

func (s *Server) RestoreConfig(ctx context.Context, historyVersionId string, force bool) (*types.DynamicConfig, error)

RestoreConfig restores the full dynamic config from a history snapshot. The restore is validated like a publish and written as a new version, keeping the history linear. An open draft is unaffected (it CAS's against its base version at publish time)

func (*Server) RunBindingCommand added in v0.17.4

func (s *Server) RunBindingCommand(ctx context.Context, bindingName string, useStaging bool, command string) (map[string]any, error)

func (*Server) RunSync

func (s *Server) RunSync(ctx context.Context, id string, dryRun bool) (_ *types.SyncJobStatus, retErr error)

func (*Server) SaveDynamicConfig added in v0.14.10

func (s *Server) SaveDynamicConfig(ctx context.Context) error

func (*Server) StagedUpdate

func (s *Server) StagedUpdate(ctx context.Context, appPathGlob string, dryRun, promote bool, handler stagedUpdateHandler, args map[string]any, op string) (_ *types.AppStagedUpdateResponse, retErr error)

func (*Server) StagedUpdateAppsTx

func (s *Server) StagedUpdateAppsTx(ctx context.Context, tx types.Transaction, appPathGlob string, promote bool, handler stagedUpdateHandler, args map[string]any) ([]any, []types.AppPathDomain, []types.AppPathDomain, error)

func (*Server) Start

func (s *Server) Start() error

Start starts the OpenRun Server

func (*Server) StartManagedContainer added in v0.18.4

func (s *Server) StartManagedContainer(ctx context.Context, id string) error

StartManagedContainer starts a stopped OpenRun managed container

func (*Server) Stop

func (s *Server) Stop(ctx context.Context) error

Stop stops the OpenRun Server

func (*Server) StopManagedContainer added in v0.18.4

func (s *Server) StopManagedContainer(ctx context.Context, id string) error

StopManagedContainer stops a running OpenRun managed container

func (*Server) StopNotify added in v0.17.8

func (s *Server) StopNotify() <-chan struct{}

func (*Server) TokenCreate

func (s *Server) TokenCreate(ctx context.Context, appPath string, webhookType types.WebhookType, dryRun bool) (*types.TokenCreateResponse, error)

func (*Server) TokenDelete

func (s *Server) TokenDelete(ctx context.Context, appPath string, webhookType types.WebhookType, dryRun bool) (*types.TokenDeleteResponse, error)

func (*Server) TokenList

func (s *Server) TokenList(ctx context.Context, appPath string) (*types.TokenListResponse, error)

func (*Server) UpdateAppParams added in v0.18.4

func (s *Server) UpdateAppParams(ctx context.Context, appPathGlob string, dryRun, promote bool, paramName, paramValue string) (*types.AppStagedUpdateResponse, error)

UpdateAppParams updates a single param value for apps matching the glob. A value of "-" deletes the param. The change applies to staging and is promoted to prod when promote is set

func (*Server) UpdateAppSettings

func (s *Server) UpdateAppSettings(ctx context.Context, appPathGlob string, dryRun bool, updateAppRequest types.UpdateAppRequest) (*types.AppUpdateSettingsResponse, error)

func (*Server) UpdateBinding added in v0.17.2

func (s *Server) UpdateBinding(ctx context.Context, updateRequest types.UpdateBindingRequest, dryRun, promote, reapplyAll bool) (_ *types.Binding, retErr error)

func (*Server) UpdateDynamicConfig added in v0.14.10

func (s *Server) UpdateDynamicConfig(ctx context.Context, newConfig *types.DynamicConfig, force bool) (*types.DynamicConfig, error)

func (*Server) UpdateRBACDraft added in v0.18.4

func (s *Server) UpdateRBACDraft(ctx context.Context, draftVersion string,
	mutate func(*types.RBACConfig) error) (*types.ConfigDraft, error)

UpdateRBACDraft applies one mutation to the draft config. The draft is created from the live config on first edit; draftVersion is the CAS token for edits on an existing draft (two operators editing concurrently conflict instead of overwriting each other). Draft edits do not touch the live config and are not recorded in the config history

func (*Server) UpdateService added in v0.17.2

func (s *Server) UpdateService(ctx context.Context, service *types.Service, dryRun bool) error

func (*Server) VersionFiles

func (s *Server) VersionFiles(ctx context.Context, mainAppPath, version string) (*types.AppVersionFilesResponse, error)

func (*Server) VersionList

func (s *Server) VersionList(ctx context.Context, mainAppPath string) (*types.AppVersionListResponse, error)

func (*Server) VersionSwitch

func (s *Server) VersionSwitch(ctx context.Context, mainAppPath string, dryRun bool, version string) (*types.AppVersionSwitchResponse, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL