Documentation ¶
Overview ¶
Package server contains a centralized structure for all configuration options.
Index ¶
- Variables
- func RegisterIdentityFlags(v *viper.Viper, flags *pflag.FlagSet) error
- func RegisterServerFlags(v *viper.Viper, flags *pflag.FlagSet) error
- func SetViperDefaults(v *viper.Viper)
- type AggregatorConfig
- type AuthConfig
- type AuthzConfig
- type BundleSourceConfig
- type CORSConfig
- type Config
- type ConfigBundleSource
- type DefaultProfilesConfig
- type EventConfig
- type GRPCServerConfig
- type GitHubAppConfig
- type GoChannelEventConfig
- type HTTPServerConfig
- type IdentityConfig
- type IdentityConfigWrapper
- type IncludedBundleConfig
- type LoggingConfig
- type MarketplaceConfig
- type MetricServerConfig
- type MetricsConfig
- type OpenFGAAuth
- type ProviderConfig
- type SQLEventConfig
- type TokenAuth
- type TracingConfig
- type WebhookConfig
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidBundleSource indicates the config has an invalid source type ErrInvalidBundleSource = errors.New("unexpected bundle source") )
Functions ¶
func RegisterIdentityFlags ¶
RegisterIdentityFlags registers the flags for the identity server
func RegisterServerFlags ¶
RegisterServerFlags registers the flags for the Minder server
func SetViperDefaults ¶
SetViperDefaults sets the default values for the configuration to be picked up by viper
Types ¶
type AggregatorConfig ¶
type AggregatorConfig struct { // LockInterval is the interval for locking events in seconds. // This is the threshold between rule evaluations + actions. LockInterval int64 `mapstructure:"lock_interval" default:"30"` }
AggregatorConfig is the configuration for the event aggregator middleware
type AuthConfig ¶
type AuthConfig struct { // NoncePeriod is the period in seconds for which a nonce is valid NoncePeriod int64 `mapstructure:"nonce_period" default:"3600"` // TokenKey is the key used to store the provider's token in the database TokenKey string `mapstructure:"token_key" default:"./.ssh/token_key_passphrase"` }
AuthConfig is the configuration for the auth package
func (*AuthConfig) GetTokenKey ¶
func (acfg *AuthConfig) GetTokenKey() ([]byte, error)
GetTokenKey returns a key used to encrypt the provider's token in the database
type AuthzConfig ¶ added in v0.0.27
type AuthzConfig struct { // ApiUrl is the URL to the authorization server ApiUrl string `mapstructure:"api_url" validate:"required"` // StoreName is the name of the store to use for authorization StoreName string `mapstructure:"store_name" default:"minder" validate:"required_without=StoreID"` // StoreID is the ID of the store to use for authorization StoreID string `mapstructure:"store_id" default:"" validate:"required_without=StoreName"` // ModelID is the ID of the model to use for authorization ModelID string `mapstructure:"model_id" default:""` // Auth is the authentication configuration for the authorization server Auth OpenFGAAuth `mapstructure:"auth" validate:"required"` }
AuthzConfig is the configuration for minder's authorization
func (*AuthzConfig) Validate ¶ added in v0.0.27
func (a *AuthzConfig) Validate() error
Validate validates the Authz configuration
type BundleSourceConfig ¶ added in v0.0.38
type BundleSourceConfig struct { Type string `mapstructure:"type"` Location string `mapstructure:"location"` }
BundleSourceConfig holds details about where the bundle gets loaded from
func (*BundleSourceConfig) GetType ¶ added in v0.0.38
func (b *BundleSourceConfig) GetType() (ConfigBundleSource, error)
GetType returns the source as an enum type, or error if invalid TODO: investigate whether mapstructure would allow us to validate during deserialization.
type CORSConfig ¶ added in v0.0.32
type CORSConfig struct { // Enabled is the flag to enable CORS Enabled bool `mapstructure:"enabled" default:"false"` // AllowOrigins is the list of allowed origins AllowOrigins []string `mapstructure:"allow_origins"` // AllowMethods is the list of allowed methods AllowMethods []string `mapstructure:"allow_methods"` // AllowHeaders is the list of allowed headers AllowHeaders []string `mapstructure:"allow_headers"` // ExposeHeaders is the list of exposed headers ExposeHeaders []string `mapstructure:"expose_headers"` // AllowCredentials is the flag to allow credentials AllowCredentials bool `mapstructure:"allow_credentials" default:"false"` }
CORSConfig is the configuration for the CORS middleware that can be used with the HTTP server. Note that this is not applicable to the gRPC server.
type Config ¶
type Config struct { HTTPServer HTTPServerConfig `mapstructure:"http_server"` GRPCServer GRPCServerConfig `mapstructure:"grpc_server"` MetricServer MetricServerConfig `mapstructure:"metric_server"` LoggingConfig LoggingConfig `mapstructure:"logging"` Tracing TracingConfig `mapstructure:"tracing"` Metrics MetricsConfig `mapstructure:"metrics"` Database config.DatabaseConfig `mapstructure:"database"` Identity IdentityConfigWrapper `mapstructure:"identity"` Auth AuthConfig `mapstructure:"auth"` WebhookConfig WebhookConfig `mapstructure:"webhook-config"` Events EventConfig `mapstructure:"events"` Authz AuthzConfig `mapstructure:"authz"` Provider ProviderConfig `mapstructure:"provider"` Marketplace MarketplaceConfig `mapstructure:"marketplace"` DefaultProfiles DefaultProfilesConfig `mapstructure:"default_profiles"` }
Config is the top-level configuration structure.
func DefaultConfigForTest ¶
func DefaultConfigForTest() *Config
DefaultConfigForTest returns a configuration with all the struct defaults set, but no other changes.
type ConfigBundleSource ¶ added in v0.0.38
type ConfigBundleSource string
ConfigBundleSource is an enum of valid config sources
const ( // TgzSource represents a bundle in a .tar.gz file TgzSource ConfigBundleSource = "tgz" // Unknown is a default value Unknown = "unknown" )
type DefaultProfilesConfig ¶ added in v0.0.38
type DefaultProfilesConfig struct { Enabled bool `mapstructure:"enabled" default:"false"` // List of profile names to install Profiles []string `mapstructure:"profiles"` // The bundle to subscribe to Bundle IncludedBundleConfig `mapstructure:"bundle"` }
DefaultProfilesConfig holds the profiles installed by default during project creation. If omitted - this will default to disabled.
func (*DefaultProfilesConfig) GetProfiles ¶ added in v0.0.38
func (d *DefaultProfilesConfig) GetProfiles() []string
GetProfiles is a null-safe getter for Profiles
type EventConfig ¶
type EventConfig struct { // Driver is the driver used to store events Driver string `mapstructure:"driver" default:"go-channel"` // RouterCloseTimeout is the timeout for closing the router in seconds RouterCloseTimeout int64 `mapstructure:"router_close_timeout" default:"10"` // GoChannel is the configuration for the go channel event driver GoChannel GoChannelEventConfig `mapstructure:"go-channel"` // SQLPubSub is the configuration for the database event driver SQLPubSub SQLEventConfig `mapstructure:"sql"` // Aggregator is the configuration for the event aggregator middleware Aggregator AggregatorConfig `mapstructure:"aggregator"` }
EventConfig is the configuration for minder's eventing system.
type GRPCServerConfig ¶
type GRPCServerConfig struct { // Host is the host to bind to Host string `mapstructure:"host" default:"127.0.0.1"` // Port is the port to bind to Port int `mapstructure:"port" default:"8090"` }
GRPCServerConfig is the configuration for the gRPC server
func (*GRPCServerConfig) GetAddress ¶
func (s *GRPCServerConfig) GetAddress() string
GetAddress returns the address to bind to
type GitHubAppConfig ¶ added in v0.0.37
type GitHubAppConfig struct { // AppName is the name of the GitHub App AppName string `mapstructure:"app_name"` // AppID is the ID of the GitHub App AppID int64 `mapstructure:"app_id" default:"0"` // UserID is the ID of the GitHub App user UserID int64 `mapstructure:"user_id" default:"0"` // PrivateKey is the path to the GitHub App's private key in PEM format PrivateKey string `mapstructure:"private_key"` // WebhookSecret is the GitHub App's webhook secret WebhookSecret string `mapstructure:"webhook_secret"` // WebhookSecretFile is the location of the file containing the GitHub App's webhook secret WebhookSecretFile string `mapstructure:"webhook_secret_file"` // FallbackToken is the fallback token to use when listing packages FallbackToken string `mapstructure:"fallback_token"` // FallbackTokenFile is the location of the file containing the fallback token to use when listing packages FallbackTokenFile string `mapstructure:"fallback_token_file"` }
GitHubAppConfig is the configuration for the GitHub App providers
func (*GitHubAppConfig) GetFallbackToken ¶ added in v0.0.43
func (ghcfg *GitHubAppConfig) GetFallbackToken() (string, error)
GetFallbackToken returns the GitHub App's fallback token
func (*GitHubAppConfig) GetPrivateKey ¶ added in v0.0.37
func (ghcfg *GitHubAppConfig) GetPrivateKey() (*rsa.PrivateKey, error)
GetPrivateKey returns the GitHub App's private key
func (*GitHubAppConfig) GetWebhookSecret ¶ added in v0.0.43
func (ghcfg *GitHubAppConfig) GetWebhookSecret() (string, error)
GetWebhookSecret returns the GitHub App's webhook secret
type GoChannelEventConfig ¶
type GoChannelEventConfig struct { // BufferSize is the size of the buffer for the go channel BufferSize int64 `mapstructure:"buffer_size" default:"0"` // PersistEvents is whether or not to persist events to the channel PersistEvents bool `mapstructure:"persist_events" default:"false"` // BlockPublishUntilSubscriberAck is whether or not to block publishing until // the subscriber acks the message. This is useful for testing. BlockPublishUntilSubscriberAck bool `mapstructure:"block_publish_until_subscriber_ack" default:"false"` }
GoChannelEventConfig is the configuration for the go channel event driver for minder's eventing system.
type HTTPServerConfig ¶
type HTTPServerConfig struct { // Host is the host to bind to Host string `mapstructure:"host" default:"127.0.0.1"` // Port is the port to bind to Port int `mapstructure:"port" default:"8080"` // CORS is the configuration for CORS CORS CORSConfig `mapstructure:"cors"` }
HTTPServerConfig is the configuration for the HTTP server
func (*HTTPServerConfig) GetAddress ¶
func (s *HTTPServerConfig) GetAddress() string
GetAddress returns the address to bind to
type IdentityConfig ¶
type IdentityConfig struct { // IssuerUrl is the base URL where the identity server is running IssuerUrl string `mapstructure:"issuer_url" default:"http://localhost:8081"` // ClientId is the client ID that identifies the minder server ClientId string `mapstructure:"client_id" default:"minder-server"` // ClientSecret is the client secret for the minder server ClientSecret string `mapstructure:"client_secret" default:"secret"` // ClientSecretFile is the location of a file containing the client secret for the minder server (optional) ClientSecretFile string `mapstructure:"client_secret_file"` }
IdentityConfig is the configuration for the identity provider in minder server
func (*IdentityConfig) Do ¶ added in v0.0.39
func (sic *IdentityConfig) Do( ctx context.Context, method string, path string, query url.Values, body io.Reader) (*http.Response, error)
Do sends an HTTP request to the identity server, using the configured client credentials.
func (*IdentityConfig) GetClientSecret ¶
func (sic *IdentityConfig) GetClientSecret() (string, error)
GetClientSecret returns the minder-server client secret
type IdentityConfigWrapper ¶
type IdentityConfigWrapper struct {
Server IdentityConfig `mapstructure:"server"`
}
IdentityConfigWrapper is the configuration for the identity provider
type IncludedBundleConfig ¶ added in v0.0.38
type IncludedBundleConfig struct { Namespace string `mapstructure:"namespace"` Name string `mapstructure:"name"` }
IncludedBundleConfig holds details about the bundle included with Minder
type LoggingConfig ¶
type LoggingConfig struct { Level string `mapstructure:"level" default:"debug"` Format string `mapstructure:"format" default:"json"` LogFile string `mapstructure:"logFile" default:""` // LogPayloads controls whether or not message payloads are ever logged. // For debugging purposes, it may be useful to log the payloads that result // in error conditions, but could also leak PII. LogPayloads bool `mapstructure:"logPayloads" default:"false"` }
LoggingConfig is the configuration for the logging package
type MarketplaceConfig ¶ added in v0.0.38
type MarketplaceConfig struct { Enabled bool `mapstructure:"enabled" default:"false"` Sources []BundleSourceConfig `mapstructure:"sources"` }
MarketplaceConfig holds the config for the marketplace functionality.
type MetricServerConfig ¶
type MetricServerConfig struct { // Host is the host to bind to Host string `mapstructure:"host" default:"127.0.0.1"` // Port is the port to bind to Port int `mapstructure:"port" default:"9090"` }
MetricServerConfig is the configuration for the metric server
func (*MetricServerConfig) GetAddress ¶
func (s *MetricServerConfig) GetAddress() string
GetAddress returns the address to bind to
type MetricsConfig ¶
type MetricsConfig struct {
Enabled bool `mapstructure:"enabled" default:"true"`
}
MetricsConfig is the configuration for the metrics
type OpenFGAAuth ¶ added in v0.0.27
type OpenFGAAuth struct { // Method is the authentication method to use Method string `mapstructure:"method" default:"none" validate:"oneof=token none"` // Token is the configuration for OpenID Connect authentication Token TokenAuth `mapstructure:"token"` }
OpenFGAAuth contains the authentication configuration for OpenFGA
func (*OpenFGAAuth) Validate ¶ added in v0.0.27
func (o *OpenFGAAuth) Validate() error
Validate validates the OpenFGAAuth configuration
type ProviderConfig ¶ added in v0.0.37
type ProviderConfig struct {
GitHubApp *GitHubAppConfig `mapstructure:"github-app"`
}
ProviderConfig is the configuration for the providers
type SQLEventConfig ¶
type SQLEventConfig struct { // InitSchema is whether or not to initialize the schema InitSchema bool `mapstructure:"init_schema" default:"true"` Connection config.DatabaseConfig `mapstructure:"connection" default:"{\"dbname\":\"watermill\"}"` }
SQLEventConfig is the configuration for the database event driver
type TokenAuth ¶ added in v0.0.27
type TokenAuth struct { // TokenPath is the path to the token to use for authentication. // defaults to the kubernetes service account token //nolint:lll TokenPath string `mapstructure:"token_path" default:"/var/run/secrets/kubernetes.io/serviceaccount/token"` }
TokenAuth contains the configuration for token authentication
type TracingConfig ¶
type TracingConfig struct { Enabled bool `mapstructure:"enabled" default:"false"` // for the demonstration, we use AlwaysSmaple sampler to take all spans. // do not use this option in production. SampleRatio float64 `mapstructure:"sample_ratio" default:"0.1"` }
TracingConfig is the configuration for our tracing capabilities
type WebhookConfig ¶
type WebhookConfig struct { // ExternalWebhookURL is the URL that we will send our webhook to ExternalWebhookURL string `mapstructure:"external_webhook_url"` // ExternalPingURL is the URL that we will send our ping to ExternalPingURL string `mapstructure:"external_ping_url"` // WebhookSecret is the secret that we will use to sign our webhook WebhookSecret string `mapstructure:"webhook_secret"` // PreviousWebhookSecretFile is a reference to a file that contains previous webhook secrets. This is used // in case we are rotating secrets and the external service is still using the old secret. These will not // be used when creating new webhooks. PreviousWebhookSecretFile string `mapstructure:"previous_webhook_secret_file"` }
WebhookConfig is the configuration for our webhook capabilities
func (*WebhookConfig) GetPreviousWebhookSecrets ¶ added in v0.0.37
func (wc *WebhookConfig) GetPreviousWebhookSecrets() ([]string, error)
GetPreviousWebhookSecrets retrieves the previous webhook secrets from a file specified in the WebhookConfig. It reads the contents of the file, splits the data by whitespace, and returns it as a slice of strings.