config

package

v0.1.2 Latest Latest Go to latest Published: Jul 30, 2020 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bitsbeats/prometheus-acls

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type ACL
- func (a *ACL) GetLabelMatchers(metricName string) []*labels.Matcher
- func (a *ACL) ParseAndStoreACL(metricName string, query interface{}) (err error)
type ACLMap
- func (a ACLMap) GetACL(role string) (*ACL, bool)
- func (a ACLMap) GetDenyACL() *ACL
type Config
- func Parse() (c *Config, err error)
type MetricName
type NamedACL
type OidcRole
type RegexACL

Constants ¶

This section is empty.

Variables ¶

View Source

var None = labeler.MustParseLabels("__=\"none\"")

None is a special LabelMatcher that matches for no metric, used to deny access to a metric

Functions ¶

This section is empty.

Types ¶

type ACL ¶

type ACL struct {
	Named NamedACL
	Regex []RegexACL
}

ACL holds the parsed Named and Regex metricName to LabelMatchers

func (*ACL) GetLabelMatchers ¶

func (a *ACL) GetLabelMatchers(metricName string) []*labels.Matcher

GetLabelMatchers checks in order against exact the NamedACL, a RegexACL and the fallback '*' ACL and returns the corresponding LabelMatchers

func (*ACL) ParseAndStoreACL ¶

func (a *ACL) ParseAndStoreACL(metricName string, query interface{}) (err error)

ParseAndStoreACL parses the metricName if its a NamedACL or a RegexACL and the query for all supported query types (see parseLabels)

type ACLMap ¶

type ACLMap map[OidcRole]*ACL

ACLMap is used to look up OidcRole for its configures ACL

func (ACLMap) GetACL ¶

func (a ACLMap) GetACL(role string) (*ACL, bool)

GetACL fetches the ACLs for a specific OidcRole

func (ACLMap) GetDenyACL ¶

func (a ACLMap) GetDenyACL() *ACL

GetDenyACL provides a empty ACL that deny access to any metric

type Config ¶

type Config struct {
	Listen        string `envconfig:"LISTEN" default:":8080"`
	URL           string `envconfig:"URL" default:"http://localhost:8080"`
	PrometheusURL string `envconfig:"PROMETHEUS_URL" default:"http://localhost:9090"`
	CookieSecret  []byte `envconfig:"COOKIE_SECRET"`

	AuthProvider     string `envconfig:"AUTH_PROVIDER" default:"oidc"`
	OidcIssuer       string `envconfig:"OIDC_ISSUER" required:"true"`
	OidcClientID     string `envconfig:"OIDC_CLIENT_ID" required:"true"`
	OidcClientSecret string `envconfig:"OIDC_CLIENT_SECRET" required:"true"`
	OidcRolesClaim   string `envconfig:"OIDC_ROLES_CLAIM" default:"roles"`

	ACLFile string `envconfig:"ACL_FILE" default:"prometheus-acls.yml"`
	ACLMap  ACLMap
}

Config holds the configuration

func Parse ¶

func Parse() (c *Config, err error)

Parse parses the environment for configuration and the provided configuration file for ACLs

type MetricName ¶

type MetricName string

MetricName is a string to identify a Prometheus metric

type NamedACL ¶

type NamedACL map[MetricName][]*labels.Matcher

NamedACL hold the LabelMatchers for a specific MetricName

type OidcRole ¶

type OidcRole string

OidcRole is a string to identify a OIDC role from the OAUTH provider

type RegexACL ¶

type RegexACL struct {
	Regexp        *regexp.Regexp
	LabelMatchers []*labels.Matcher
}

RegexACL holds the LabelMatchers for all MetricNames that match Regexp

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL