Documentation
¶
Overview ¶
Package config provides exhaustive configuration for Heimdall using Viper with strict validation at startup.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAuthTransport ¶
func NewAuthTransport(cfg AuthConfig, skipVerify bool) (http.RoundTripper, error)
NewAuthTransport creates an http.RoundTripper that injects authentication into every outgoing request. Returns nil for AuthTypeNone (callers should use http.DefaultTransport in that case).
Types ¶
type AuthConfig ¶
type AuthConfig struct {
Type AuthType `mapstructure:"type" json:"type" yaml:"type"`
// Basic auth
Username string `mapstructure:"username" json:"username" yaml:"username"`
Password string `mapstructure:"password" json:"password" yaml:"password"`
// Bearer token
Token string `mapstructure:"token" json:"token" yaml:"token"`
// OAuth2 client credentials
ClientID string `mapstructure:"client_id" json:"client_id" yaml:"client_id"`
ClientSecret string `mapstructure:"client_secret" json:"client_secret" yaml:"client_secret"`
TokenURL string `mapstructure:"token_url" json:"token_url" yaml:"token_url"`
Scopes []string `mapstructure:"scopes" json:"scopes" yaml:"scopes"`
// API key — sent as a plain header value
APIKey string `mapstructure:"api_key" json:"api_key" yaml:"api_key"`
APIKeyHeader string `mapstructure:"api_key_header" json:"api_key_header" yaml:"api_key_header"` // defaults to "X-API-Key"
// mTLS — client certificate and key files
CertFile string `mapstructure:"cert_file" json:"cert_file" yaml:"cert_file"`
KeyFile string `mapstructure:"key_file" json:"key_file" yaml:"key_file"`
CAFile string `mapstructure:"ca_file" json:"ca_file" yaml:"ca_file"` // optional CA for server verification
}
AuthConfig holds authentication configuration for an upstream service. Only one auth method should be configured at a time.
func (*AuthConfig) Validate ¶
func (a *AuthConfig) Validate() error
Validate checks that the auth configuration is internally consistent.
type AuthType ¶
type AuthType string
AuthType defines the supported authentication methods for upstream services.
type Config ¶
type Config struct {
Server ServerConfig `mapstructure:"server" json:"server" yaml:"server"`
Mimir MimirConfig `mapstructure:"mimir" json:"mimir" yaml:"mimir"`
JWT JWTConfig `mapstructure:"jwt" json:"jwt" yaml:"jwt"`
OPA OPAConfig `mapstructure:"opa" json:"opa" yaml:"opa"`
Database DatabaseConfig `mapstructure:"database" json:"database" yaml:"database"`
FanOut FanOutConfig `mapstructure:"fanout" json:"fanout" yaml:"fanout"`
Telemetry TelemetryConfig `mapstructure:"telemetry" json:"telemetry" yaml:"telemetry"`
}
Config is the top-level configuration for Heimdall.
func Load ¶
Load reads configuration from the given path and validates all required fields. It fails fast if any required value is missing.
func (*Config) Validate ¶
Validate checks basic configuration required for all commands (database, etc.). Use ValidateServe for the full server validation including JWT and OPA.
func (*Config) ValidateServe ¶
ValidateServe checks all configuration required for running the HTTP server, including security-sensitive JWT and OPA settings.
type DatabaseConfig ¶
type DatabaseConfig struct {
Driver string `mapstructure:"driver" json:"driver" yaml:"driver"`
DSN string `mapstructure:"dsn" json:"dsn" yaml:"dsn"`
RefreshInterval time.Duration `mapstructure:"refresh_interval" json:"refresh_interval" yaml:"refresh_interval"`
}
DatabaseConfig holds database connection settings.
type FanOutConfig ¶
type FanOutConfig struct {
MaxConcurrency int `mapstructure:"max_concurrency" json:"max_concurrency" yaml:"max_concurrency"`
Timeout time.Duration `mapstructure:"timeout" json:"timeout" yaml:"timeout"`
}
FanOutConfig holds fan-out concurrency settings.
type JWTConfig ¶
type JWTConfig struct {
JWKSURL string `mapstructure:"jwks_url" json:"jwks_url" yaml:"jwks_url"`
Issuer string `mapstructure:"issuer" json:"issuer" yaml:"issuer"`
Audience string `mapstructure:"audience" json:"audience" yaml:"audience"`
GroupsClaim string `mapstructure:"groups_claim" json:"groups_claim" yaml:"groups_claim"`
UserIDClaim string `mapstructure:"user_id_claim" json:"user_id_claim" yaml:"user_id_claim"`
}
JWTConfig holds JWT validation settings.
type ListenerConfig ¶
type ListenerConfig struct {
Addr string `mapstructure:"addr" json:"addr" yaml:"addr"`
ReadTimeout time.Duration `mapstructure:"read_timeout" json:"read_timeout" yaml:"read_timeout"`
WriteTimeout time.Duration `mapstructure:"write_timeout" json:"write_timeout" yaml:"write_timeout"`
IdleTimeout time.Duration `mapstructure:"idle_timeout" json:"idle_timeout" yaml:"idle_timeout"`
TLS ServerTLSConfig `mapstructure:"tls" json:"tls" yaml:"tls"`
}
ListenerConfig holds settings for a single HTTP(S) listener.
type MimirConfig ¶
type MimirConfig struct {
URL string `mapstructure:"url" json:"url" yaml:"url"`
ReadURL string `mapstructure:"read_url" json:"read_url" yaml:"read_url"`
WriteURL string `mapstructure:"write_url" json:"write_url" yaml:"write_url"`
RulerURL string `mapstructure:"ruler_url" json:"ruler_url" yaml:"ruler_url"`
AlertmanagerURL string `mapstructure:"alertmanager_url" json:"alertmanager_url" yaml:"alertmanager_url"`
Timeout time.Duration `mapstructure:"timeout" json:"timeout" yaml:"timeout"`
InsecureSkipVerify bool `mapstructure:"insecure_skip_verify" json:"insecure_skip_verify" yaml:"insecure_skip_verify"`
Auth AuthConfig `mapstructure:"auth" json:"auth" yaml:"auth"`
}
MimirConfig holds upstream Mimir settings.
type OPAConfig ¶
type OPAConfig struct {
URL string `mapstructure:"url" json:"url" yaml:"url"`
PolicyPath string `mapstructure:"policy_path" json:"policy_path" yaml:"policy_path"`
Timeout time.Duration `mapstructure:"timeout" json:"timeout" yaml:"timeout"`
InsecureSkipVerify bool `mapstructure:"insecure_skip_verify" json:"insecure_skip_verify" yaml:"insecure_skip_verify"`
Auth AuthConfig `mapstructure:"auth" json:"auth" yaml:"auth"`
}
OPAConfig holds Open Policy Agent settings.
type ServerConfig ¶
type ServerConfig struct {
Main ListenerConfig `mapstructure:"main" json:"main" yaml:"main"`
Bundle ListenerConfig `mapstructure:"bundle" json:"bundle" yaml:"bundle"`
LogLevel string `mapstructure:"log_level" json:"log_level" yaml:"log_level"`
}
ServerConfig holds HTTP server settings.
type ServerTLSConfig ¶
type ServerTLSConfig struct {
CertFile string `mapstructure:"cert_file" json:"cert_file" yaml:"cert_file"`
KeyFile string `mapstructure:"key_file" json:"key_file" yaml:"key_file"`
ClientCAFile string `mapstructure:"client_ca_file" json:"client_ca_file" yaml:"client_ca_file"`
}
ServerTLSConfig holds optional TLS settings for a listener.
func (*ServerTLSConfig) Enabled ¶
func (t *ServerTLSConfig) Enabled() bool
Enabled returns true when both CertFile and KeyFile are configured.
type TelemetryConfig ¶
type TelemetryConfig struct {
Enabled bool `mapstructure:"enabled" json:"enabled" yaml:"enabled"`
OTLPEndpoint string `mapstructure:"otlp_endpoint" json:"otlp_endpoint" yaml:"otlp_endpoint"`
ServiceName string `mapstructure:"service_name" json:"service_name" yaml:"service_name"`
InsecureSkipVerify bool `mapstructure:"insecure_skip_verify" json:"insecure_skip_verify" yaml:"insecure_skip_verify"`
Auth AuthConfig `mapstructure:"auth" json:"auth" yaml:"auth"`
}
TelemetryConfig holds OpenTelemetry settings.
Source Files