fleetspeak_components

package
v0.1.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_fleetspeak_src_server_components_proto_fleetspeak_components_config_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type AdminConfig 

type AdminConfig struct {

	// The bind address to listen on for connections, e.g. ":443" or
	// "localhost:1234". Required.
	ListenAddress string `protobuf:"bytes,1,opt,name=listen_address,json=listenAddress,proto3" json:"listen_address,omitempty"`
	// contains filtered or unexported fields
}

func (*AdminConfig) Descriptor deprecated 

func (*AdminConfig) Descriptor() ([]byte, []int)

Deprecated: Use AdminConfig.ProtoReflect.Descriptor instead.

func (*AdminConfig) GetListenAddress 

func (x *AdminConfig) GetListenAddress() string

func (*AdminConfig) ProtoMessage 

func (*AdminConfig) ProtoMessage()

func (*AdminConfig) ProtoReflect 

func (x *AdminConfig) ProtoReflect() protoreflect.Message

func (*AdminConfig) Reset 

func (x *AdminConfig) Reset()

func (*AdminConfig) String 

func (x *AdminConfig) String() string

type CleartextHeaderChecksumConfig 

type CleartextHeaderChecksumConfig struct {

	// The name of the HTTP header set by the client that contains the original
	// client certificate. Required.
	ClientCertificateHeader string `` /* 132-byte string literal not displayed */
	// The name of the HTTP header set by the intermediary that contains the
	// client certificate checksum. Required.
	ClientCertificateChecksumHeader string `` /* 158-byte string literal not displayed */
	// contains filtered or unexported fields
}

In this mode Fleetspeak runs in clear text (HTTP). This allows for Fleetspeak to be deployed in a Service Mesh behind a side car proxy that offers a secure communications channel. Fleetspeak accepts a TLS connection from an intermediate actor which terminates the TLS protocol (typically a layer 7 load balancer). The original client passes the certificate it uses for the TLS protocol to the frontend via an HTTP header. The intermediate actor passes a SHA256 checksum of client certificate it receives from the original TLS connection to the frontend via a second HTTP header. The Fleetspeak frontend uses the certificate passed passed from the client to identify it, and uses the hash from the intermediate actor to verify that this certificate was in fact used in the original TLS connection.

func (*CleartextHeaderChecksumConfig) Descriptor deprecated 

func (*CleartextHeaderChecksumConfig) Descriptor() ([]byte, []int)

Deprecated: Use CleartextHeaderChecksumConfig.ProtoReflect.Descriptor instead.

func (*CleartextHeaderChecksumConfig) GetClientCertificateChecksumHeader 

func (x *CleartextHeaderChecksumConfig) GetClientCertificateChecksumHeader() string

func (*CleartextHeaderChecksumConfig) GetClientCertificateHeader 

func (x *CleartextHeaderChecksumConfig) GetClientCertificateHeader() string

func (*CleartextHeaderChecksumConfig) ProtoMessage 

func (*CleartextHeaderChecksumConfig) ProtoMessage()

func (*CleartextHeaderChecksumConfig) ProtoReflect 

func (x *CleartextHeaderChecksumConfig) ProtoReflect() protoreflect.Message

func (*CleartextHeaderChecksumConfig) Reset 

func (x *CleartextHeaderChecksumConfig) Reset()

func (*CleartextHeaderChecksumConfig) String 

func (x *CleartextHeaderChecksumConfig) String() string

type CleartextHeaderConfig 

type CleartextHeaderConfig struct {

	// The name of the HTTP header set by the intermediary that contains the
	// forwarded client certificate. Required.
	ClientCertificateHeader string `` /* 132-byte string literal not displayed */
	// contains filtered or unexported fields
}

In this mode Fleetspeak runs in clear text (HTTP). This allows for Fleetspeak to be deployed in a Service Mesh behind a side car proxy that offers a secure communications channel. Fleetspeak accepts a TLS connection from an intermediate actor which terminates the TLS protocol (typically a layer 7 load balancer). The intermediate actor passes the client certificate it receives from the original TLS connection to the frontend via an HTTP header. The Fleetspeak frontend uses the certificate passed in this header to identify the client.

func (*CleartextHeaderConfig) Descriptor deprecated 

func (*CleartextHeaderConfig) Descriptor() ([]byte, []int)

Deprecated: Use CleartextHeaderConfig.ProtoReflect.Descriptor instead.

func (*CleartextHeaderConfig) GetClientCertificateHeader 

func (x *CleartextHeaderConfig) GetClientCertificateHeader() string

func (*CleartextHeaderConfig) ProtoMessage 

func (*CleartextHeaderConfig) ProtoMessage()

func (*CleartextHeaderConfig) ProtoReflect 

func (x *CleartextHeaderConfig) ProtoReflect() protoreflect.Message

func (*CleartextHeaderConfig) Reset 

func (x *CleartextHeaderConfig) Reset()

func (*CleartextHeaderConfig) String 

func (x *CleartextHeaderConfig) String() string

type CleartextXfccConfig 

type CleartextXfccConfig struct {

	// The name of the HTTP header set by the intermediary envoy that contains
	// the forwarded client certificate. Required.
	ClientCertificateHeader string `` /* 132-byte string literal not displayed */
	// contains filtered or unexported fields
}

In this mode Fleetspeak runs in clear text (HTTP). This allows for Fleetspeak to be deployed in a Service Mesh behind a side car proxy that offers a secure communications channel. Fleetspeak accepts a TLS connection from an intermediate envoy which terminates the mTLS protocol exchange. The intermediate envoy passes the client certificate it receives from the original mTLS connection to the frontend via an HTTP header. The Fleetspeak frontend uses the certificate passed in this header to identify the client.

func (*CleartextXfccConfig) Descriptor deprecated 

func (*CleartextXfccConfig) Descriptor() ([]byte, []int)

Deprecated: Use CleartextXfccConfig.ProtoReflect.Descriptor instead.

func (*CleartextXfccConfig) GetClientCertificateHeader 

func (x *CleartextXfccConfig) GetClientCertificateHeader() string

func (*CleartextXfccConfig) ProtoMessage 

func (*CleartextXfccConfig) ProtoMessage()

func (*CleartextXfccConfig) ProtoReflect 

func (x *CleartextXfccConfig) ProtoReflect() protoreflect.Message

func (*CleartextXfccConfig) Reset 

func (x *CleartextXfccConfig) Reset()

func (*CleartextXfccConfig) String 

func (x *CleartextXfccConfig) String() string

type Config 

type Config struct {

	// Mysql connection string. Required.
	//
	// https://github.com/go-sql-driver/mysql#dsn-data-source-name
	MysqlDataSourceName string `protobuf:"bytes,1,opt,name=mysql_data_source_name,json=mysqlDataSourceName,proto3" json:"mysql_data_source_name,omitempty"`
	// The parameters required to stand up an https server.
	HttpsConfig *HttpsConfig `protobuf:"bytes,2,opt,name=https_config,json=httpsConfig,proto3" json:"https_config,omitempty"`
	// Parameters required to stand up an admin server. Either this or
	// "https_config", or both, have to be specified.
	AdminConfig *AdminConfig `protobuf:"bytes,7,opt,name=admin_config,json=adminConfig,proto3" json:"admin_config,omitempty"`
	// Parameters required to set up a stats collector.
	StatsConfig *StatsConfig `protobuf:"bytes,8,opt,name=stats_config,json=statsConfig,proto3" json:"stats_config,omitempty"`
	// Parameters required to stand up a http health check service. Optional.
	HealthCheckConfig *HealthCheckConfig `protobuf:"bytes,9,opt,name=health_check_config,json=healthCheckConfig,proto3" json:"health_check_config,omitempty"`
	// If set, expects connections to arrive through a load balance implementing
	// the PROXY protocol.
	//
	// https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
	ProxyProtocol bool `protobuf:"varint,3,opt,name=proxy_protocol,json=proxyProtocol,proto3" json:"proxy_protocol,omitempty"`
	// If set, only clients reporting this label will be allowed to
	// connect. Meant as a sanity check that the client and server are for the
	// same Fleetspeak installation.
	RequiredLabel string `protobuf:"bytes,4,opt,name=required_label,json=requiredLabel,proto3" json:"required_label,omitempty"`
	// If set, the bind address to listen on to receive notifications from other
	// fleetspeak servers. Optional, but strongly recommended for installations
	// involving multiple servers. e.g. ":8080", "localhost:1234".
	NotificationListenAddress string `` /* 138-byte string literal not displayed */
	// If set, other servers will be told to use this address in order to connect
	// with this server's notification port. Has no effect when
	// notification_listen_address is unset.
	NotificationPublicAddress string `` /* 138-byte string literal not displayed */
	// If set, a HTTP notifier implementation is used for sending notifications.
	// Set this if running a pure admin server (without a notification listener)
	// in a distributed setup.
	NotificationUseHttpNotifier bool `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*Config) Descriptor deprecated 

func (*Config) Descriptor() ([]byte, []int)

Deprecated: Use Config.ProtoReflect.Descriptor instead.

func (*Config) GetAdminConfig 

func (x *Config) GetAdminConfig() *AdminConfig

func (*Config) GetHealthCheckConfig 

func (x *Config) GetHealthCheckConfig() *HealthCheckConfig

func (*Config) GetHttpsConfig 

func (x *Config) GetHttpsConfig() *HttpsConfig

func (*Config) GetMysqlDataSourceName 

func (x *Config) GetMysqlDataSourceName() string

func (*Config) GetNotificationListenAddress 

func (x *Config) GetNotificationListenAddress() string

func (*Config) GetNotificationPublicAddress 

func (x *Config) GetNotificationPublicAddress() string

func (*Config) GetNotificationUseHttpNotifier 

func (x *Config) GetNotificationUseHttpNotifier() bool

func (*Config) GetProxyProtocol 

func (x *Config) GetProxyProtocol() bool

func (*Config) GetRequiredLabel 

func (x *Config) GetRequiredLabel() string

func (*Config) GetStatsConfig 

func (x *Config) GetStatsConfig() *StatsConfig

func (*Config) ProtoMessage 

func (*Config) ProtoMessage()

func (*Config) ProtoReflect 

func (x *Config) ProtoReflect() protoreflect.Message

func (*Config) Reset 

func (x *Config) Reset()

func (*Config) String 

func (x *Config) String() string

type FrontendConfig 

type FrontendConfig struct {

	// The mode in which the frontend should operate. Defaults to MTlsConfig.
	//
	// Note: Typically MTlsConfig should be used. The other options are only used
	// in scenarios where a direct TLS connection between client and server is not
	// possible.
	//
	// Types that are assignable to FrontendMode:
	//
	//	*FrontendConfig_MtlsConfig
	//	*FrontendConfig_HttpsHeaderConfig
	//	*FrontendConfig_HttpsHeaderChecksumConfig
	//	*FrontendConfig_CleartextHeaderConfig
	//	*FrontendConfig_CleartextHeaderChecksumConfig
	//	*FrontendConfig_CleartextXfccConfig
	FrontendMode isFrontendConfig_FrontendMode `protobuf_oneof:"frontend_mode"`
	// contains filtered or unexported fields
}

The frontend config determines how the Fleetspeak frontend communicates with clients and how it identifies them.

func (*FrontendConfig) Descriptor deprecated 

func (*FrontendConfig) Descriptor() ([]byte, []int)

Deprecated: Use FrontendConfig.ProtoReflect.Descriptor instead.

func (*FrontendConfig) GetCleartextHeaderChecksumConfig 

func (x *FrontendConfig) GetCleartextHeaderChecksumConfig() *CleartextHeaderChecksumConfig

func (*FrontendConfig) GetCleartextHeaderConfig 

func (x *FrontendConfig) GetCleartextHeaderConfig() *CleartextHeaderConfig

func (*FrontendConfig) GetCleartextXfccConfig 

func (x *FrontendConfig) GetCleartextXfccConfig() *CleartextXfccConfig

func (*FrontendConfig) GetFrontendMode 

func (m *FrontendConfig) GetFrontendMode() isFrontendConfig_FrontendMode

func (*FrontendConfig) GetHttpsHeaderChecksumConfig 

func (x *FrontendConfig) GetHttpsHeaderChecksumConfig() *HttpsHeaderChecksumConfig

func (*FrontendConfig) GetHttpsHeaderConfig 

func (x *FrontendConfig) GetHttpsHeaderConfig() *HttpsHeaderConfig

func (*FrontendConfig) GetMtlsConfig 

func (x *FrontendConfig) GetMtlsConfig() *MTlsConfig

func (*FrontendConfig) ProtoMessage 

func (*FrontendConfig) ProtoMessage()

func (*FrontendConfig) ProtoReflect 

func (x *FrontendConfig) ProtoReflect() protoreflect.Message

func (*FrontendConfig) Reset 

func (x *FrontendConfig) Reset()

func (*FrontendConfig) String 

func (x *FrontendConfig) String() string

type FrontendConfig_CleartextHeaderChecksumConfig 

type FrontendConfig_CleartextHeaderChecksumConfig struct {
	CleartextHeaderChecksumConfig *CleartextHeaderChecksumConfig `protobuf:"bytes,11,opt,name=cleartext_header_checksum_config,json=cleartextHeaderChecksumConfig,proto3,oneof"`
}

type FrontendConfig_CleartextHeaderConfig 

type FrontendConfig_CleartextHeaderConfig struct {
	CleartextHeaderConfig *CleartextHeaderConfig `protobuf:"bytes,10,opt,name=cleartext_header_config,json=cleartextHeaderConfig,proto3,oneof"`
}

type FrontendConfig_CleartextXfccConfig 

type FrontendConfig_CleartextXfccConfig struct {
	CleartextXfccConfig *CleartextXfccConfig `protobuf:"bytes,12,opt,name=cleartext_xfcc_config,json=cleartextXfccConfig,proto3,oneof"`
}

type FrontendConfig_HttpsHeaderChecksumConfig 

type FrontendConfig_HttpsHeaderChecksumConfig struct {
	HttpsHeaderChecksumConfig *HttpsHeaderChecksumConfig `protobuf:"bytes,9,opt,name=https_header_checksum_config,json=httpsHeaderChecksumConfig,proto3,oneof"`
}

type FrontendConfig_HttpsHeaderConfig 

type FrontendConfig_HttpsHeaderConfig struct {
	HttpsHeaderConfig *HttpsHeaderConfig `protobuf:"bytes,8,opt,name=https_header_config,json=httpsHeaderConfig,proto3,oneof"`
}

type FrontendConfig_MtlsConfig 

type FrontendConfig_MtlsConfig struct {
	MtlsConfig *MTlsConfig `protobuf:"bytes,7,opt,name=mtls_config,json=mtlsConfig,proto3,oneof"`
}

type HealthCheckConfig 

type HealthCheckConfig struct {

	// The bind address to listen on for http health check probes in the
	// form "<host>:<port>", e.g. "localhost:8080".
	ListenAddress string `protobuf:"bytes,1,opt,name=listen_address,json=listenAddress,proto3" json:"listen_address,omitempty"`
	// contains filtered or unexported fields
}

func (*HealthCheckConfig) Descriptor deprecated 

func (*HealthCheckConfig) Descriptor() ([]byte, []int)

Deprecated: Use HealthCheckConfig.ProtoReflect.Descriptor instead.

func (*HealthCheckConfig) GetListenAddress 

func (x *HealthCheckConfig) GetListenAddress() string

func (*HealthCheckConfig) ProtoMessage 

func (*HealthCheckConfig) ProtoMessage()

func (*HealthCheckConfig) ProtoReflect 

func (x *HealthCheckConfig) ProtoReflect() protoreflect.Message

func (*HealthCheckConfig) Reset 

func (x *HealthCheckConfig) Reset()

func (*HealthCheckConfig) String 

func (x *HealthCheckConfig) String() string

type HttpsConfig 

type HttpsConfig struct {

	// The bind address to listen on for client connections, e.g. ":443" or
	// "localhost:1234". Required.
	ListenAddress string `protobuf:"bytes,1,opt,name=listen_address,json=listenAddress,proto3" json:"listen_address,omitempty"`
	// A certificate chain which identifies the server to clients. Must lead to a
	// certificate known to the clients. x509 format. Required, if frontend mode
	// is not cleartext (ie neither CleartextHeaderConfig nor
	// CleartextHeaderChecksumConfig)
	Certificates string `protobuf:"bytes,2,opt,name=certificates,proto3" json:"certificates,omitempty"`
	// The private key used to identify the server. Must match the first entry in
	// certificates. x509 format. Required, if frontend mode is not cleartext
	// (ie neither CleartextHeaderConfig nor CleartextHeaderChecksumConfig)
	Key string `protobuf:"bytes,3,opt,name=key,proto3" json:"key,omitempty"`
	// If set, disables long running (streaming) connections. This type of
	// connection causes more active connections but can reduce database load and
	// server->client communications latency.
	DisableStreaming bool `protobuf:"varint,4,opt,name=disable_streaming,json=disableStreaming,proto3" json:"disable_streaming,omitempty"`
	// The frontend config.
	// Optional; If not set, Fleetspeak will default to using MTlsConfig.
	FrontendConfig *FrontendConfig `protobuf:"bytes,7,opt,name=frontend_config,json=frontendConfig,proto3" json:"frontend_config,omitempty"`
	// contains filtered or unexported fields
}

func (*HttpsConfig) Descriptor deprecated 

func (*HttpsConfig) Descriptor() ([]byte, []int)

Deprecated: Use HttpsConfig.ProtoReflect.Descriptor instead.

func (*HttpsConfig) GetCertificates 

func (x *HttpsConfig) GetCertificates() string

func (*HttpsConfig) GetDisableStreaming 

func (x *HttpsConfig) GetDisableStreaming() bool

func (*HttpsConfig) GetFrontendConfig 

func (x *HttpsConfig) GetFrontendConfig() *FrontendConfig

func (*HttpsConfig) GetKey 

func (x *HttpsConfig) GetKey() string

func (*HttpsConfig) GetListenAddress 

func (x *HttpsConfig) GetListenAddress() string

func (*HttpsConfig) ProtoMessage 

func (*HttpsConfig) ProtoMessage()

func (*HttpsConfig) ProtoReflect 

func (x *HttpsConfig) ProtoReflect() protoreflect.Message

func (*HttpsConfig) Reset 

func (x *HttpsConfig) Reset()

func (*HttpsConfig) String 

func (x *HttpsConfig) String() string

type HttpsHeaderChecksumConfig 

type HttpsHeaderChecksumConfig struct {

	// The name of the HTTP header set by the client that contains the original
	// client certificate. Required.
	ClientCertificateHeader string `` /* 132-byte string literal not displayed */
	// The name of the HTTP header set by the intermediary that contains the
	// client certificate checksum. Required.
	ClientCertificateChecksumHeader string `` /* 158-byte string literal not displayed */
	// contains filtered or unexported fields
}

In this mode Fleetspeak accepts a TLS connection from an intermediate actor which terminates the TLS protocol (typically a layer 7 load balancer). The original client passes the certificate it uses for the TLS protocol to the frontend via an HTTP header. The intermediate actor passes a SHA256 checksum of client certificate it receives from the original TLS connection to the frontend via a second HTTP header. The Fleetspeak frontend uses the certificate passed passed from the client to identify it, and uses the hash from the intermediate actor to verify that this certificate was in fact used in the original TLS connection.

func (*HttpsHeaderChecksumConfig) Descriptor deprecated 

func (*HttpsHeaderChecksumConfig) Descriptor() ([]byte, []int)

Deprecated: Use HttpsHeaderChecksumConfig.ProtoReflect.Descriptor instead.

func (*HttpsHeaderChecksumConfig) GetClientCertificateChecksumHeader 

func (x *HttpsHeaderChecksumConfig) GetClientCertificateChecksumHeader() string

func (*HttpsHeaderChecksumConfig) GetClientCertificateHeader 

func (x *HttpsHeaderChecksumConfig) GetClientCertificateHeader() string

func (*HttpsHeaderChecksumConfig) ProtoMessage 

func (*HttpsHeaderChecksumConfig) ProtoMessage()

func (*HttpsHeaderChecksumConfig) ProtoReflect 

func (x *HttpsHeaderChecksumConfig) ProtoReflect() protoreflect.Message

func (*HttpsHeaderChecksumConfig) Reset 

func (x *HttpsHeaderChecksumConfig) Reset()

func (*HttpsHeaderChecksumConfig) String 

func (x *HttpsHeaderChecksumConfig) String() string

type HttpsHeaderConfig 

type HttpsHeaderConfig struct {

	// The name of the HTTP header set by the intermediary that contains the
	// forwarded client certificate. Required.
	ClientCertificateHeader string `` /* 132-byte string literal not displayed */
	// contains filtered or unexported fields
}

In this mode Fleetspeak accepts a TLS connection from an intermediate actor which terminates the TLS protocol (typically a layer 7 load balancer). The intermediate actor passes the client certificate it receives from the original TLS connection to the frontend via an HTTP header. The Fleetspeak frontend uses the certificate passed in this header to identify the client.

func (*HttpsHeaderConfig) Descriptor deprecated 

func (*HttpsHeaderConfig) Descriptor() ([]byte, []int)

Deprecated: Use HttpsHeaderConfig.ProtoReflect.Descriptor instead.

func (*HttpsHeaderConfig) GetClientCertificateHeader 

func (x *HttpsHeaderConfig) GetClientCertificateHeader() string

func (*HttpsHeaderConfig) ProtoMessage 

func (*HttpsHeaderConfig) ProtoMessage()

func (*HttpsHeaderConfig) ProtoReflect 

func (x *HttpsHeaderConfig) ProtoReflect() protoreflect.Message

func (*HttpsHeaderConfig) Reset 

func (x *HttpsHeaderConfig) Reset()

func (*HttpsHeaderConfig) String 

func (x *HttpsHeaderConfig) String() string

type MTlsConfig 

type MTlsConfig struct {
	// contains filtered or unexported fields
}

In this mode Fleetspeak accepts a mTLS connection directly from the client. The Fleetspeak frontend uses the client certificate from the HTTPS request to identify the client. This is the default operating mode of the frontend.

func (*MTlsConfig) Descriptor deprecated 

func (*MTlsConfig) Descriptor() ([]byte, []int)

Deprecated: Use MTlsConfig.ProtoReflect.Descriptor instead.

func (*MTlsConfig) ProtoMessage 

func (*MTlsConfig) ProtoMessage()

func (*MTlsConfig) ProtoReflect 

func (x *MTlsConfig) ProtoReflect() protoreflect.Message

func (*MTlsConfig) Reset 

func (x *MTlsConfig) Reset()

func (*MTlsConfig) String 

func (x *MTlsConfig) String() string

type StatsConfig 

type StatsConfig struct {

	// The bind address to listen on for Prometheus http metric collection in the
	// form "<host>:<port>", e.g. "localhost:2112".
	// Optional; if no address is configured, then no stats collector
	// will be used (i.e. noopStatsCollector).
	Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// contains filtered or unexported fields
}

func (*StatsConfig) Descriptor deprecated 

func (*StatsConfig) Descriptor() ([]byte, []int)

Deprecated: Use StatsConfig.ProtoReflect.Descriptor instead.

func (*StatsConfig) GetAddress 

func (x *StatsConfig) GetAddress() string

func (*StatsConfig) ProtoMessage 

func (*StatsConfig) ProtoMessage()

func (*StatsConfig) ProtoReflect 

func (x *StatsConfig) ProtoReflect() protoreflect.Message

func (*StatsConfig) Reset 

func (x *StatsConfig) Reset()

func (*StatsConfig) String 

func (x *StatsConfig) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.