Documentation ¶
Index ¶
- Constants
- Variables
- func DetectServerAddr(servers []Server, serverType, serverAddr string) (string, error)
- func GetDefaultServerAddr(servers []Server, serverType string) (string, error)
- func GetSchema(name string) *spec.Schema
- func IsDomainAllowed(server Server, serverAddr string) bool
- func LoadConfigFiles(paths []string) (*AuthdConfig, []*AuthdSocketConfig, error)
- func LoadSchema(name string) (*spec.Schema, error)
- func RecursiveFindConfFiles(dir string) ([]string, error)
- func ValidateConfig(dataObj interface{}, s *spec.Schema, rootName string) (multiErr error)
- type AllowedRole
- type AuthdConfig
- type AuthdConfigV1
- type AuthdSocketConfig
- func (a *AuthdSocketConfig) GetAllowedRoles() []AllowedRole
- func (a *AuthdSocketConfig) GetAllowedServerTypes() []string
- func (a *AuthdSocketConfig) GetGroup() string
- func (a *AuthdSocketConfig) GetMode() int
- func (a *AuthdSocketConfig) GetPath() string
- func (a *AuthdSocketConfig) GetUser() string
- func (c *AuthdSocketConfig) Load(metadata Metadata, data []byte) error
- func (c *AuthdSocketConfig) LoadV1(data []byte) (*AuthdSocketConfigV1, error)
- type AuthdSocketConfigV1
- type Metadata
- type Server
- type VersionedUntyped
Constants ¶
const ApiVersionKey = "apiVersion"
const AuthdConfigKind = "AuthdConfig"
const AuthdSocketConfigKind = "AuthdSocketConfig"
const KindKey = "kind"
Variables ¶
var Schemas = map[string]string{
"AuthdConfig/v1": `
type: object
additionalProperties: false
minProperties: 4
properties:
apiVersion:
title: apiVersion
description: |
API domain and version
type: string
kind:
title: kind
description: |
Config kind
type: string
jwtPath:
type: string
defaultSocketDirectory:
description: |
A path where all server sockets are created.
type: string
servers:
type: array
additionalItems: false
minItems: 1
items:
type: object
additionalProperties: false
required:
- domain
- type
properties:
type:
description: |
Vault server type
type: string
enum:
- Auth
- RootSource
- Test
domain:
description: |
Vault server address
type: string
allowRedirects:
description: |
Vault server address
type: array
items:
type: string
`,
"AuthdSocketConfig/v1": `
type: object
additionalProperties: false
minProperties: 4
properties:
apiVersion:
title: apiVersion
description: |
API domain and version
type: string
kind:
title: kind
description: |
Config kind
type: string
path:
type: string
user:
type: string
group:
type: string
mode:
type: number
allowedRoles:
type: array
additionalItems: false
minItems: 1
items:
type: object
additionalProperties: false
required:
- role
properties:
role:
type: string
`,
}
var SchemasCache = map[string]*spec.Schema{}
Functions ¶
func DetectServerAddr ¶
serverAddr может быть пустым, тогда надо найти дефолтный сервер по serverType если не пустой, то надо проверить его по всем серверам типа serverType проверка по нужна по domain и по списку allowedRedirects
func GetDefaultServerAddr ¶
func IsDomainAllowed ¶
matchDomainPattern matches srv against a pattern.
1. pattern == srv 2. if pattern starts with *., subdomain.srv is allowed
func LoadConfigFiles ¶
func LoadConfigFiles(paths []string) (*AuthdConfig, []*AuthdSocketConfig, error)
func LoadSchema ¶
LoadSchema returns spec.Schema object loaded from yaml in Schemas map.
func RecursiveFindConfFiles ¶
RecursiveFindConfFiles finds all yaml files in dir.
func ValidateConfig ¶
Types ¶
type AllowedRole ¶
type AllowedRole struct {
Role string `json:"role"`
}
type AuthdConfig ¶
type AuthdConfig struct { Metadata Metadata // contains filtered or unexported fields }
apiVersion: authd.example.com/v1alpha1 kind: AuthdConfig jwtPath: /var/lib/authd.jwt servers:
- type: RootSource domain: root-source.auth.example.com
- type: Auth domain: auth.example.com allowRedirects:
- *.auth.example.com
- type: Auth domain: auth2.example.com allowRedirects:
- *.auth2.example.com
func (*AuthdConfig) GetDefaultSocketDirectory ¶
func (a *AuthdConfig) GetDefaultSocketDirectory() string
func (*AuthdConfig) GetJWTPath ¶
func (a *AuthdConfig) GetJWTPath() string
func (*AuthdConfig) GetServers ¶
func (a *AuthdConfig) GetServers() []Server
func (*AuthdConfig) LoadV1 ¶
func (c *AuthdConfig) LoadV1(data []byte) (*AuthdConfigV1, error)
type AuthdConfigV1 ¶
type AuthdSocketConfig ¶
type AuthdSocketConfig struct { Metadata Metadata // contains filtered or unexported fields }
apiVersion: authd.negentropy.flant.com/v1alpha1 kind: AuthdSocketConfig path: /var/run/my.sock user: root group: root mode: 0600 allowedServerTypes: [RootSource, Auth] allowedRoles: - role: iam.view - role: iam.edit - role: server.ssh.*
func (*AuthdSocketConfig) GetAllowedRoles ¶
func (a *AuthdSocketConfig) GetAllowedRoles() []AllowedRole
func (*AuthdSocketConfig) GetAllowedServerTypes ¶
func (a *AuthdSocketConfig) GetAllowedServerTypes() []string
func (*AuthdSocketConfig) GetGroup ¶
func (a *AuthdSocketConfig) GetGroup() string
func (*AuthdSocketConfig) GetMode ¶
func (a *AuthdSocketConfig) GetMode() int
func (*AuthdSocketConfig) GetPath ¶
func (a *AuthdSocketConfig) GetPath() string
func (*AuthdSocketConfig) GetUser ¶
func (a *AuthdSocketConfig) GetUser() string
func (*AuthdSocketConfig) Load ¶
func (c *AuthdSocketConfig) Load(metadata Metadata, data []byte) error
func (*AuthdSocketConfig) LoadV1 ¶
func (c *AuthdSocketConfig) LoadV1(data []byte) (*AuthdSocketConfigV1, error)
type AuthdSocketConfigV1 ¶
type Metadata ¶
func (Metadata) ApiVersion ¶
type VersionedUntyped ¶
type VersionedUntyped struct { Metadata Metadata // contains filtered or unexported fields }
func (*VersionedUntyped) Data ¶
func (u *VersionedUntyped) Data() []byte
func (*VersionedUntyped) DetectMetadata ¶
func (u *VersionedUntyped) DetectMetadata(data []byte) error
func (*VersionedUntyped) Object ¶
func (u *VersionedUntyped) Object() map[string]interface{}