config

package
v0.0.0-test-multiarch Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2024 License: GPL-3.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Identities 

type Identities struct {
	// contains filtered or unexported fields
}

Identities represents configured accounts and secrets for users and tenants. Identities can be unmarshalled from json in different ways that affect how Load behaves:

  1. true indicates that Load should read identities from the defaults provided
  2. false indicates that Load will always return no identities or error
  3. A string represents a path, rooted in baseDir, to a file containing identities to load
  4. A JSON array that contains a list of identities explicitly defined and returned by Load

func (*Identities) Load 

func (p *Identities) Load(baseDir, defaultFilename string) ([]Identity, error)

func (*Identities) UnmarshalJSON 

func (p *Identities) UnmarshalJSON(data []byte) error

type Identity 

type Identity struct {
	Title   string   `json:"title,omitempty"`
	ID      string   `json:"id,omitempty"`
	Secrets []Secret `json:"secrets,omitempty"`
	Zones   []string `json:"zones,omitempty"`
	Roles   []string `json:"roles,omitempty"`
}

type Keycloak 

type Keycloak struct {
	URL      string `json:"url,omitempty"`
	Realm    string `json:"realm,omitempty"`
	ClientID string `json:"clientID,omitempty"`
}

type Root 

type Root struct {
	system.Config
	// User configures user credential and access token validation for applications acting on behalf of a user.
	// This includes the ability to login using a username and password through OIDC authentication servers like KeyCloak.
	User *User `json:"user,omitempty"`
	// System configures credential and access token validation for applications acting on their own behalf.
	// This includes OAuth2 Client Credentials key exchange and validation backed by different key stores.
	System *System `json:"system,omitempty"`
}

func Default 

func Default() Root

func ReadConfig 

func ReadConfig(data []byte) (Root, error)

type Secret 

type Secret struct {
	Note string `json:"note,omitempty"`
	Hash string `json:"hash,omitempty"`
}

type System 

type System struct {
	// Validity defaults to 15 minutes and specifies how long access tokens generated by client credentials key exchange are valid for.
	Validity *jsontypes.Duration `json:"validity,omitempty"`

	// FileAccounts, when non-nil, causes the system to validate system tokens using a local
	// file of identities and secrets.
	// See Identities for how this field can be represented/configured in JSON.
	FileAccounts *Identities `json:"fileAccounts,omitempty"`
	// TenantAccounts causes the system to validate system tokens using the tenants system.
	// All tokens are deemed invalid if the tenants system is not available.
	TenantAccounts bool `json:"tenantAccounts,omitempty"`
	// CohortAccounts causes the system to validate system tokens using the cohort manager, setup via enrollment.
	// All tokens are deemed invalid if the manager is not known (i.e. the controller is not enrolled), or the manager doesn't support TenantApi.
	CohortAccounts bool `json:"cohortAccounts,omitempty"`
}

type User 

type User struct {
	// Validity defaults to 24 hours and specifies how long access tokens generated by user key exchange are valid for.
	Validity *jsontypes.Duration `json:"validity,omitempty"`

	// FileAccounts enumerates a list of identities that incoming credentials are validated against.
	FileAccounts *Identities `json:"fileAccounts,omitempty"`
	// Keycloak configures access token validation against a KeyCloak server using OIDC.
	Keycloak *keycloak.Config `json:"keycloakAccounts,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.