Documentation
¶
Index ¶
- Constants
- func GetConfigAbsFilename(file, projFolder string) (string, error)
- type Authz
- type CORS
- type CertPublisher
- type CertsMonitor
- type Configuration
- type CryptoProv
- type Factory
- type Github
- type Google
- type HTTPServer
- type Hostmap
- type IdentityMap
- type JWTIdentityMap
- type KeepAlive
- type Logger
- type Martini
- type Metrics
- type RegistrationAuthority
- type RepoLogLevel
- type SQL
- type Swagger
- type TLSIdentityMap
- type TLSInfo
- type Task
- type TrustyClient
Constants ¶
View Source
const ( // WFEServerName specifies server name for Web Front End WFEServerName = "wfe" // CISServerName specifies server name for Certificate Information CISServerName = "cis" // CAServerName specifies server name for Certification Authority CAServerName = "ca" )
View Source
const ( // ConfigFileName is default name for the configuration file ConfigFileName = "trusty-config.yaml" // EnvHostnameKey is the env name to look up for the config override by hostname. // if it's set, then $(TRUSTY_HOSTNAME).$(ConfigFileName) will be added to override list EnvHostnameKey = "TRUSTY_HOSTNAME" )
Variables ¶
This section is empty.
Functions ¶
func GetConfigAbsFilename ¶
GetConfigAbsFilename returns absolute path for the configuration file from the relative path to projFolder
Types ¶
type Authz ¶
type Authz struct {
// Allow will allow the specified roles access to this path and its children, in format: ${path}:${role},${role}
Allow []string `json:"allow" yaml:"allow"`
// AllowAny will allow any non-authenticated request access to this path and its children
AllowAny []string `json:"allow_any" yaml:"allow_any"`
// AllowAnyRole will allow any authenticated request that includes a non empty role
AllowAnyRole []string `json:"allow_any_role" yaml:"allow_any_role"`
// LogAllowedAny specifies to log allowed access to Any role
LogAllowedAny bool `json:"log_allowed_any" yaml:"log_allowed_any"`
// LogAllowed specifies to log allowed access
LogAllowed bool `json:"log_allowed" yaml:"log_allowed"`
// LogDenied specifies to log denied access
LogDenied bool `json:"log_denied" yaml:"log_denied"`
}
Authz contains configuration for the authorization module
type CORS ¶
type CORS struct {
// Enabled specifies if the CORS is enabled.
Enabled *bool `json:"enabled,omitempty" yaml:"enabled,omitempty"`
// MaxAge indicates how long (in seconds) the results of a preflight request can be cached.
MaxAge int `json:"max_age,omitempty" yaml:"max_age,omitempty"`
// AllowedOrigins is a list of origins a cross-domain request can be executed from.
AllowedOrigins []string `json:"allowed_origins,omitempty" yaml:"allowed_origins,omitempty"`
// AllowedMethods is a list of methods the client is allowed to use with cross-domain requests.
AllowedMethods []string `json:"allowed_methods,omitempty" yaml:"allowed_methods,omitempty"`
// AllowedHeaders is list of non simple headers the client is allowed to use with cross-domain requests.
AllowedHeaders []string `json:"allowed_headers,omitempty" yaml:"allowed_headers,omitempty"`
// ExposedHeaders indicates which headers are safe to expose to the API of a CORS API specification.
ExposedHeaders []string `json:"exposed_headers,omitempty" yaml:"exposed_headers,omitempty"`
// AllowCredentials indicates whether the request can include user credentials.
AllowCredentials *bool `json:"allow_credentials,omitempty" yaml:"allow_credentials,omitempty"`
// OptionsPassthrough instructs preflight to let other potential next handlers to process the OPTIONS method.
OptionsPassthrough *bool `json:"options_pass_through,omitempty" yaml:"options_pass_through,omitempty"`
// Debug flag adds additional output to debug server side CORS issues.
Debug *bool `json:"debug,omitempty" yaml:"debug,omitempty"`
}
CORS contains configuration for CORS.
func (*CORS) GetAllowCredentials ¶
GetAllowCredentials flag
func (*CORS) GetEnabled ¶
GetEnabled specifies if the CORS is enabled.
func (*CORS) GetOptionsPassthrough ¶
GetOptionsPassthrough flag
type CertPublisher ¶
type CertPublisher struct {
BaseURL string `json:"base_url" yaml:"base_url"`
CertsBucket string `json:"cert_bucket" yaml:"cert_bucket"`
CRLBucket string `json:"crl_bucket" yaml:"crl_bucket"`
}
CertPublisher ontains configuration info for Publisher
type CertsMonitor ¶
type CertsMonitor struct {
// Locations specifies the list of files to monitor. It may have a prefix with cert type, in format {type}:{location}
Locations []string `json:"locations" yaml:"locations"`
}
CertsMonitor specifies configurations for monitoring certs expiry
type Configuration ¶
type Configuration struct {
// Region specifies the Region / Datacenter where the instance is running
Region string `json:"region,omitempty" yaml:"region,omitempty"`
// Environment specifies the environment where the instance is running: prod|stage|dev
Environment string `json:"environment,omitempty" yaml:"environment,omitempty"`
// ServiceName specifies the service name to be used in logs, metrics, etc
ServiceName string `json:"service,omitempty" yaml:"service,omitempty"`
// ClusterName specifies the cluster name
ClusterName string `json:"cluster,omitempty" yaml:"cluster,omitempty"`
// Metrics specifies the metrics pipeline configuration
Metrics Metrics `json:"metrics" yaml:"metrics"`
// Audit contains configuration for the audit logger
Audit Logger `json:"audit" yaml:"audit"`
// Logs contains configuration for the logger
Logs Logger `json:"logs" yaml:"logs"`
// LogLevels specifies the log levels per package
LogLevels []RepoLogLevel `json:"log_levels" yaml:"log_levels"`
// CryptoProv specifies the configuration for crypto providers
CryptoProv CryptoProv `json:"crypto_provider" yaml:"crypto_provider"`
// OrgsSQL specifies the configuration for SQL provider
OrgsSQL SQL `json:"orgs_sql" yaml:"orgs_sql"`
// CaSQL specifies the configuration for SQL provider
CaSQL SQL `json:"ca_sql" yaml:"ca_sql"`
// JWT specifies configuration file for the JWT provider
JWT string `json:"jwt_provider" yaml:"jwt_provider"`
// Authority specifies configuration file for CA
Authority string `json:"authority" yaml:"authority"`
// RegistrationAuthority contains configuration info for RA
RegistrationAuthority *RegistrationAuthority `json:"ra" yaml:"ra"`
// HTTPServers specifies a list of servers that expose HTTP or gRPC services
HTTPServers map[string]*HTTPServer `json:"servers" yaml:"servers"`
// TODO: refactor
// TrustyClient specifies configurations for the client to connect to the cluster
TrustyClient TrustyClient `json:"trusty_client" yaml:"trusty_client"`
// Github specifies the configuration for Github client
Github Github `json:"github" yaml:"github"`
// Google specifies the configuration for Google client
Google Google `json:"google" yaml:"google"`
// OAuthClients specifies the configuration files for OAuth clients
OAuthClients []string `json:"oauth_clients" yaml:"oauth_clients"`
// EmailProviders specifies the configuration files for email providers
EmailProviders []string `json:"email_providers" yaml:"email_providers"`
// Acme specifies the configuration files for ACME provider
Acme string `json:"acme" yaml:"acme"`
// PaymentProvider specifies the configuration file for payment provider
PaymentProvider string `json:"payment_provider" yaml:"payment_provider"`
// Tasks specifies array of tasks
Tasks []Task `json:"tasks" yaml:"tasks"`
// CertsMonitor specifies the configuration for cert monitor
CertsMonitor CertsMonitor `json:"certs_monitor" yaml:"certs_monitor"`
// Martini specifies Martini configuration.
Martini Martini `json:"martini" yaml:"martini"`
}
Configuration contains the user configurable data for the service
func LoadConfig ¶
func LoadConfig(configFile string) (*Configuration, error)
LoadConfig will load the configuration from the named config file, apply any overrides, and resolve relative directory locations.
func LoadConfigForHostName ¶
func LoadConfigForHostName(configFile, hostnameOverride string) (*Configuration, error)
LoadConfigForHostName will load the configuration from the named config file for specified host name, apply any overrides, and resolve relative directory locations.
type CryptoProv ¶
type CryptoProv struct {
// Default specifies the location of the configuration file for default provider
Default string `json:"default,omitempty" yaml:"default,omitempty"`
// Providers specifies the list of locations of the configuration files
Providers []string `json:"providers,omitempty" yaml:"providers,omitempty"`
// PKCS11Manufacturers specifies the list of supported manufactures of PKCS11 tokens
PKCS11Manufacturers []string `json:"pkcs11_manufacturers,omitempty" yaml:"pkcs11_manufacturers,omitempty"`
}
CryptoProv specifies the configuration for crypto providers
type Factory ¶
type Factory struct {
// contains filtered or unexported fields
}
Factory is used to create Configuration instance
func DefaultFactory ¶
DefaultFactory returns default configuration factory
func NewFactory ¶
NewFactory returns new configuration factory
func (*Factory) LoadConfig ¶
func (f *Factory) LoadConfig(configFile string) (*Configuration, error)
LoadConfig will load the configuration from the named config file, apply any overrides, and resolve relative directory locations.
func (*Factory) LoadConfigForHostName ¶
func (f *Factory) LoadConfigForHostName(configFile, hostnameOverride string) (*Configuration, error)
LoadConfigForHostName will load the configuration from the named config file for specified host name, apply any overrides, and resolve relative directory locations.
func (*Factory) WithEnvHostname ¶
WithEnvHostname allows to specify Env name for hostname
func (*Factory) WithEnvironment ¶
WithEnvironment allows to override environment in Configuration
type Github ¶
type Github struct {
// BaseURL specifies the Github base URL.
BaseURL string `json:"base_url" yaml:"base_url"`
}
Github specifies the configuration for Github client
type Google ¶
type Google struct {
// BaseURL specifies the Google base URL.
BaseURL string `json:"base_url" yaml:"base_url"`
}
Google specifies the configuration for Google client
type HTTPServer ¶
type HTTPServer struct {
// Description provides description of the server
Description string `json:"description,omitempty" yaml:"description,omitempty"`
// Disabled specifies if the service is disabled
Disabled bool `json:"disabled,omitempty" yaml:"disabled,omitempty"`
// ClientURL is the public URL exposed to clients
ClientURL string `json:"client_url" yaml:"client_url"`
// ListenURLs is the list of URLs that the server will be listen on
ListenURLs []string `json:"listen_urls" yaml:"listen_urls"`
// ServerTLS provides TLS config for server
ServerTLS *TLSInfo `json:"server_tls,omitempty" yaml:"server_tls,omitempty"`
// PackageLogger if set, specifies name of the package logger
PackageLogger string `json:"logger,omitempty" yaml:"logger,omitempty"`
// AllowProfiling if set, will allow for per request CPU/Memory profiling triggered by the URI QueryString
AllowProfiling *bool `json:"allow_profiling,omitempty" yaml:"allow_profiling,omitempty"`
// ProfilerDir specifies the directories where per-request profile information is written, if not set will write to a TMP dir
ProfilerDir string `json:"profile_dir,omitempty" yaml:"profile_dir,omitempty"`
// Services is a list of services to enable for this HTTP Service
Services []string `json:"services" yaml:"services"`
// HeartbeatSecs specifies heartbeat interval in seconds [5 secs is a minimum]
HeartbeatSecs int `json:"heartbeat_secs" yaml:"heartbeat_secs"`
// IdentityMap contains configuration for the roles
IdentityMap IdentityMap `json:"identity_map" yaml:"identity_map"`
// Authz contains configuration for the authorization module
Authz Authz `json:"authz" yaml:"authz"`
// CORS contains configuration for CORS.
CORS *CORS `json:"cors,omitempty" yaml:"cors,omitempty"`
// Timeout settings
Timeout struct {
// Request is the timeout for client requests to finish.
Request time.Duration `json:"request,omitempty" yaml:"request,omitempty"`
} `json:"timeout" yaml:"timeout"`
// KeepAlive settings
KeepAlive KeepAlive `json:"keep_alive" yaml:"keep_alive"`
// Swagger specifies the configuration for Swagger
Swagger Swagger `json:"swagger" yaml:"swagger"`
// EnableGRPCGateway allows gRPC GW
EnableGRPCGateway bool `json:"enable_grpc_gateway" yaml:"enable_grpc_gateway"`
}
HTTPServer contains the configuration of the HTTP API Service
func (*HTTPServer) ParseListenURLs ¶
func (c *HTTPServer) ParseListenURLs() ([]*url.URL, error)
ParseListenURLs constructs a list of listen peers URLs
type Hostmap ¶
type Hostmap struct {
// Override is a map of host name to file location
Override map[string]string
}
Hostmap provides overrides info
type IdentityMap ¶
type IdentityMap struct {
// TLS identity map
TLS TLSIdentityMap `json:"tls" yaml:"tls"`
// JWT identity map
JWT JWTIdentityMap `json:"jwt" yaml:"jwt"`
}
IdentityMap contains configuration for the roles
type JWTIdentityMap ¶
type JWTIdentityMap struct {
// DefaultAuthenticatedRole specifies role name for identity, if not found in maps
DefaultAuthenticatedRole string `json:"default_authenticated_role" yaml:"default_authenticated_role"`
// Enable TLS identities
Enabled bool `json:"enabled" yaml:"enabled"`
// Audience specifies the token audience
Audience string `json:"audience" yaml:"audience"`
// Roles is a map of role to JWT identity
Roles map[string][]string `json:"roles" yaml:"roles"`
}
JWTIdentityMap provides roles for JWT
type KeepAlive ¶
type KeepAlive struct {
// MinTime is the minimum interval that a client should wait before pinging server.
MinTime time.Duration `json:"min_time,omitempty" yaml:"min_time,omitempty"`
// Interval is the frequency of server-to-client ping to check if a connection is alive.
Interval time.Duration `json:"interval,omitempty" yaml:"interval,omitempty"`
// Timeout is the additional duration of wait before closing a non-responsive connection, use 0 to disable.
Timeout time.Duration `json:"timeout,omitempty" yaml:"timeout,omitempty"`
}
KeepAlive settings
type Logger ¶
type Logger struct {
// Directory contains where to store the log files; if value is empty, them stderr is used for output
Directory string `json:"directory,omitempty" yaml:"directory,omitempty"`
// MaxAgeDays controls how old files are before deletion
MaxAgeDays int `json:"max_age_days,omitempty" yaml:"max_age_days,omitempty"`
// MaxSizeMb contols how large a single log file can be before its rotated
MaxSizeMb int `json:"max_size_mb,omitempty" yaml:"max_size_mb,omitempty"`
}
Logger contains information about the configuration of a logger/log rotation
type Martini ¶
type Martini struct {
WebAppHost string `json:"web_app_host" yaml:"web_app_host"`
PollPaymentStatusInterval time.Duration `json:"poll_payment_status_interval" yaml:"poll_payment_status_interval"`
PollPaymentStatusTimeout time.Duration `json:"poll_payment_status_timeout" yaml:"poll_payment_status_timeout"`
FccTimeout time.Duration `json:"fcc_timeout" yaml:"fcc_timeout"`
}
Martini specifies configuration.
type Metrics ¶
type Metrics struct {
// Disabled specifies if the metrics provider is disabled
Disabled *bool `json:"disabled,omitempty" yaml:"disabled,omitempty"`
// Provider specifies the metrics provider: prometeus|inmem
Provider string `json:"provider,omitempty" yaml:"provider,omitempty"`
}
Metrics specifies the metrics pipeline configuration
func (*Metrics) GetDisabled ¶
GetDisabled specifies if the metrics provider is disabled
type RegistrationAuthority ¶
type RegistrationAuthority struct {
// PrivateRoots specifies the list of private Root Certs files.
PrivateRoots []string `json:"private_roots,omitempty" yaml:"private_roots,omitempty"`
// PublicRoots specifies the list of public Root Certs files.
PublicRoots []string `json:"public_roots,omitempty" yaml:"public_roots,omitempty"`
Publisher CertPublisher `json:"publisher,omitempty" yaml:"publisher,omitempty"`
}
RegistrationAuthority contains configuration info for RA
type RepoLogLevel ¶
type RepoLogLevel struct {
// Repo specifies the repo name, or '*' for all repos [Global]
Repo string `json:"repo,omitempty" yaml:"repo,omitempty"`
// Package specifies the package name
Package string `json:"package,omitempty" yaml:"package,omitempty"`
// Level specifies the log level for the repo [ERROR,WARNING,NOTICE,INFO,DEBUG,TRACE].
Level string `json:"level,omitempty" yaml:"level,omitempty"`
}
RepoLogLevel contains information about the log level per repo. Use * to set up global level.
type SQL ¶
type SQL struct {
// Driver specifies the driver name: postgres|mysql.
Driver string `json:"driver,omitempty" yaml:"driver,omitempty"`
// DataSource specifies the connection string. It can be prefixed with file:// or env:// to load the source from a file or environment variable.
DataSource string `json:"data_source,omitempty" yaml:"data_source,omitempty"`
// MigrationsDir specifies the directory that contains migrations.
MigrationsDir string `json:"migrations_dir,omitempty" yaml:"migrations_dir,omitempty"`
// ForceVersion specifies to force version.
ForceVersion int `json:"force_version,omitempty" yaml:"force_version,omitempty"`
}
SQL specifies the configuration for SQL provider.
type Swagger ¶
type Swagger struct {
// Enabled allows Swagger
Enabled bool `json:"enabled" yaml:"enabled"`
// Files is a map of service name to location
Files map[string]string `json:"files" yaml:"files"`
}
Swagger specifies the configuration for Swagger
type TLSIdentityMap ¶
type TLSIdentityMap struct {
// DefaultAuthenticatedRole specifies role name for identity, if not found in maps
DefaultAuthenticatedRole string `json:"default_authenticated_role" yaml:"default_authenticated_role"`
// Enable TLS identities
Enabled bool `json:"enabled" yaml:"enabled"`
// Roles is a map of role to TLS identity
Roles map[string][]string `json:"roles" yaml:"roles"`
}
TLSIdentityMap provides roles for TLS
type TLSInfo ¶
type TLSInfo struct {
// CertFile specifies location of the cert
CertFile string `json:"cert,omitempty" yaml:"cert,omitempty"`
// KeyFile specifies location of the key
KeyFile string `json:"key,omitempty" yaml:"key,omitempty"`
// TrustedCAFile specifies location of the trusted Root file
TrustedCAFile string `json:"trusted_ca,omitempty" yaml:"trusted_ca,omitempty"`
// CRLFile specifies location of the CRL
CRLFile string `json:"crl,omitempty" yaml:"crl,omitempty"`
// OCSPFile specifies location of the OCSP response
OCSPFile string `json:"ocsp,omitempty" yaml:"ocsp,omitempty"`
// CipherSuites allows to speciy Cipher suites
CipherSuites []string `json:"cipher_suites,omitempty" yaml:"cipher_suites,omitempty"`
// ClientCertAuth controls client auth
ClientCertAuth *bool `json:"client_cert_auth,omitempty" yaml:"client_cert_auth,omitempty"`
}
TLSInfo contains configuration info for the TLS
func (*TLSInfo) GetClientCertAuth ¶
GetClientCertAuth controls client auth
type Task ¶
type Task struct {
// Name specifies the name of the task.
Name string `json:"name" yaml:"name"`
// Schedule specifies the schedule of this task.
Schedule string `json:"schedule" yaml:"schedule"`
// Args specifies parameters for the task.
Args []string `json:"args" yaml:"args"`
}
Task specifies configuration of a single task.
type TrustyClient ¶
type TrustyClient struct {
// ClientTLS describes the TLS certs used to connect to the cluster
ClientTLS TLSInfo `json:"client_tls,omitempty" yaml:"client_tls,omitempty"`
// ServerURL specifies URLs for each server
ServerURL map[string][]string `json:"server_url,omitempty" yaml:"server_url,omitempty"`
// DialTimeout is the timeout for failing to establish a connection.
DialTimeout time.Duration `json:"dial_timeout,omitempty" yaml:"dial_timeout,omitempty"`
// DialKeepAliveTime is the time after which client pings the server to see if
// transport is alive.
DialKeepAliveTime time.Duration `json:"dial_keep_alive_time,omitempty" yaml:"dial_keep_alive_time,omitempty"`
// DialKeepAliveTimeout is the time that the client waits for a response for the
// keep-alive probe. If the response is not received in this time, the connection is closed.
DialKeepAliveTimeout time.Duration `json:"dial_keep_alive_timeout,omitempty" yaml:"dial_keep_alive_timeout,omitempty"`
}
TrustyClient specifies configurations for the client to connect to the cluster
Source Files
Click to show internal directories.
Click to hide internal directories.