Documentation
¶
Overview ¶
Package server contains a centralized structure for all configuration options.
Index ¶
- Variables
- func RegisterIdentityFlags(v *viper.Viper, flags *pflag.FlagSet) error
- func RegisterServerFlags(v *viper.Viper, flags *pflag.FlagSet) error
- func SetViperDefaults(v *viper.Viper)
- type AggregatorConfig
- type AuthConfig
- type AuthzConfig
- type BundleSourceConfig
- type CORSConfig
- type Config
- type ConfigBundleSource
- type DefaultProfilesConfig
- type EventConfig
- type GRPCServerConfig
- type GitHubAppConfig
- type GoChannelEventConfig
- type HTTPServerConfig
- type IdentityConfig
- type IdentityConfigWrapper
- type IncludedBundleConfig
- type LoggingConfig
- type MarketplaceConfig
- type MetricServerConfig
- type MetricsConfig
- type OpenFGAAuth
- type ProviderConfig
- type SQLEventConfig
- type TokenAuth
- type TracingConfig
- type WebhookConfig
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidBundleSource indicates the config has an invalid source type ErrInvalidBundleSource = errors.New("unexpected bundle source") )
Functions ¶
func RegisterIdentityFlags ¶
RegisterIdentityFlags registers the flags for the identity server
func RegisterServerFlags ¶
RegisterServerFlags registers the flags for the Minder server
func SetViperDefaults ¶
SetViperDefaults sets the default values for the configuration to be picked up by viper
Types ¶
type AggregatorConfig ¶
type AggregatorConfig struct {
// LockInterval is the interval for locking events in seconds.
// This is the threshold between rule evaluations + actions.
LockInterval int64 `mapstructure:"lock_interval" default:"30"`
}
AggregatorConfig is the configuration for the event aggregator middleware
type AuthConfig ¶
type AuthConfig struct {
// NoncePeriod is the period in seconds for which a nonce is valid
NoncePeriod int64 `mapstructure:"nonce_period" default:"3600"`
// TokenKey is the key used to store the provider's token in the database
TokenKey string `mapstructure:"token_key" default:"./.ssh/token_key_passphrase"`
}
AuthConfig is the configuration for the auth package
func (*AuthConfig) GetTokenKey ¶
func (acfg *AuthConfig) GetTokenKey() ([]byte, error)
GetTokenKey returns a key used to encrypt the provider's token in the database
type AuthzConfig ¶ added in v0.0.27
type AuthzConfig struct {
// ApiUrl is the URL to the authorization server
ApiUrl string `mapstructure:"api_url" validate:"required"`
// StoreName is the name of the store to use for authorization
StoreName string `mapstructure:"store_name" default:"minder" validate:"required_without=StoreID"`
// StoreID is the ID of the store to use for authorization
StoreID string `mapstructure:"store_id" default:"" validate:"required_without=StoreName"`
// ModelID is the ID of the model to use for authorization
ModelID string `mapstructure:"model_id" default:""`
// Auth is the authentication configuration for the authorization server
Auth OpenFGAAuth `mapstructure:"auth" validate:"required"`
}
AuthzConfig is the configuration for minder's authorization
func (*AuthzConfig) Validate ¶ added in v0.0.27
func (a *AuthzConfig) Validate() error
Validate validates the Authz configuration
type BundleSourceConfig ¶ added in v0.0.38
type BundleSourceConfig struct {
Type string `mapstructure:"type"`
Location string `mapstructure:"location"`
}
BundleSourceConfig holds details about where the bundle gets loaded from
func (*BundleSourceConfig) GetType ¶ added in v0.0.38
func (b *BundleSourceConfig) GetType() (ConfigBundleSource, error)
GetType returns the source as an enum type, or error if invalid TODO: investigate whether mapstructure would allow us to validate during deserialization.
type CORSConfig ¶ added in v0.0.32
type CORSConfig struct {
// Enabled is the flag to enable CORS
Enabled bool `mapstructure:"enabled" default:"false"`
// AllowOrigins is the list of allowed origins
AllowOrigins []string `mapstructure:"allow_origins"`
// AllowMethods is the list of allowed methods
AllowMethods []string `mapstructure:"allow_methods"`
// AllowHeaders is the list of allowed headers
AllowHeaders []string `mapstructure:"allow_headers"`
// ExposeHeaders is the list of exposed headers
ExposeHeaders []string `mapstructure:"expose_headers"`
// AllowCredentials is the flag to allow credentials
AllowCredentials bool `mapstructure:"allow_credentials" default:"false"`
}
CORSConfig is the configuration for the CORS middleware that can be used with the HTTP server. Note that this is not applicable to the gRPC server.
type Config ¶
type Config struct {
HTTPServer HTTPServerConfig `mapstructure:"http_server"`
GRPCServer GRPCServerConfig `mapstructure:"grpc_server"`
MetricServer MetricServerConfig `mapstructure:"metric_server"`
LoggingConfig LoggingConfig `mapstructure:"logging"`
Tracing TracingConfig `mapstructure:"tracing"`
Metrics MetricsConfig `mapstructure:"metrics"`
Database config.DatabaseConfig `mapstructure:"database"`
Identity IdentityConfigWrapper `mapstructure:"identity"`
Auth AuthConfig `mapstructure:"auth"`
WebhookConfig WebhookConfig `mapstructure:"webhook-config"`
Events EventConfig `mapstructure:"events"`
Authz AuthzConfig `mapstructure:"authz"`
Provider ProviderConfig `mapstructure:"provider"`
Marketplace MarketplaceConfig `mapstructure:"marketplace"`
DefaultProfiles DefaultProfilesConfig `mapstructure:"default_profiles"`
}
Config is the top-level configuration structure.
func DefaultConfigForTest ¶
func DefaultConfigForTest() *Config
DefaultConfigForTest returns a configuration with all the struct defaults set, but no other changes.
type ConfigBundleSource ¶ added in v0.0.38
type ConfigBundleSource string
ConfigBundleSource is an enum of valid config sources
const ( // TgzSource represents a bundle in a .tar.gz file TgzSource ConfigBundleSource = "tgz" // Unknown is a default value Unknown = "unknown" )
type DefaultProfilesConfig ¶ added in v0.0.38
type DefaultProfilesConfig struct {
Enabled bool `mapstructure:"enabled" default:"false"`
// List of profile names to install
Profiles []string `mapstructure:"profiles"`
// The bundle to subscribe to
Bundle IncludedBundleConfig `mapstructure:"bundle"`
}
DefaultProfilesConfig holds the profiles installed by default during project creation. If omitted - this will default to disabled.
func (*DefaultProfilesConfig) GetProfiles ¶ added in v0.0.38
func (d *DefaultProfilesConfig) GetProfiles() []string
GetProfiles is a null-safe getter for Profiles
type EventConfig ¶
type EventConfig struct {
// Driver is the driver used to store events
Driver string `mapstructure:"driver" default:"go-channel"`
// RouterCloseTimeout is the timeout for closing the router in seconds
RouterCloseTimeout int64 `mapstructure:"router_close_timeout" default:"10"`
// GoChannel is the configuration for the go channel event driver
GoChannel GoChannelEventConfig `mapstructure:"go-channel"`
// SQLPubSub is the configuration for the database event driver
SQLPubSub SQLEventConfig `mapstructure:"sql"`
// Aggregator is the configuration for the event aggregator middleware
Aggregator AggregatorConfig `mapstructure:"aggregator"`
}
EventConfig is the configuration for minder's eventing system.
type GRPCServerConfig ¶
type GRPCServerConfig struct {
// Host is the host to bind to
Host string `mapstructure:"host" default:"127.0.0.1"`
// Port is the port to bind to
Port int `mapstructure:"port" default:"8090"`
}
GRPCServerConfig is the configuration for the gRPC server
func (*GRPCServerConfig) GetAddress ¶
func (s *GRPCServerConfig) GetAddress() string
GetAddress returns the address to bind to
type GitHubAppConfig ¶ added in v0.0.37
type GitHubAppConfig struct {
// AppName is the name of the GitHub App
AppName string `mapstructure:"app_name"`
// AppID is the ID of the GitHub App
AppID int64 `mapstructure:"app_id" default:"0"`
// UserID is the ID of the GitHub App user
UserID int64 `mapstructure:"user_id" default:"0"`
// PrivateKey is the path to the GitHub App's private key in PEM format
PrivateKey string `mapstructure:"private_key"`
// WebhookSecret is the GitHub App's webhook secret
WebhookSecret string `mapstructure:"webhook_secret"`
// WebhookSecretFile is the location of the file containing the GitHub App's webhook secret
WebhookSecretFile string `mapstructure:"webhook_secret_file"`
// FallbackToken is the fallback token to use when listing packages
FallbackToken string `mapstructure:"fallback_token"`
// FallbackTokenFile is the location of the file containing the fallback token to use when listing packages
FallbackTokenFile string `mapstructure:"fallback_token_file"`
}
GitHubAppConfig is the configuration for the GitHub App providers
func (*GitHubAppConfig) GetFallbackToken ¶ added in v0.0.43
func (ghcfg *GitHubAppConfig) GetFallbackToken() (string, error)
GetFallbackToken returns the GitHub App's fallback token
func (*GitHubAppConfig) GetPrivateKey ¶ added in v0.0.37
func (ghcfg *GitHubAppConfig) GetPrivateKey() (*rsa.PrivateKey, error)
GetPrivateKey returns the GitHub App's private key
func (*GitHubAppConfig) GetWebhookSecret ¶ added in v0.0.43
func (ghcfg *GitHubAppConfig) GetWebhookSecret() (string, error)
GetWebhookSecret returns the GitHub App's webhook secret
type GoChannelEventConfig ¶
type GoChannelEventConfig struct {
// BufferSize is the size of the buffer for the go channel
BufferSize int64 `mapstructure:"buffer_size" default:"0"`
// PersistEvents is whether or not to persist events to the channel
PersistEvents bool `mapstructure:"persist_events" default:"false"`
// BlockPublishUntilSubscriberAck is whether or not to block publishing until
// the subscriber acks the message. This is useful for testing.
BlockPublishUntilSubscriberAck bool `mapstructure:"block_publish_until_subscriber_ack" default:"false"`
}
GoChannelEventConfig is the configuration for the go channel event driver for minder's eventing system.
type HTTPServerConfig ¶
type HTTPServerConfig struct {
// Host is the host to bind to
Host string `mapstructure:"host" default:"127.0.0.1"`
// Port is the port to bind to
Port int `mapstructure:"port" default:"8080"`
// CORS is the configuration for CORS
CORS CORSConfig `mapstructure:"cors"`
}
HTTPServerConfig is the configuration for the HTTP server
func (*HTTPServerConfig) GetAddress ¶
func (s *HTTPServerConfig) GetAddress() string
GetAddress returns the address to bind to
type IdentityConfig ¶
type IdentityConfig struct {
// IssuerUrl is the base URL where the identity server is running
IssuerUrl string `mapstructure:"issuer_url" default:"http://localhost:8081"`
// ClientId is the client ID that identifies the minder server
ClientId string `mapstructure:"client_id" default:"minder-server"`
// ClientSecret is the client secret for the minder server
ClientSecret string `mapstructure:"client_secret" default:"secret"`
// ClientSecretFile is the location of a file containing the client secret for the minder server (optional)
ClientSecretFile string `mapstructure:"client_secret_file"`
}
IdentityConfig is the configuration for the identity provider in minder server
func (*IdentityConfig) Do ¶ added in v0.0.39
func (sic *IdentityConfig) Do( ctx context.Context, method string, path string, query url.Values, body io.Reader) (*http.Response, error)
Do sends an HTTP request to the identity server, using the configured client credentials.
func (*IdentityConfig) GetClientSecret ¶
func (sic *IdentityConfig) GetClientSecret() (string, error)
GetClientSecret returns the minder-server client secret
type IdentityConfigWrapper ¶
type IdentityConfigWrapper struct {
Server IdentityConfig `mapstructure:"server"`
}
IdentityConfigWrapper is the configuration for the identity provider
type IncludedBundleConfig ¶ added in v0.0.38
type IncludedBundleConfig struct {
Namespace string `mapstructure:"namespace"`
Name string `mapstructure:"name"`
}
IncludedBundleConfig holds details about the bundle included with Minder
type LoggingConfig ¶
type LoggingConfig struct {
Level string `mapstructure:"level" default:"debug"`
Format string `mapstructure:"format" default:"json"`
LogFile string `mapstructure:"logFile" default:""`
// LogPayloads controls whether or not message payloads are ever logged.
// For debugging purposes, it may be useful to log the payloads that result
// in error conditions, but could also leak PII.
LogPayloads bool `mapstructure:"logPayloads" default:"false"`
}
LoggingConfig is the configuration for the logging package
type MarketplaceConfig ¶ added in v0.0.38
type MarketplaceConfig struct {
Enabled bool `mapstructure:"enabled" default:"false"`
Sources []BundleSourceConfig `mapstructure:"sources"`
}
MarketplaceConfig holds the config for the marketplace functionality.
type MetricServerConfig ¶
type MetricServerConfig struct {
// Host is the host to bind to
Host string `mapstructure:"host" default:"127.0.0.1"`
// Port is the port to bind to
Port int `mapstructure:"port" default:"9090"`
}
MetricServerConfig is the configuration for the metric server
func (*MetricServerConfig) GetAddress ¶
func (s *MetricServerConfig) GetAddress() string
GetAddress returns the address to bind to
type MetricsConfig ¶
type MetricsConfig struct {
Enabled bool `mapstructure:"enabled" default:"true"`
}
MetricsConfig is the configuration for the metrics
type OpenFGAAuth ¶ added in v0.0.27
type OpenFGAAuth struct {
// Method is the authentication method to use
Method string `mapstructure:"method" default:"none" validate:"oneof=token none"`
// Token is the configuration for OpenID Connect authentication
Token TokenAuth `mapstructure:"token"`
}
OpenFGAAuth contains the authentication configuration for OpenFGA
func (*OpenFGAAuth) Validate ¶ added in v0.0.27
func (o *OpenFGAAuth) Validate() error
Validate validates the OpenFGAAuth configuration
type ProviderConfig ¶ added in v0.0.37
type ProviderConfig struct {
GitHubApp *GitHubAppConfig `mapstructure:"github-app"`
}
ProviderConfig is the configuration for the providers
type SQLEventConfig ¶
type SQLEventConfig struct {
// InitSchema is whether or not to initialize the schema
InitSchema bool `mapstructure:"init_schema" default:"true"`
Connection config.DatabaseConfig `mapstructure:"connection" default:"{\"dbname\":\"watermill\"}"`
}
SQLEventConfig is the configuration for the database event driver
type TokenAuth ¶ added in v0.0.27
type TokenAuth struct {
// TokenPath is the path to the token to use for authentication.
// defaults to the kubernetes service account token
//nolint:lll
TokenPath string `mapstructure:"token_path" default:"/var/run/secrets/kubernetes.io/serviceaccount/token"`
}
TokenAuth contains the configuration for token authentication
type TracingConfig ¶
type TracingConfig struct {
Enabled bool `mapstructure:"enabled" default:"false"`
// for the demonstration, we use AlwaysSmaple sampler to take all spans.
// do not use this option in production.
SampleRatio float64 `mapstructure:"sample_ratio" default:"0.1"`
}
TracingConfig is the configuration for our tracing capabilities
type WebhookConfig ¶
type WebhookConfig struct {
// ExternalWebhookURL is the URL that we will send our webhook to
ExternalWebhookURL string `mapstructure:"external_webhook_url"`
// ExternalPingURL is the URL that we will send our ping to
ExternalPingURL string `mapstructure:"external_ping_url"`
// WebhookSecret is the secret that we will use to sign our webhook
WebhookSecret string `mapstructure:"webhook_secret"`
// PreviousWebhookSecretFile is a reference to a file that contains previous webhook secrets. This is used
// in case we are rotating secrets and the external service is still using the old secret. These will not
// be used when creating new webhooks.
PreviousWebhookSecretFile string `mapstructure:"previous_webhook_secret_file"`
}
WebhookConfig is the configuration for our webhook capabilities
func (*WebhookConfig) GetPreviousWebhookSecrets ¶ added in v0.0.37
func (wc *WebhookConfig) GetPreviousWebhookSecrets() ([]string, error)
GetPreviousWebhookSecrets retrieves the previous webhook secrets from a file specified in the WebhookConfig. It reads the contents of the file, splits the data by whitespace, and returns it as a slice of strings.
Source Files