security

package

v0.6.0 Latest Latest Go to latest Published: Nov 16, 2020 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spinnaker/kleat

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ClientAuth_name = map[int32]string{
		0: "UNSPECIFIED",
		1: "NONE",
		2: "WANT",
		3: "NEED",
	}
	ClientAuth_value = map[string]int32{
		"UNSPECIFIED": 0,
		"NONE":        1,
		"WANT":        2,
		"NEED":        3,
	}
)

Enum value maps for ClientAuth.

View Source

var File_security_security_proto protoreflect.FileDescriptor

View Source

var File_security_ssl_proto protoreflect.FileDescriptor

View Source

var File_security_trust_store_proto protoreflect.FileDescriptor

Functions ¶

This section is empty.

Types ¶

type ApiSecurity ¶

type ApiSecurity struct {

	// If you have authentication enabled, are accessing Spinnaker remotely, and
	// are logging in from sources other than the UI, provide a regex matching all
	// URLs authentication redirects may come from.
	CorsAccessPattern string `protobuf:"bytes,1,opt,name=corsAccessPattern,proto3" json:"corsAccessPattern,omitempty"`
	// If you want the API server to do SSL termination, it must be enabled and
	// configured here. If you are doing your own SSL termination, leave this disabled.
	Ssl *ApiSsl `protobuf:"bytes,2,opt,name=ssl,proto3" json:"ssl,omitempty"`
	// If you are accessing the API server remotely, provide the full base URL of
	// whatever proxy or load balancer is fronting the API requests
	OverrideBaseUrl string `protobuf:"bytes,3,opt,name=overrideBaseUrl,proto3" json:"overrideBaseUrl,omitempty"`
	// contains filtered or unexported fields
}

Configuration for the API server's addressable URL and CORS policies.

func (*ApiSecurity) Descriptor deprecated

func (*ApiSecurity) Descriptor() ([]byte, []int)

Deprecated: Use ApiSecurity.ProtoReflect.Descriptor instead.

func (*ApiSecurity) GetCorsAccessPattern ¶

func (x *ApiSecurity) GetCorsAccessPattern() string

func (*ApiSecurity) GetOverrideBaseUrl ¶

func (x *ApiSecurity) GetOverrideBaseUrl() string

func (*ApiSecurity) GetSsl ¶

func (x *ApiSecurity) GetSsl() *ApiSsl

func (*ApiSecurity) ProtoMessage ¶

func (*ApiSecurity) ProtoMessage()

func (*ApiSecurity) ProtoReflect ¶

func (x *ApiSecurity) ProtoReflect() protoreflect.Message

func (*ApiSecurity) Reset ¶

func (x *ApiSecurity) Reset()

func (*ApiSecurity) String ¶

func (x *ApiSecurity) String() string

type ApiSsl ¶

type ApiSsl struct {

	// Whether SSL is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// Name of your keystore entry as generated with your keytool.
	KeyAlias string `protobuf:"bytes,2,opt,name=keyAlias,proto3" json:"keyAlias,omitempty"`
	// Path to the keystore holding your security certificates.
	KeyStore string `protobuf:"bytes,3,opt,name=keyStore,proto3" json:"keyStore,omitempty"`
	// The type of your keystore. Examples include JKS, and PKCS12.
	KeyStoreType string `protobuf:"bytes,4,opt,name=keyStoreType,proto3" json:"keyStoreType,omitempty"`
	// The password to unlock your keystore. Due to a limitation in Tomcat, this
	// must match your key's password in the keystore.
	KeyStorePassword string `protobuf:"bytes,5,opt,name=keyStorePassword,proto3" json:"keyStorePassword,omitempty"`
	// Path to the truststore holding your trusted certificates.
	TrustStore string `protobuf:"bytes,6,opt,name=trustStore,proto3" json:"trustStore,omitempty"`
	// The type of your truststore. Examples include JKS, and PKCS12.
	TrustStoreType string `protobuf:"bytes,7,opt,name=trustStoreType,proto3" json:"trustStoreType,omitempty"`
	// The password to unlock your truststore.
	TrustStorePassword string `protobuf:"bytes,8,opt,name=trustStorePassword,proto3" json:"trustStorePassword,omitempty"`
	// Whether to require or allow client authentication.
	ClientAuth ClientAuth `protobuf:"varint,9,opt,name=clientAuth,proto3,enum=proto.security.ClientAuth" json:"clientAuth,omitempty"`
	// contains filtered or unexported fields
}

Configuration for SSL termination by the API server.

func (*ApiSsl) Descriptor deprecated

func (*ApiSsl) Descriptor() ([]byte, []int)

Deprecated: Use ApiSsl.ProtoReflect.Descriptor instead.

func (*ApiSsl) GetClientAuth ¶

func (x *ApiSsl) GetClientAuth() ClientAuth

func (*ApiSsl) GetEnabled ¶

func (x *ApiSsl) GetEnabled() *wrapperspb.BoolValue

func (*ApiSsl) GetKeyAlias ¶

func (x *ApiSsl) GetKeyAlias() string

func (*ApiSsl) GetKeyStore ¶

func (x *ApiSsl) GetKeyStore() string

func (*ApiSsl) GetKeyStorePassword ¶

func (x *ApiSsl) GetKeyStorePassword() string

func (*ApiSsl) GetKeyStoreType ¶

func (x *ApiSsl) GetKeyStoreType() string

func (*ApiSsl) GetTrustStore ¶

func (x *ApiSsl) GetTrustStore() string

func (*ApiSsl) GetTrustStorePassword ¶

func (x *ApiSsl) GetTrustStorePassword() string

func (*ApiSsl) GetTrustStoreType ¶

func (x *ApiSsl) GetTrustStoreType() string

func (*ApiSsl) ProtoMessage ¶

func (*ApiSsl) ProtoMessage()

func (*ApiSsl) ProtoReflect ¶

func (x *ApiSsl) ProtoReflect() protoreflect.Message

func (*ApiSsl) Reset ¶

func (x *ApiSsl) Reset()

func (*ApiSsl) String ¶

func (x *ApiSsl) String() string

type ClientAuth ¶

type ClientAuth int32

Setting for client authentication.

const (
	// Unspecified. Do not directly use, instead omit the field.
	ClientAuth_UNSPECIFIED ClientAuth = 0
	// No client authentication.
	ClientAuth_NONE ClientAuth = 1
	// Client authentication is optional.
	ClientAuth_WANT ClientAuth = 2
	// Client authentication is required.
	ClientAuth_NEED ClientAuth = 3
)

func (ClientAuth) Descriptor ¶

func (ClientAuth) Descriptor() protoreflect.EnumDescriptor

func (ClientAuth) Enum ¶

func (x ClientAuth) Enum() *ClientAuth

func (ClientAuth) EnumDescriptor deprecated

func (ClientAuth) EnumDescriptor() ([]byte, []int)

Deprecated: Use ClientAuth.Descriptor instead.

func (ClientAuth) Number ¶

func (x ClientAuth) Number() protoreflect.EnumNumber

func (ClientAuth) String ¶

func (x ClientAuth) String() string

func (ClientAuth) Type ¶

func (ClientAuth) Type() protoreflect.EnumType

type Security ¶

type Security struct {

	// Configuration for the API server's addressable URL and CORS policies.
	ApiSecurity *ApiSecurity `protobuf:"bytes,1,opt,name=apiSecurity,proto3" json:"apiSecurity,omitempty"`
	// Configuration for the UI server's addressable URL.
	UiSecurity *UiSecurity `protobuf:"bytes,2,opt,name=uiSecurity,proto3" json:"uiSecurity,omitempty"`
	// Configuration of how users authenticate against Spinnaker.
	Authn *authn.Authentication `protobuf:"bytes,3,opt,name=authn,proto3" json:"authn,omitempty"`
	// Configuration for what resources users of Spinnaker can read and modify.
	Authz *authz.Authorization `protobuf:"bytes,4,opt,name=authz,proto3" json:"authz,omitempty"`
	// contains filtered or unexported fields
}

Configuration for security settings.

func (*Security) Descriptor deprecated

func (*Security) Descriptor() ([]byte, []int)

Deprecated: Use Security.ProtoReflect.Descriptor instead.

func (*Security) GetApiSecurity ¶

func (x *Security) GetApiSecurity() *ApiSecurity

func (*Security) GetAuthn ¶

func (x *Security) GetAuthn() *authn.Authentication

func (*Security) GetAuthz ¶

func (x *Security) GetAuthz() *authz.Authorization

func (*Security) GetUiSecurity ¶

func (x *Security) GetUiSecurity() *UiSecurity

func (*Security) ProtoMessage ¶

func (*Security) ProtoMessage()

func (*Security) ProtoReflect ¶

func (x *Security) ProtoReflect() protoreflect.Message

func (*Security) Reset ¶

func (x *Security) Reset()

func (*Security) String ¶

func (x *Security) String() string

type TrustStore ¶

type TrustStore struct {

	// Whether this custom trust store is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// The path to a key store in JKS format containing certification authorities
	// that should be trusted.
	TrustStore string `protobuf:"bytes,2,opt,name=trustStore,proto3" json:"trustStore,omitempty"`
	// The password for the supplied trustStore.
	TrustStorePassword string `protobuf:"bytes,3,opt,name=trustStorePassword,proto3" json:"trustStorePassword,omitempty"`
	// contains filtered or unexported fields
}

Configuration for a custom trust store.

func (*TrustStore) Descriptor deprecated

func (*TrustStore) Descriptor() ([]byte, []int)

Deprecated: Use TrustStore.ProtoReflect.Descriptor instead.

func (*TrustStore) GetEnabled ¶

func (x *TrustStore) GetEnabled() *wrapperspb.BoolValue

func (*TrustStore) GetTrustStore ¶

func (x *TrustStore) GetTrustStore() string

func (*TrustStore) GetTrustStorePassword ¶

func (x *TrustStore) GetTrustStorePassword() string

func (*TrustStore) ProtoMessage ¶

func (*TrustStore) ProtoMessage()

func (*TrustStore) ProtoReflect ¶

func (x *TrustStore) ProtoReflect() protoreflect.Message

func (*TrustStore) Reset ¶

func (x *TrustStore) Reset()

func (*TrustStore) String ¶

func (x *TrustStore) String() string

type UiSecurity ¶

type UiSecurity struct {

	// Configuration for SSL termination by the UI gateway.
	Ssl *UiSsl `protobuf:"bytes,1,opt,name=ssl,proto3" json:"ssl,omitempty"`
	// If you are accessing the UI server remotely, provide the full base URL of
	// whatever proxy or load balancer is fronting the UI requests.
	OverrideBaseUrl string `protobuf:"bytes,2,opt,name=overrideBaseUrl,proto3" json:"overrideBaseUrl,omitempty"`
	// contains filtered or unexported fields
}

Configuration for the UI server's addressable URL.

func (*UiSecurity) Descriptor deprecated

func (*UiSecurity) Descriptor() ([]byte, []int)

Deprecated: Use UiSecurity.ProtoReflect.Descriptor instead.

func (*UiSecurity) GetOverrideBaseUrl ¶

func (x *UiSecurity) GetOverrideBaseUrl() string

func (*UiSecurity) GetSsl ¶

func (x *UiSecurity) GetSsl() *UiSsl

func (*UiSecurity) ProtoMessage ¶

func (*UiSecurity) ProtoMessage()

func (*UiSecurity) ProtoReflect ¶

func (x *UiSecurity) ProtoReflect() protoreflect.Message

func (*UiSecurity) Reset ¶

func (x *UiSecurity) Reset()

func (*UiSecurity) String ¶

func (x *UiSecurity) String() string

type UiSsl ¶

type UiSsl struct {

	// Whether SSL is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// Path to your .crt file.
	SslCertificateFile string `protobuf:"bytes,2,opt,name=sslCertificateFile,proto3" json:"sslCertificateFile,omitempty"`
	// Path to your .key file.
	SslCertificateKeyFile string `protobuf:"bytes,3,opt,name=sslCertificateKeyFile,proto3" json:"sslCertificateKeyFile,omitempty"`
	// Path to the .crt file for the CA that issued your SSL certificate. This is
	// only needed for local git deployments that serve the UI using webpack dev server.
	SslCACertificateFile string `protobuf:"bytes,4,opt,name=sslCACertificateFile,proto3" json:"sslCACertificateFile,omitempty"`
	// The passphrase needed to unlock your SSL certificate. This will be provided
	// to Apache on startup.
	SslCertificatePassphrase string `protobuf:"bytes,5,opt,name=sslCertificatePassphrase,proto3" json:"sslCertificatePassphrase,omitempty"`
	// contains filtered or unexported fields
}

Configuration for SSL termination by the UI gateway.

func (*UiSsl) Descriptor deprecated

func (*UiSsl) Descriptor() ([]byte, []int)

Deprecated: Use UiSsl.ProtoReflect.Descriptor instead.

func (*UiSsl) GetEnabled ¶

func (x *UiSsl) GetEnabled() *wrapperspb.BoolValue

func (*UiSsl) GetSslCACertificateFile ¶

func (x *UiSsl) GetSslCACertificateFile() string

func (*UiSsl) GetSslCertificateFile ¶

func (x *UiSsl) GetSslCertificateFile() string

func (*UiSsl) GetSslCertificateKeyFile ¶

func (x *UiSsl) GetSslCertificateKeyFile() string

func (*UiSsl) GetSslCertificatePassphrase ¶

func (x *UiSsl) GetSslCertificatePassphrase() string

func (*UiSsl) ProtoMessage ¶

func (*UiSsl) ProtoMessage()

func (*UiSsl) ProtoReflect ¶

func (x *UiSsl) ProtoReflect() protoreflect.Message

func (*UiSsl) Reset ¶

func (x *UiSsl) Reset()

func (*UiSsl) String ¶

func (x *UiSsl) String() string

type WebhookConfig ¶

type WebhookConfig struct {

	// A custom trust store to use for outgoing webhook connections.
	Trust *TrustStore `protobuf:"bytes,1,opt,name=trust,proto3" json:"trust,omitempty"`
	// contains filtered or unexported fields
}

Configuration for webhooks.

func (*WebhookConfig) Descriptor deprecated

func (*WebhookConfig) Descriptor() ([]byte, []int)

Deprecated: Use WebhookConfig.ProtoReflect.Descriptor instead.

func (*WebhookConfig) GetTrust ¶

func (x *WebhookConfig) GetTrust() *TrustStore

func (*WebhookConfig) ProtoMessage ¶

func (*WebhookConfig) ProtoMessage()

func (*WebhookConfig) ProtoReflect ¶

func (x *WebhookConfig) ProtoReflect() protoreflect.Message

func (*WebhookConfig) Reset ¶

func (x *WebhookConfig) Reset()

func (*WebhookConfig) String ¶

func (x *WebhookConfig) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authn
authz

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL