Documentation ¶
Index ¶
- Constants
- func AddFilter(newFilter *RegexpFilter)
- func CleanupTempResources() (err error)
- func ConvertX25519Key(ed25519_sk []byte) [32]byte
- func EncryptedConfigExists() (bool, error)
- func GenerateCACert() error
- func GenerateCert() error
- func GeneratePrivateKey(keyLocation string, curve elliptic.Curve, allowRSA bool) error
- func GenerateSessionSecret() error
- func GetBuiltBy() string
- func GetBuiltCommit() string
- func GetBuiltDate() string
- func GetCSRFHandler() (gin.HandlerFunc, error)
- func GetDaemonGID() (int, error)
- func GetDaemonGroup() (string, error)
- func GetDaemonSID() (string, error)
- func GetDaemonUID() (int, error)
- func GetDaemonUser() (string, error)
- func GetEnTranslator() ut.Translator
- func GetEnabledServerString(lowerCase bool) []string
- func GetEncryptedConfigName() (string, error)
- func GetEncryptedContents() (string, error)
- func GetIssuerPrivateJWK() (jwk.Key, error)
- func GetIssuerPublicJWKS() (jwk.Set, error)
- func GetOIDCAuthorizationEndpoint() (result string, err error)
- func GetOIDCClientID() (result string, err error)
- func GetOIDCClientSecret() (result string, err error)
- func GetOIDCDeviceAuthEndpoint() (result string, err error)
- func GetOIDCSupportedScopes() (results []string, err error)
- func GetOIDCTokenEndpoint() (result string, err error)
- func GetOIDCUserInfoEndpoint() (result string, err error)
- func GetPassword(newFile bool) ([]byte, error)
- func GetServerAudience() string
- func GetServerIssuerURL() (string, error)
- func GetTransport() *http.Transport
- func GetValidate() *validator.Validate
- func GetVersion() string
- func HasMultiuserCaps() (result bool, err error)
- func InitClient() error
- func InitConfig()
- func InitServer(ctx context.Context, currentServers ServerType) error
- func InitServerOSDefaults() error
- func IsRootExecution() bool
- func IsServerEnabled(testServer ServerType) bool
- func LoadCertficate(certFile string) (*x509.Certificate, error)
- func LoadPrivateKey(keyLocation string, allowRSA bool) (crypto.PrivateKey, error)
- func LoadSessionSecret() ([]byte, error)
- func MkdirAll(path string, perm os.FileMode, uid int, gid int) error
- func PrintConfig() error
- func PrintPelicanVersion(out *os.File)
- func RemoveFilter(name string)
- func ResetFederationForTest()
- func ResetPassword() error
- func SaveConfigContents(config *OSDFConfig) error
- func SaveConfigContents_internal(config *OSDFConfig, forcePassword bool) error
- func SaveEncryptedContents(encContents []byte) error
- func SavePassword(password []byte) error
- func SetBuiltBy(newBuiltBy string)
- func SetBuiltCommit(newCommit string)
- func SetBuiltDate(builtDate string)
- func SetFederation(fd FederationDiscovery)
- func SetLogging(logLevel log.Level)
- func SetVersion(newVersion string)
- func TryGetPassword() ([]byte, error)
- func UpdateConfigFromListener(ln net.Listener)
- type ConfigPrefix
- type ContextKey
- type FederationDiscovery
- type MetadataErr
- type OSDFConfig
- type OauthIssuer
- type PrefixEntry
- type RegexpFilter
- type RegexpFilterHook
- type ServerType
- func (sType *ServerType) Clear()
- func (sType ServerType) IsEnabled(testServer ServerType) bool
- func (sType *ServerType) Set(server ServerType) ServerType
- func (sType *ServerType) SetList(newServers []ServerType)
- func (sType *ServerType) SetString(name string) bool
- func (sType ServerType) String() string
- type TokenEntry
- type TokenGenerationOpts
- type TokenOperation
- type User
Constants ¶
const ( CacheType ServerType = 1 << iota OriginType DirectorType RegistryType BrokerType LocalCacheType EgrpKey ContextKey = "egrp" )
Variables ¶
This section is empty.
Functions ¶
func AddFilter ¶
func AddFilter(newFilter *RegexpFilter)
func CleanupTempResources ¶
func CleanupTempResources() (err error)
func ConvertX25519Key ¶
func EncryptedConfigExists ¶
func GenerateCACert ¶ added in v1.0.4
func GenerateCACert() error
Helper function to generate a Certificate Authority (CA) certificate and its private key for non-production environment so that we can use the private key of the CA to sign the host certificate
func GenerateCert ¶
func GenerateCert() error
Generate a TLS certificate (host certificate) and its private key for non-production environment if the requied TLS files are not present
func GeneratePrivateKey ¶
Check if a file exists at keyLocation, return the file if so; otherwise, generate and writes a PEM-encoded ECDSA-encrypted private key with elliptic curve assigned by curve
func GenerateSessionSecret ¶
func GenerateSessionSecret() error
Check if there is a session secret exists at param.Server_SessionSecretFile and is not empty if there is one. If not, generate the secret to encrypt/decrypt session cookie
func GetBuiltBy ¶
func GetBuiltBy() string
func GetBuiltCommit ¶
func GetBuiltCommit() string
func GetBuiltDate ¶
func GetBuiltDate() string
func GetCSRFHandler ¶
func GetCSRFHandler() (gin.HandlerFunc, error)
func GetDaemonGID ¶
func GetDaemonGroup ¶
func GetDaemonSID ¶ added in v1.0.4
func GetDaemonUID ¶
func GetDaemonUser ¶
func GetEnTranslator ¶
func GetEnTranslator() ut.Translator
func GetEnabledServerString ¶
Get a string slice of currently enabled servers, sorted by alphabetical order. By default, it calls String method of each enabled server. To get strings in lowerCase, set lowerCase = true.
func GetEncryptedConfigName ¶
func GetEncryptedContents ¶
Return the PEM-formatted contents of the encrypted configuration file
func GetIssuerPrivateJWK ¶ added in v1.0.4
Return the private JWK for the server to sign tokens
func GetIssuerPublicJWKS ¶ added in v1.0.4
Check if a valid JWKS file exists at Server_IssuerJwks, return that file if so; otherwise, generate and store a private key at IssuerKey and return a public key of that private key, encapsulated in the JWKS format
The private key generated is loaded to issuerPrivateJWK variable which is used for this server to sign JWTs it issues. The public key returned will be exposed publicly for other servers to verify JWTs signed by this server, typically via a well-known URL i.e. "/.well-known/issuer.jwks"
func GetOIDCAuthorizationEndpoint ¶ added in v1.0.4
func GetOIDCClientID ¶ added in v1.0.4
func GetOIDCClientSecret ¶ added in v1.0.4
func GetOIDCDeviceAuthEndpoint ¶ added in v1.0.4
func GetOIDCSupportedScopes ¶ added in v1.0.4
func GetOIDCTokenEndpoint ¶ added in v1.0.4
func GetOIDCUserInfoEndpoint ¶ added in v1.0.4
func GetPassword ¶
func GetServerAudience ¶
func GetServerAudience() string
Return an audience string appropriate for the current server
func GetServerIssuerURL ¶
func GetTransport ¶ added in v1.0.4
function to get/setup the transport (only once)
func GetValidate ¶
func GetValidate() *validator.Validate
Get singleton global validte method for field validation
func HasMultiuserCaps ¶
Determine whether the current process has the capabilities necessary for running xrootd in multiuser mode.
func InitClient ¶
func InitClient() error
func InitConfig ¶ added in v1.0.4
func InitConfig()
func InitServer ¶
func InitServer(ctx context.Context, currentServers ServerType) error
Initialize Pelican server instance. Pass a bit mask of `currentServers` if you want to enable multiple services. Note not all configurations are supported: currently, if you enable both cache and origin then an error is thrown
func InitServerOSDefaults ¶ added in v1.0.4
func InitServerOSDefaults() error
func IsRootExecution ¶
func IsRootExecution() bool
func IsServerEnabled ¶
func IsServerEnabled(testServer ServerType) bool
IsServerEnabled checks if testServer is enabled in the current process.
Use this function to check which server(s) are running in the current process.
func LoadCertficate ¶ added in v1.0.4
func LoadCertficate(certFile string) (*x509.Certificate, error)
Read a PEM-encoded TLS certficate file, parse and return the first certificate appeared in the chain. Return error if there's no cert present in the file
func LoadPrivateKey ¶
func LoadPrivateKey(keyLocation string, allowRSA bool) (crypto.PrivateKey, error)
Return a pointer to an ECDSA private key or RSA private key read from keyLocation.
This can be used to load ECDSA or RSA private key for various purposes, including IssuerKey, TLSKey, and TLSCAKey
If allowRSA is false, an RSA key in the keyLocation gives error
func LoadSessionSecret ¶
Load session secret from Server_SessionSecretFile. Generate session secret if no file present.
func MkdirAll ¶
This is the pelican version of `MkdirAll`; ensures that any created directory is owned by a given uid/gid. This allows the created directory to be owned by the xrootd user. The base implementation is taken from the go std library, here: - https://cs.opensource.google/go/go/+/refs/tags/go1.21.0:src/os/path.go;l=18 The BSD license for go is compatible with pelican's
func PrintPelicanVersion ¶
func RemoveFilter ¶
func RemoveFilter(name string)
func ResetFederationForTest ¶
func ResetFederationForTest()
Reset the fedDiscoveryOnce to update federation metadata values for GetFederation(). Should only used for unit tests
func ResetPassword ¶
func ResetPassword() error
func SaveConfigContents ¶
func SaveConfigContents(config *OSDFConfig) error
func SaveConfigContents_internal ¶
func SaveConfigContents_internal(config *OSDFConfig, forcePassword bool) error
func SaveEncryptedContents ¶
func SavePassword ¶
func SetBuiltBy ¶
func SetBuiltBy(newBuiltBy string)
func SetBuiltCommit ¶
func SetBuiltCommit(newCommit string)
func SetBuiltDate ¶
func SetBuiltDate(builtDate string)
func SetFederation ¶
func SetFederation(fd FederationDiscovery)
Set the current global federation metadata
func SetLogging ¶ added in v1.0.4
func SetVersion ¶
func SetVersion(newVersion string)
Overrides the version of the current binary
Intended mainly for use in unit tests
func TryGetPassword ¶
Types ¶
type ConfigPrefix ¶
type ConfigPrefix string
Structs holding the OAuth2 state (and any other OSDF config needed)
const ( PelicanPrefix ConfigPrefix = "PELICAN" OsdfPrefix ConfigPrefix = "OSDF" StashPrefix ConfigPrefix = "STASH" )
func GetAllPrefixes ¶
func GetAllPrefixes() []ConfigPrefix
Get the list of valid prefixes for this binary. Given there's been so many renames of the project (stash -> osdf -> pelican), we allow multiple prefixes when searching through environment variables.
func GetPreferredPrefix ¶
func GetPreferredPrefix() ConfigPrefix
Based on the name of the current binary, determine the preferred "style" of behavior. For example, a binary with the "osdf_" prefix should utilize the known URLs for OSDF. For "pelican"-style commands, the user will need to manually configure the location of the director endpoint.
func SetPreferredPrefix ¶
func SetPreferredPrefix(newPref ConfigPrefix) (oldPref ConfigPrefix, err error)
Override the auto-detected preferred prefix; mostly meant for unittests. Returns the old preferred prefix.
func (ConfigPrefix) String ¶
func (cp ConfigPrefix) String() string
type ContextKey ¶
type ContextKey string
Structs holding the OAuth2 state (and any other OSDF config needed)
type FederationDiscovery ¶
type FederationDiscovery struct { DirectorEndpoint string `json:"director_endpoint"` NamespaceRegistrationEndpoint string `json:"namespace_registration_endpoint"` JwksUri string `json:"jwks_uri"` BrokerEndpoint string `json:"broker_endpoint"` }
Structs holding the OAuth2 state (and any other OSDF config needed)
func DiscoverUrlFederation ¶
func DiscoverUrlFederation(ctx context.Context, federationDiscoveryUrl string) (metadata FederationDiscovery, err error)
This function is for discovering federations as specified by a url during a pelican:// transfer. this does not populate global fields and is more temporary per url
func GetFederation ¶
func GetFederation(ctx context.Context) (FederationDiscovery, error)
Retrieve the federation service information from the configuration.
The calculation of the federation info is delayed until needed. As long as this is invoked after `InitClient` / `InitServer`, it is thread-safe. If invoked before things are configured, it must be done from a single-threaded context.
type MetadataErr ¶
type MetadataErr struct {
// contains filtered or unexported fields
}
Structs holding the OAuth2 state (and any other OSDF config needed)
var ( RestartFlag = make(chan any) // A channel flag to restart the server instance that launcher listens to (including cache) MetadataTimeoutErr *MetadataErr = &MetadataErr{msg: "Timeout when querying metadata"} )
func NewMetadataError ¶
func NewMetadataError(err error, msg string) *MetadataErr
This function creates a new MetadataError by wrapping the previous error
func (*MetadataErr) Error ¶
func (e *MetadataErr) Error() string
func (*MetadataErr) Is ¶
func (e *MetadataErr) Is(target error) bool
func (*MetadataErr) Unwrap ¶
func (e *MetadataErr) Unwrap() error
func (*MetadataErr) Wrap ¶
func (e *MetadataErr) Wrap(err error) error
type OSDFConfig ¶
type OSDFConfig struct { // Top-level OSDF object OSDF struct { // List of OAuth2 client configurations OauthClient []PrefixEntry `yaml:"oauth_client,omitempty"` } `yaml:"OSDF"` }
Structs holding the OAuth2 state (and any other OSDF config needed)
func GetCredentialConfigContents ¶
func GetCredentialConfigContents() (OSDFConfig, error)
Returns the current contents of the credential configuration from disk.
type OauthIssuer ¶ added in v1.0.4
type OauthIssuer struct { Issuer string `json:"issuer"` AuthURL string `json:"authorization_endpoint"` DeviceAuthURL string `json:"device_authorization_endpoint"` TokenURL string `json:"token_endpoint"` RegistrationURL string `json:"registration_endpoint"` UserInfoURL string `json:"userinfo_endpoint"` GrantTypes []string `json:"grant_types_supported"` ScopesSupported []string `json:"scopes_supported"` }
func GetIssuerMetadata ¶ added in v1.0.4
func GetIssuerMetadata(issuer_url string) (*OauthIssuer, error)
Get OIDC issuer metadata from an OIDC issuer URL. The URL should not contain the path to /.well-known/openid-configuration
type PrefixEntry ¶
type PrefixEntry struct { // OSDF namespace prefix Prefix string `yaml:"prefix"` ClientID string `yaml:"client_id"` ClientSecret string `yaml:"client_secret"` Tokens []TokenEntry `yaml:"tokens,omitempty"` }
Structs holding the OAuth2 state (and any other OSDF config needed)
type RegexpFilter ¶
type RegexpFilterHook ¶
type RegexpFilterHook struct {
// contains filtered or unexported fields
}
A logrus hook that carries a list of regexp-based "filters". If any of the filters matches the incoming log line, the corresponding callback is invoked.
func (*RegexpFilterHook) Fire ¶
func (fh *RegexpFilterHook) Fire(entry *log.Entry) (err error)
Process a single log entry coming from logrus; iterate through the internal list of regexp filters and invoke any callbacks for regexps that match the entry.Message.
func (*RegexpFilterHook) Levels ¶
func (fh *RegexpFilterHook) Levels() []log.Level
type ServerType ¶ added in v1.0.4
type ServerType int // ServerType is a bit mask indicating which Pelican server(s) are running in the current process
Structs holding the OAuth2 state (and any other OSDF config needed)
func (ServerType) IsEnabled ¶
func (sType ServerType) IsEnabled(testServer ServerType) bool
IsEnabled checks if a testServer is in the ServerType instance
func (*ServerType) Set ¶
func (sType *ServerType) Set(server ServerType) ServerType
Enable a single server type in the bitmask
func (*ServerType) SetList ¶
func (sType *ServerType) SetList(newServers []ServerType)
Set sets a list of newServers to ServerType instance
func (*ServerType) SetString ¶
func (sType *ServerType) SetString(name string) bool
func (ServerType) String ¶ added in v1.0.4
func (sType ServerType) String() string
Get the string representation of a ServerType instance. This is intended for getting the string form of a single ServerType contant, such as CacheType OriginType, etc. To get a string slice of enabled servers, use EnabledServerString()
type TokenEntry ¶
type TokenEntry struct { Expiration int64 `yaml:"expiration"` AccessToken string `yaml:"access_token"` RefreshToken string `yaml:"refresh_token,omitempty"` }
Structs holding the OAuth2 state (and any other OSDF config needed)
type TokenGenerationOpts ¶ added in v1.0.4
type TokenGenerationOpts struct {
Operation TokenOperation
}
Structs holding the OAuth2 state (and any other OSDF config needed)
type TokenOperation ¶ added in v1.0.4
type TokenOperation int
Structs holding the OAuth2 state (and any other OSDF config needed)
const ( TokenWrite TokenOperation = iota TokenRead )