Documentation
¶
Index ¶
- type CPUMetricsConfig
- type DiskMetricsConfig
- type FilesConfig
- type HostMetricsConfig
- type JournalConfig
- type MemoryMetricsConfig
- type MetricsConfig
- type NetworkMetricsConfig
- type PathRule
- type ProcessMetricsConfig
- type ResolvedIdentity
- type SystemdConfig
- type UnitConfig
- type VarScope
- type VarsConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CPUMetricsConfig ¶
type CPUMetricsConfig struct {
Enabled bool `toml:"enabled"`
}
CPUMetricsConfig controls GET /integrations/metrics/cpu.
type DiskMetricsConfig ¶
type DiskMetricsConfig struct {
Enabled bool `toml:"enabled"`
// Paths restricts disk stats to specific mount points.
// All entries must be absolute paths.
// If empty, all mounted filesystems are reported.
Paths []string `toml:"paths"`
}
DiskMetricsConfig controls GET /integrations/metrics/disk.
type FilesConfig ¶
FilesConfig is the parsed and validated representation of files.toml.
type HostMetricsConfig ¶
type HostMetricsConfig struct {
Enabled bool `toml:"enabled"`
}
HostMetricsConfig controls GET /integrations/metrics/host.
type JournalConfig ¶
type JournalConfig struct {
// Enabled gates the per-unit journal endpoint
// (GET /integrations/systemd/units/{unit}/journal).
Enabled bool `toml:"enabled"`
// Priority is the minimum log severity to return.
// Valid values: emerg, alert, crit, err, warning, notice, info, debug.
// Defaults to "info" if omitted.
Priority string `toml:"priority"`
// Lines is the default number of journal lines returned per request.
// Must be a positive integer. Defaults to 100 if omitted.
Lines int `toml:"lines"`
// SystemJournal permits GET /integrations/systemd/journal (system-wide).
// Kept as a dedicated bool because it is a distinct endpoint, not an
// operation variant of the per-unit journal.
SystemJournal bool `toml:"system_journal"`
}
JournalConfig controls journal retrieval behaviour. It applies to both per-unit journal endpoints and the system-wide journal.
type MemoryMetricsConfig ¶
type MemoryMetricsConfig struct {
Enabled bool `toml:"enabled"`
}
MemoryMetricsConfig controls GET /integrations/metrics/memory.
type MetricsConfig ¶
type MetricsConfig struct {
Enabled bool
Host HostMetricsConfig `toml:"host"`
CPU CPUMetricsConfig `toml:"cpu"`
Memory MemoryMetricsConfig `toml:"memory"`
Disk DiskMetricsConfig `toml:"disk"`
Network NetworkMetricsConfig `toml:"network"`
Processes ProcessMetricsConfig `toml:"processes"`
}
MetricsConfig is the parsed and validated representation of metrics.toml.
Each sub-section maps to one metrics endpoint group. Sections are independent — enabling disk does not require enabling cpu, and so on.
type NetworkMetricsConfig ¶
type NetworkMetricsConfig struct {
Enabled bool `toml:"enabled"`
// Interfaces restricts stats to specific network interfaces by name.
// If empty, all interfaces are reported.
Interfaces []string `toml:"interfaces"`
}
NetworkMetricsConfig controls GET /integrations/metrics/network.
type PathRule ¶
type PathRule struct {
// Dir is the directory this rule applies to.
// Must be an absolute path ending with "/".
Dir string `toml:"dir"`
// Allow is the list of permitted operations for this directory.
// Valid values: "read", "write".
Allow []string `toml:"allow"`
// WriteAsUser is the username to drop to when writing files to this path.
// Requires the daemon to hold CAP_SETUID (granted by AmbientCapabilities
// in the systemd unit). If absent, writes succeed as the daemon user.
// Resolved to WriteAs at load time via os/user.Lookup.
UseAsUser string `toml:"use_as_user"`
// WriteAs is the resolved identity for WriteAsUser.
// Zero value (Set=false) means no privilege drop — write as daemon user.
// Populated by LoadFilesConfig; never set directly by callers.
UseAs ResolvedIdentity `toml:"-"`
}
PathRule defines access permissions for a single directory.
Dir must be an absolute path ending with "/". Allow contains the permitted operations for that directory. WriteAsUser is the optional username to drop to when writing files. WriteAs is the resolved identity, populated at load time.
When write_as is set but cannot be honoured (CAP_SETUID absent or username not found), a warning is logged at startup and the write proceeds as the daemon user — the write is NOT disabled.
type ProcessMetricsConfig ¶
type ProcessMetricsConfig struct {
Enabled bool `toml:"enabled"`
// Limit caps the number of processes returned, sorted by CPU usage desc.
// Must be a positive integer, maximum 100.
// Uses a pointer so we can distinguish "omitted" (nil → default 20)
// from "explicitly set to 0" (→ validation error).
Limit *int `toml:"limit"`
}
ProcessMetricsConfig controls GET /integrations/metrics/processes.
type ResolvedIdentity ¶
type ResolvedIdentity struct {
UID int
GID int
Set bool // true when a write_as user was successfully resolved
}
ResolvedIdentity holds a uid/gid resolved from a username at startup.
type SystemdConfig ¶
type SystemdConfig struct {
Enabled bool
Units UnitConfig `toml:"units"`
Journal JournalConfig `toml:"journal"`
}
SystemdConfig is the parsed and validated representation of systemd.toml.
type UnitConfig ¶
type UnitConfig struct {
// Enabled gates all unit operations.
Enabled bool `toml:"enabled"`
// Allow is the list of permitted unit operations.
// Valid values: list, inspect, unit_file, logs, start, stop, restart,
// reload, enable, disable.
// An unknown value is a fatal config error.
Allow []string `toml:"allow"`
}
UnitConfig controls which systemd unit operations are permitted.
type VarScope ¶
type VarScope struct {
// Project is the project identifier (e.g. "myapp").
// Must match ^[a-z0-9_-]+$.
Project string `toml:"project"`
// Env is the environment identifier (e.g. "prod", "staging").
// Must match ^[a-z0-9_-]+$.
Env string `toml:"env"`
// Allow is the list of permitted operations for this scope.
// Valid values: "read", "write".
// At least one value is required.
Allow []string `toml:"allow"`
}
VarScope defines access permissions for a single project+env combination.
Project and Env must both match ^[a-z0-9_-]+$. Allow must contain at least one of "read" or "write". Duplicate project/env pairs are a validation error.
type VarsConfig ¶
VarsConfig is the parsed and validated representation of vars.toml.
Source Files