config

package
v0.0.0-...-c116fac Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2024 License: Apache-2.0 Imports: 58 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CacheType ServerType = 1 << iota
	OriginType
	DirectorType
	RegistryType
	BrokerType
	LocalCacheType

	EgrpKey ContextKey = "egrp"
)

Variables

This section is empty.

Functions

func AddFilter 

func AddFilter(newFilter *RegexpFilter)

func CleanupTempResources 

func CleanupTempResources() (err error)

func ConvertX25519Key 

func ConvertX25519Key(ed25519_sk []byte) [32]byte

func EncryptedConfigExists 

func EncryptedConfigExists() (bool, error)

func GenerateCACert added in v1.0.4 

func GenerateCACert() error

Helper function to generate a Certificate Authority (CA) certificate and its private key for non-production environment so that we can use the private key of the CA to sign the host certificate

func GenerateCert 

func GenerateCert() error

Generate a TLS certificate (host certificate) and its private key for non-production environment if the requied TLS files are not present

func GeneratePrivateKey 

func GeneratePrivateKey(keyLocation string, curve elliptic.Curve, allowRSA bool) error

Check if a file exists at keyLocation, return the file if so; otherwise, generate and writes a PEM-encoded ECDSA-encrypted private key with elliptic curve assigned by curve

func GenerateSessionSecret 

func GenerateSessionSecret() error

Check if there is a session secret exists at param.Server_SessionSecretFile and is not empty if there is one. If not, generate the secret to encrypt/decrypt session cookie

func GetBuiltBy 

func GetBuiltBy() string

func GetBuiltCommit 

func GetBuiltCommit() string

func GetBuiltDate 

func GetBuiltDate() string

func GetCSRFHandler 

func GetCSRFHandler() (gin.HandlerFunc, error)

func GetDaemonGID 

func GetDaemonGID() (int, error)

func GetDaemonGroup 

func GetDaemonGroup() (string, error)

func GetDaemonSID added in v1.0.4 

func GetDaemonSID() (string, error)

func GetDaemonUID 

func GetDaemonUID() (int, error)

func GetDaemonUser 

func GetDaemonUser() (string, error)

func GetEnabledServerString 

func GetEnabledServerString(lowerCase bool) []string

Get a string slice of currently enabled servers, sorted by alphabetical order. By default, it calls String method of each enabled server. To get strings in lowerCase, set lowerCase = true.

func GetEncryptedConfigName 

func GetEncryptedConfigName() (string, error)

func GetEncryptedContents 

func GetEncryptedContents() (string, error)

func GetIssuerPrivateJWK added in v1.0.4 

func GetIssuerPrivateJWK() (jwk.Key, error)

Return the private JWK for the server to sign tokens

func GetIssuerPublicJWKS added in v1.0.4 

func GetIssuerPublicJWKS() (jwk.Set, error)

Check if a valid JWKS file exists at Server_IssuerJwks, return that file if so; otherwise, generate and store a private key at IssuerKey and return a public key of that private key, encapsulated in the JWKS format

The private key generated is loaded to issuerPrivateJWK variable which is used for this server to sign JWTs it issues. The public key returned will be exposed publicly for other servers to verify JWTs signed by this server, typically via a well-known URL i.e. "/.well-known/issuer.jwks"

func GetOIDCAuthorizationEndpoint added in v1.0.4 

func GetOIDCAuthorizationEndpoint() (result string, err error)

func GetOIDCClientID added in v1.0.4 

func GetOIDCClientID() (result string, err error)

func GetOIDCClientSecret added in v1.0.4 

func GetOIDCClientSecret() (result string, err error)

func GetOIDCDeviceAuthEndpoint added in v1.0.4 

func GetOIDCDeviceAuthEndpoint() (result string, err error)

func GetOIDCSupportedScopes added in v1.0.4 

func GetOIDCSupportedScopes() (results []string, err error)

func GetOIDCTokenEndpoint added in v1.0.4 

func GetOIDCTokenEndpoint() (result string, err error)

func GetOIDCUserInfoEndpoint added in v1.0.4 

func GetOIDCUserInfoEndpoint() (result string, err error)

func GetPassword 

func GetPassword(newFile bool) ([]byte, error)

func GetServerAudience 

func GetServerAudience() string

Return an audience string appropriate for the current server

func GetServerIssuerURL 

func GetServerIssuerURL() (string, error)

func GetTransport added in v1.0.4 

func GetTransport() *http.Transport

function to get/setup the transport (only once)

func GetValidate 

func GetValidate() *validator.Validate

Get singleton global validte method for field validation

func GetVersion 

func GetVersion() string

Returns the version of the current binary

func HasMultiuserCaps 

func HasMultiuserCaps() (result bool, err error)

Determine whether the current process has the capabilities necessary for running xrootd in multiuser mode.

func InitClient 

func InitClient() error

func InitConfig added in v1.0.4 

func InitConfig()

func InitServer 

func InitServer(ctx context.Context, currentServers ServerType) error

Initialize Pelican server instance. Pass a bit mask of `currentServers` if you want to enable multiple services. Note not all configurations are supported: currently, if you enable both cache and origin then an error is thrown

func InitServerOSDefaults added in v1.0.4 

func InitServerOSDefaults() error

func IsRootExecution 

func IsRootExecution() bool

func IsServerEnabled 

func IsServerEnabled(testServer ServerType) bool

IsServerEnabled checks if testServer is enabled in the current process.

Use this function to check which server(s) are running in the current process.

func LoadCertficate added in v1.0.4 

func LoadCertficate(certFile string) (*x509.Certificate, error)

Read a PEM-encoded TLS certficate file, parse and return the first certificate appeared in the chain. Return error if there's no cert present in the file

func LoadPrivateKey 

func LoadPrivateKey(keyLocation string, allowRSA bool) (crypto.PrivateKey, error)

Return a pointer to an ECDSA private key or RSA private key read from keyLocation.

This can be used to load ECDSA or RSA private key for various purposes, including IssuerKey, TLSKey, and TLSCAKey

If allowRSA is false, an RSA key in the keyLocation gives error

func LoadSessionSecret 

func LoadSessionSecret() ([]byte, error)

Load session secret from Server_SessionSecretFile. Generate session secret if no file present.

func MkdirAll 

func MkdirAll(path string, perm os.FileMode, uid int, gid int) error

This is the pelican version of `MkdirAll`; ensures that any created directory is owned by a given uid/gid. This allows the created directory to be owned by the xrootd user. The base implementation is taken from the go std library, here: - https://cs.opensource.google/go/go/+/refs/tags/go1.21.0:src/os/path.go;l=18 The BSD license for go is compatible with pelican's

func PrintConfig 

func PrintConfig() error

Print Pelican configuration to stderr

func PrintPelicanVersion 

func PrintPelicanVersion(out *os.File)

func RemoveFilter 

func RemoveFilter(name string)

func ResetFederationForTest 

func ResetFederationForTest()

Reset the fedDiscoveryOnce to update federation metadata values for GetFederation(). Should only used for unit tests

func ResetPassword 

func ResetPassword() error

func SaveConfigContents 

func SaveConfigContents(config *OSDFConfig) error

func SaveConfigContents_internal 

func SaveConfigContents_internal(config *OSDFConfig, forcePassword bool) error

func SaveEncryptedContents 

func SaveEncryptedContents(encContents []byte) error

func SavePassword 

func SavePassword(password []byte) error

func SetBuiltBy 

func SetBuiltBy(newBuiltBy string)

func SetBuiltCommit 

func SetBuiltCommit(newCommit string)

func SetBuiltDate 

func SetBuiltDate(builtDate string)

func SetFederation 

func SetFederation(fd FederationDiscovery)

Set the current global federation metadata

func SetLogging added in v1.0.4 

func SetLogging(logLevel log.Level)

func SetVersion 

func SetVersion(newVersion string)

Overrides the version of the current binary

Intended mainly for use in unit tests

func TryGetPassword 

func TryGetPassword() ([]byte, error)

func UpdateConfigFromListener 

func UpdateConfigFromListener(ln net.Listener)

Types

type ConfigPrefix 

type ConfigPrefix string

Structs holding the OAuth2 state (and any other OSDF config needed) 

const (
	PelicanPrefix ConfigPrefix = "PELICAN"
	OsdfPrefix    ConfigPrefix = "OSDF"
	StashPrefix   ConfigPrefix = "STASH"
)

func GetAllPrefixes 

func GetAllPrefixes() []ConfigPrefix

Get the list of valid prefixes for this binary. Given there's been so many renames of the project (stash -> osdf -> pelican), we allow multiple prefixes when searching through environment variables.

func GetPreferredPrefix 

func GetPreferredPrefix() ConfigPrefix

Based on the name of the current binary, determine the preferred "style" of behavior. For example, a binary with the "osdf_" prefix should utilize the known URLs for OSDF. For "pelican"-style commands, the user will need to manually configure the location of the director endpoint.

func SetPreferredPrefix 

func SetPreferredPrefix(newPref ConfigPrefix) (oldPref ConfigPrefix, err error)

Override the auto-detected preferred prefix; mostly meant for unittests. Returns the old preferred prefix.

func (ConfigPrefix) String 

func (cp ConfigPrefix) String() string

type ContextKey 

type ContextKey string

Structs holding the OAuth2 state (and any other OSDF config needed)

type FederationDiscovery 

type FederationDiscovery struct {
	DirectorEndpoint              string `json:"director_endpoint"`
	NamespaceRegistrationEndpoint string `json:"namespace_registration_endpoint"`
	JwksUri                       string `json:"jwks_uri"`
	BrokerEndpoint                string `json:"broker_endpoint"`
}

Structs holding the OAuth2 state (and any other OSDF config needed)

func DiscoverUrlFederation 

func DiscoverUrlFederation(ctx context.Context, federationDiscoveryUrl string) (metadata FederationDiscovery, err error)

This function is for discovering federations as specified by a url during a pelican:// transfer. this does not populate global fields and is more temporary per url

func GetFederation 

func GetFederation(ctx context.Context) (FederationDiscovery, error)

Retrieve the federation service information from the configuration.

The calculation of the federation info is delayed until needed. As long as this is invoked after `InitClient` / `InitServer`, it is thread-safe. If invoked before things are configured, it must be done from a single-threaded context.

type MetadataErr 

type MetadataErr struct {
	// contains filtered or unexported fields
}

Structs holding the OAuth2 state (and any other OSDF config needed) 

var (
	RestartFlag = make(chan any) // A channel flag to restart the server instance that launcher listens to (including cache)

	MetadataTimeoutErr *MetadataErr = &MetadataErr{msg: "Timeout when querying metadata"}
)

func NewMetadataError 

func NewMetadataError(err error, msg string) *MetadataErr

This function creates a new MetadataError by wrapping the previous error

func (*MetadataErr) Error 

func (e *MetadataErr) Error() string

func (*MetadataErr) Is 

func (e *MetadataErr) Is(target error) bool

func (*MetadataErr) Unwrap 

func (e *MetadataErr) Unwrap() error

func (*MetadataErr) Wrap 

func (e *MetadataErr) Wrap(err error) error

type OSDFConfig 

type OSDFConfig struct {

	// Top-level OSDF object
	OSDF struct {
		// List of OAuth2 client configurations
		OauthClient []PrefixEntry `yaml:"oauth_client,omitempty"`
	} `yaml:"OSDF"`
}

Structs holding the OAuth2 state (and any other OSDF config needed)

func GetConfigContents 

func GetConfigContents() (OSDFConfig, error)

type OauthIssuer added in v1.0.4 

type OauthIssuer struct {
	Issuer          string   `json:"issuer"`
	AuthURL         string   `json:"authorization_endpoint"`
	DeviceAuthURL   string   `json:"device_authorization_endpoint"`
	TokenURL        string   `json:"token_endpoint"`
	RegistrationURL string   `json:"registration_endpoint"`
	UserInfoURL     string   `json:"userinfo_endpoint"`
	GrantTypes      []string `json:"grant_types_supported"`
	ScopesSupported []string `json:"scopes_supported"`
}

func GetIssuerMetadata added in v1.0.4 

func GetIssuerMetadata(issuer_url string) (*OauthIssuer, error)

Get OIDC issuer metadata from an OIDC issuer URL. The URL should not contain the path to /.well-known/openid-configuration

type PrefixEntry 

type PrefixEntry struct {
	// OSDF namespace prefix
	Prefix       string       `yaml:"prefix"`
	ClientID     string       `yaml:"client_id"`
	ClientSecret string       `yaml:"client_secret"`
	Tokens       []TokenEntry `yaml:"tokens,omitempty"`
}

Structs holding the OAuth2 state (and any other OSDF config needed)

type RegexpFilter 

type RegexpFilter struct {
	Regexp *regexp.Regexp
	Name   string
	Levels []log.Level
	Fire   func(*log.Entry) error
}

type RegexpFilterHook 

type RegexpFilterHook struct {
	// contains filtered or unexported fields
}

A logrus hook that carries a list of regexp-based "filters". If any of the filters matches the incoming log line, the corresponding callback is invoked.

func (*RegexpFilterHook) Fire 

func (fh *RegexpFilterHook) Fire(entry *log.Entry) (err error)

Process a single log entry coming from logrus; iterate through the internal list of regexp filters and invoke any callbacks for regexps that match the entry.Message.

func (*RegexpFilterHook) Levels 

func (fh *RegexpFilterHook) Levels() []log.Level

type ServerType added in v1.0.4 

type ServerType int // ServerType is a bit mask indicating which Pelican server(s) are running in the current process

Structs holding the OAuth2 state (and any other OSDF config needed)

func NewServerType 

func NewServerType() ServerType

Create a new, empty ServerType bitmask

func (*ServerType) Clear 

func (sType *ServerType) Clear()

Clear all values in a server type

func (ServerType) IsEnabled 

func (sType ServerType) IsEnabled(testServer ServerType) bool

IsEnabled checks if a testServer is in the ServerType instance

func (*ServerType) Set 

func (sType *ServerType) Set(server ServerType) ServerType

Enable a single server type in the bitmask

func (*ServerType) SetList 

func (sType *ServerType) SetList(newServers []ServerType)

Set sets a list of newServers to ServerType instance

func (*ServerType) SetString 

func (sType *ServerType) SetString(name string) bool

func (ServerType) String added in v1.0.4 

func (sType ServerType) String() string

Get the string representation of a ServerType instance. This is intended for getting the string form of a single ServerType contant, such as CacheType OriginType, etc. To get a string slice of enabled servers, use EnabledServerString()

type TokenEntry 

type TokenEntry struct {
	Expiration   int64  `yaml:"expiration"`
	AccessToken  string `yaml:"access_token"`
	RefreshToken string `yaml:"refresh_token,omitempty"`
}

Structs holding the OAuth2 state (and any other OSDF config needed)

type TokenGenerationOpts added in v1.0.4 

type TokenGenerationOpts struct {
	Operation TokenOperation
}

Structs holding the OAuth2 state (and any other OSDF config needed)

type TokenOperation added in v1.0.4 

type TokenOperation int

Structs holding the OAuth2 state (and any other OSDF config needed) 

const (
	TokenWrite TokenOperation = iota
	TokenRead
	TokenSharedWrite
	TokenSharedRead
)

type User added in v1.0.4 

type User struct {
	Uid       int
	Gid       int
	Sid       string
	Username  string
	Groupname string
	// contains filtered or unexported fields
}

func GetDaemonUserInfo added in v1.0.4 

func GetDaemonUserInfo() (User, error)

func GetOA4MPUser added in v1.0.4 

func GetOA4MPUser() (User, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.