Documentation ¶
Overview ¶
Package config defines structures and definitions relating to the client's configuration.
Index ¶
- type Configuration
- type FilesystemPersistenceHandler
- func (h *FilesystemPersistenceHandler) ReadCommunicatorConfig() (*clpb.CommunicatorConfig, error)
- func (h *FilesystemPersistenceHandler) ReadServices() ([]*fspb.ClientServiceConfig, error)
- func (h *FilesystemPersistenceHandler) ReadSignedServices() ([]*fspb.SignedClientServiceConfig, error)
- func (h *FilesystemPersistenceHandler) ReadState() (*clpb.ClientState, error)
- func (h *FilesystemPersistenceHandler) WriteState(s *clpb.ClientState) error
- type NoopPersistenceHandler
- func (*NoopPersistenceHandler) ReadCommunicatorConfig() (*clpb.CommunicatorConfig, error)
- func (*NoopPersistenceHandler) ReadServices() ([]*fspb.ClientServiceConfig, error)
- func (*NoopPersistenceHandler) ReadSignedServices() ([]*fspb.SignedClientServiceConfig, error)
- func (*NoopPersistenceHandler) ReadState() (*clpb.ClientState, error)
- func (*NoopPersistenceHandler) SaveSignedService(*fspb.SignedClientServiceConfig) error
- func (*NoopPersistenceHandler) WriteState(s *clpb.ClientState) error
- type PersistenceHandler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Configuration ¶
type Configuration struct { // TrustedCerts is the root certificate pool used when verifying servers. All // servers will need to present a certificate chained back to this pool. // // Hardcoding recommended. TrustedCerts *x509.CertPool // Servers lists the hosts that the client should attempt to connect to, // should be of the form <hostname>:<port>. // // Hardcoding recommended. Servers []string // ClientLabels should all be of the form "client:<label>" and will be // presented to the server as an initial set of labels for this client. ClientLabels []*fspb.Label // PersistenceHandler defines the configuration storage strategy to be used. // Typically it's files on Unix and registry keys on Windows. PersistenceHandler PersistenceHandler // FixedServices are installed and started during client startup without // checking the deployment key. FixedServices []*fspb.ClientServiceConfig // CommunicatorConfig sets default communication parameters, and is meant to // be hardcoded in order to set them for a particular deployment. This can be // overridden on individual machines by providing a communicator.txt in the // configuration directory. CommunicatorConfig *clpb.CommunicatorConfig // RevokedCertSerials is a list of certificate serial numbers which have been // revoked. Revoked serial numbers can also be provided by the server and will // stored to the writeback location, if NoopPersistenceHandler is not used. // Intended for testing and specialized applications - should be hardcoded nil // in normal deployments. RevokedCertSerials [][]byte // If non-nil, proxy used for connecting to the server. // See https://golang.org/pkg/net/http/#Transport.Proxy for details. Proxy *url.URL // If set, the server will validate the client certificate from the request header. // This should be used if TLS is terminated at the load balancer and client certificates // can be passed upstream to the fleetspeak server as an http header. ClientCertificateHeader string }
Configuration gathers the configuration parameters used to instantiate a Fleetspeak Client.
When building a client binary that will be marked as trusted through binary signing, hash whitelisting, or similar, it is recommended that certain of these parameters be hardcoded when calling New(). This mitigates the risk that a trusted Fleetspeak binary will be misused.
type FilesystemPersistenceHandler ¶
type FilesystemPersistenceHandler struct {
// contains filtered or unexported fields
}
FilesystemPersistenceHandler defines the filesystem configuration storage strategy.
func NewFilesystemPersistenceHandler ¶
func NewFilesystemPersistenceHandler(configurationPath, stateFile string) (*FilesystemPersistenceHandler, error)
NewFilesystemPersistenceHandler instantiates a FilesystemPersistenceHandler.
configurationPath is the location to look for additional configuration files. Possible files include:
/communicator.txt - A text format clpb.CommunicatorConfig, used to tweak communicator behavior. /services/<service> - A binary format fspb.SignedClientServiceConfig. One file for each configured service. /textservices/<service> - A text format fspb.ClientServiceConfig
All of these files are optional, though Fleetspeak will not be particularly useful without at least one configured service.
If stateFile is nonempty, the client will attempt to write persistent state to it, in order to preserve identity across restarts.
func (*FilesystemPersistenceHandler) ReadCommunicatorConfig ¶
func (h *FilesystemPersistenceHandler) ReadCommunicatorConfig() (*clpb.CommunicatorConfig, error)
ReadCommunicatorConfig implements PersistenceHandler.
func (*FilesystemPersistenceHandler) ReadServices ¶
func (h *FilesystemPersistenceHandler) ReadServices() ([]*fspb.ClientServiceConfig, error)
ReadServices implements PersistenceHandler.
func (*FilesystemPersistenceHandler) ReadSignedServices ¶
func (h *FilesystemPersistenceHandler) ReadSignedServices() ([]*fspb.SignedClientServiceConfig, error)
ReadSignedServices implements PersistenceHandler.
func (*FilesystemPersistenceHandler) ReadState ¶
func (h *FilesystemPersistenceHandler) ReadState() (*clpb.ClientState, error)
ReadState implements PersistenceHandler.
func (*FilesystemPersistenceHandler) WriteState ¶
func (h *FilesystemPersistenceHandler) WriteState(s *clpb.ClientState) error
WriteState implements PersistenceHandler.
type NoopPersistenceHandler ¶
type NoopPersistenceHandler struct{}
NoopPersistenceHandler indicates that this client should not attempt to maintain state across restarts. If used, every execution will identify itself as a new client.
Intended for testing and specialized applications.
func NewNoopPersistenceHandler ¶
func NewNoopPersistenceHandler() *NoopPersistenceHandler
NewNoopPersistenceHandler instantiates a NoopPersistenceHandler.
func (*NoopPersistenceHandler) ReadCommunicatorConfig ¶
func (*NoopPersistenceHandler) ReadCommunicatorConfig() (*clpb.CommunicatorConfig, error)
ReadCommunicatorConfig implements PersistenceHandler.
func (*NoopPersistenceHandler) ReadServices ¶
func (*NoopPersistenceHandler) ReadServices() ([]*fspb.ClientServiceConfig, error)
ReadServices implements PersistenceHandler.
func (*NoopPersistenceHandler) ReadSignedServices ¶
func (*NoopPersistenceHandler) ReadSignedServices() ([]*fspb.SignedClientServiceConfig, error)
ReadSignedServices implements PersistenceHandler.
func (*NoopPersistenceHandler) ReadState ¶
func (*NoopPersistenceHandler) ReadState() (*clpb.ClientState, error)
ReadState implements PersistenceHandler.
func (*NoopPersistenceHandler) SaveSignedService ¶
func (*NoopPersistenceHandler) SaveSignedService(*fspb.SignedClientServiceConfig) error
SaveSignedService implements PersistenceHandler.
func (*NoopPersistenceHandler) WriteState ¶
func (*NoopPersistenceHandler) WriteState(s *clpb.ClientState) error
WriteState implements PersistenceHandler.
type PersistenceHandler ¶
type PersistenceHandler interface { ReadState() (*clpb.ClientState, error) WriteState(*clpb.ClientState) error ReadCommunicatorConfig() (*clpb.CommunicatorConfig, error) ReadSignedServices() ([]*fspb.SignedClientServiceConfig, error) ReadServices() ([]*fspb.ClientServiceConfig, error) }
PersistenceHandler manages client's configuration storage.