config

package
v4.0.0-alpha.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2020 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Run this mode to create receive Manifests and create IndexReports.
	IndexerMode = "indexer"
	// Run this mode to retrieve IndexReports and create VulnerabilityReports.
	MatcherMode = "matcher"
	// Run this mode to run all modes in a single Clair instance.
	ComboMode = "combo"
	// Run this mode to listen for Updates and send notifications when they occur.
	NotifierMode = "notifier"
)

Clair Modes

View Source 
const DefaultAddress = ":6060"

DefaultAddress is used if an http_listen_addr is not provided in the config.

Variables

This section is empty.

Functions

func Validate 

func Validate(conf Config) error

Validate confirms the required config values are present and sets defaults where sane to do so.

Types

type Auth 

type Auth struct {
	PSK       *AuthPSK       `yaml:"psk,omitempty"`
	Keyserver *AuthKeyserver `yaml:"keyserver,omitempty"`
}

Auth holds the specific configs for different authentication methods.

These should be pointers to structs, so that it's possible to distinguish between "absent" and "present and misconfigured."

func (Auth) Any 

func (a Auth) Any() bool

Any reports whether any sort of authentication is configured.

type AuthKeyserver 

type AuthKeyserver struct {
	API          string `yaml:"api"`
	Intraservice []byte `yaml:"intraservice"`
}

AuthKeyserver is the configuration for doing authentication with the Quay keyserver protocol.

The "Intraservice" key is only needed when the overall config mode is not "combo".

func (*AuthKeyserver) UnmarshalYAML 

func (a *AuthKeyserver) UnmarshalYAML(f func(interface{}) error) error

UnmarshalYAML implements yaml.Unmarshaler.

type AuthPSK 

type AuthPSK struct {
	Key    []byte `yaml:"key"`
	Issuer string `yaml:"iss"`
}

AuthPSK is the configuration for doing pre-shared key based authentication.

The "Issuer" key is what the service expects to verify as the "issuer claim.

func (*AuthPSK) UnmarshalYAML 

func (a *AuthPSK) UnmarshalYAML(f func(interface{}) error) error

UnmarshalYAML implements yaml.Unmarshaler.

type Config 

type Config struct {
	// One of the following strings
	// Sets which mode the clair instances will run in
	//
	// "indexer": runs just the indexer node
	// "matcher": runs just the matcher node
	// "combo":	will run both indexer and matcher on the same node.
	Mode string `yaml:"-"`
	// A string in <host>:<port> format where <host> can be an empty string.
	//
	// exposes Clair node's functionality to the network.
	// see /openapi/v1 for api spec.
	HTTPListenAddr string `yaml:"http_listen_addr"`
	// A string in <host>:<port> format where <host> can be an empty string.
	//
	// exposes Clair's metrics and health endpoints.
	IntrospectionAddr string `yaml:"introspection_addr"`
	// Set the logging level.
	//
	// One of the following strings:
	// "debug-color"
	// "debug"
	// "info"
	// "warn"
	// "error"
	// "fatal"
	// "panic"
	LogLevel string `yaml:"log_level"`
	// See Indexer for details
	Indexer Indexer `yaml:"indexer"`
	// See Matcher for details
	Matcher Matcher `yaml:"matcher"`
	Auth    Auth    `yaml:"auth"`
	Trace   Trace   `yaml:"trace"`
	Metrics Metrics `yaml:"metrics"`
}

func (*Config) Client 

func (cfg *Config) Client(next *http.Transport) (c *http.Client, authed bool, err error)

Client returns an http.Client configured according to the supplied configuration.

It returns an *http.Client and a boolean indicating whether the client is configured for authentication, or an error that occurred during construction.

type Dogstatsd 

type Dogstatsd struct {
	URL string `yaml:"url"`
}

type Indexer 

type Indexer struct {
	// A Postgres connection string.
	//
	// formats
	// url: "postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full"
	// or
	// string: "user=pqgotest dbname=pqgotest sslmode=verify-full"
	ConnString string `yaml:"connstring"`
	// A positive value representing seconds.
	//
	// Concurrent Indexers lock on manifest scans to avoid clobbering.
	// This value tunes how often a waiting Indexer will poll for the lock.
	// TODO: Move to async operating mode
	ScanLockRetry int `yaml:"scanlock_retry"`
	// A positive values represeting quantity.
	//
	// Indexers will index a Manifest's layers concurrently.
	// This value tunes the number of layers an Indexer will scan in parallel.
	LayerScanConcurrency int `yaml:"layer_scan_concurrency"`
	// A "true" or "false" value
	//
	// Whether Indexer nodes handle migrations to their database.
	Migrations bool `yaml:"migrations"`
}

Indexer provides Clair Indexer node configuration

type Jaeger 

type Jaeger struct {
	Agent struct {
		Endpoint string `yaml:"agent_endpoint"`
	} `yaml:",inline"`
	Collector struct {
		Endpoint string  `yaml:"collector_endpoint"`
		Username *string `yaml:"username"`
		Password *string `yaml:"password"`
	} `yaml:",inline"`
	ServiceName string            `yaml:"service_name"`
	Tags        map[string]string `yaml:"tags"`
	BufferMax   int               `yaml:"buffer_max"`
}

type Matcher 

type Matcher struct {
	// A Postgres connection string.
	//
	// Formats:
	// url: "postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full"
	// or
	// string: "user=pqgotest dbname=pqgotest sslmode=verify-full"
	ConnString string `yaml:"connstring"`
	// A positive integer
	//
	// Clair allows for a custom connection pool size.
	// This number will directly set how many active sql
	// connections are allowed concurrently.
	MaxConnPool int `yaml:"max_conn_pool"`
	// A string in <host>:<port> format where <host> can be an empty string.
	//
	// A Matcher contacts an Indexer to create a VulnerabilityReport.
	// The location of this Indexer is required.
	IndexerAddr string `yaml:"indexer_addr"`
	// A "true" or "false" value
	//
	// Whether Matcher nodes handle migrations to their databases.
	Migrations bool `yaml:"migrations"`
	// A slice of strings representing which
	// updaters matcher will create.
	//
	// If nil all default UpdaterSets will be used
	//
	// The following sets are supported:
	// "alpine"
	// "aws"
	// "debian"
	// "oracle"
	// "photon"
	// "pyupio"
	// "rhel"
	// "suse"
	// "ubuntu"
	UpdaterSets []string `yaml:"updater_sets"`
}

type Metrics 

type Metrics struct {
	Name       string     `yaml:"name"`
	Prometheus Prometheus `yaml:"prometheus"`
	Dogstatsd  Dogstatsd  `yaml:"dogstatsd"`
}

type Prometheus 

type Prometheus struct {
	Endpoint *string `yaml:"endpoint"`
}

type Trace 

type Trace struct {
	Name        string   `yaml:"name"`
	Probability *float64 `yaml:"probability"`
	Jaeger      Jaeger   `yaml:"jaeger"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.