config

package
v0.21.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package config defines the environment baased configuration for this project. Each server has a unique config type.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProcessWith 

func ProcessWith(ctx context.Context, spec interface{}, l envconfig.Lookuper) error

ProcessWith creates a new config with the given lookuper for parsing config.

Types

type APIServerConfig 

type APIServerConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config
	Features      FeatureConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	Port string `env:"PORT,default=8080"`

	APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`

	// Verification Token Config
	VerificationTokenDuration time.Duration `env:"VERIFICATION_TOKEN_DURATION,default=24h"`

	// Token signing
	TokenSigning TokenSigningConfig

	// Certificate signing
	CertificateSigning CertificateSigningConfig

	// Rate limiting configuration
	RateLimit ratelimit.Config
}

APIServerConfig represnets the environment based configuration for the API server.

func NewAPIServerConfig 

func NewAPIServerConfig(ctx context.Context) (*APIServerConfig, error)

NewAPIServerConfig returns the environment config for the API server. Only needs to be called once per instance, but may be called multiple times.

func (*APIServerConfig) ObservabilityExporterConfig added in v0.3.0 

func (c *APIServerConfig) ObservabilityExporterConfig() *observability.Config

func (*APIServerConfig) Validate 

func (c *APIServerConfig) Validate() error

type AdminAPIServerConfig 

type AdminAPIServerConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config
	Features      FeatureConfig

	// SMSSigning defines the SMS signing configuration.
	SMSSigning SMSSigningConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	// Rate limiting configuration
	RateLimit ratelimit.Config

	Port                string        `env:"PORT,default=8080"`
	APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`

	CollisionRetryCount uint          `env:"COLLISION_RETRY_COUNT,default=6"`
	AllowedSymptomAge   time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=672h"` // 672h is 28 days.
	EnforceRealmQuotas  bool          `env:"ENFORCE_REALM_QUOTAS, default=true"`

	// For EN Express, the link will be
	// https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode]
	// This repository contains a redirect service that can be used for this purpose.
	ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"`
}

AdminAPIServerConfig represents the environment based config for the Admin API Server.

func NewAdminAPIServerConfig 

func NewAdminAPIServerConfig(ctx context.Context) (*AdminAPIServerConfig, error)

NewAdminAPIServerConfig returns the environment config for the Admin API server. Only needs to be called once per instance, but may be called multiple times.

func (*AdminAPIServerConfig) GetAllowedSymptomAge 

func (c *AdminAPIServerConfig) GetAllowedSymptomAge() time.Duration

func (*AdminAPIServerConfig) GetCollisionRetryCount added in v0.3.0 

func (c *AdminAPIServerConfig) GetCollisionRetryCount() uint

func (*AdminAPIServerConfig) GetENXRedirectDomain added in v0.9.0 

func (c *AdminAPIServerConfig) GetENXRedirectDomain() string

func (*AdminAPIServerConfig) GetEnforceRealmQuotas added in v0.9.0 

func (c *AdminAPIServerConfig) GetEnforceRealmQuotas() bool

func (*AdminAPIServerConfig) GetRateLimitConfig added in v0.9.0 

func (c *AdminAPIServerConfig) GetRateLimitConfig() *ratelimit.Config

func (*AdminAPIServerConfig) IsMaintenanceMode added in v0.17.0 

func (c *AdminAPIServerConfig) IsMaintenanceMode() bool

func (*AdminAPIServerConfig) ObservabilityExporterConfig added in v0.3.0 

func (c *AdminAPIServerConfig) ObservabilityExporterConfig() *observability.Config

func (*AdminAPIServerConfig) Validate 

func (c *AdminAPIServerConfig) Validate() error

type AppSyncConfig added in v0.17.0 

type AppSyncConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT,default=8080"`

	RateLimit uint64 `env:"RATE_LIMIT,default=60"`

	// AppSync config
	AppSyncURL         string        `env:"APP_SYNC_URL"`
	FileSizeLimitBytes int64         `env:"APP_SYNC_SIZE_LIMIT, default=64000"`
	Timeout            time.Duration `env:"APP_SYNC_TIMEOUT, default=1m"`

	// AppSyncMinPeriod defines the period for which the app sync service will hold a lock
	// which prevents other calls from entering.
	AppSyncMinPeriod time.Duration `env:"APP_SYNC_MIN_PERIOD, default=5m"`
}

AppSyncConfig represents the environment based configuration for the app sync server.

func NewAppSyncConfig added in v0.17.0 

func NewAppSyncConfig(ctx context.Context) (*AppSyncConfig, error)

NewAppSyncConfig returns the environment config for the appsync server. Only needs to be called once per instance, but may be called multiple times.

func (*AppSyncConfig) ObservabilityExporterConfig added in v0.17.0 

func (c *AppSyncConfig) ObservabilityExporterConfig() *observability.Config

func (*AppSyncConfig) Validate added in v0.17.0 

func (c *AppSyncConfig) Validate() error

type Base64ByteSlice 

type Base64ByteSlice []envconfig.Base64Bytes

Base64ByteSlice is a slice of base64-encoded strings that we want to convert to bytes.

func (Base64ByteSlice) AsBytes 

func (c Base64ByteSlice) AsBytes() [][]byte

AsBytes returns the value as a slice of bytes instead of its main type.

type CertificateSigningConfig added in v0.5.0 

type CertificateSigningConfig struct {
	// Keys determines the key manager configuration for this certificate signing
	// configuration.
	Keys keys.Config `env:",prefix=CERTIFICATE_"`

	PublicKeyCacheDuration  time.Duration `env:"PUBLIC_KEY_CACHE_DURATION, default=15m"`
	SignerCacheDuration     time.Duration `env:"CERTIFICATE_SIGNER_CACHE_DURATION, default=1m"`
	CertificateSigningKey   string        `env:"CERTIFICATE_SIGNING_KEY, required"`
	CertificateSigningKeyID string        `env:"CERTIFICATE_SIGNING_KEY_ID, default=v1"`
	CertificateIssuer       string        `env:"CERTIFICATE_ISSUER, default=diagnosis-verification-example"`
	CertificateAudience     string        `env:"CERTIFICATE_AUDIENCE, default=exposure-notifications-server"`
	CertificateDuration     time.Duration `env:"CERTIFICATE_DURATION, default=15m"`
}

CertificateSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certificate keys externally.

type CleanupConfig 

type CleanupConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig

	// TokenSigning is the token signing configuration to purge old keys in the
	// key manager when they are cleaned.
	TokenSigning TokenSigningConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// Port is the port on which to bind.
	Port string `env:"PORT,default=8080"`

	// Cleanup config
	AuditEntryMaxAge    time.Duration `env:"AUDIT_ENTRY_MAX_AGE, default=720h"`
	AuthorizedAppMaxAge time.Duration `env:"AUTHORIZED_APP_MAX_AGE, default=336h"`
	CleanupMinPeriod    time.Duration `env:"CLEANUP_MIN_PERIOD, default=15m"`
	// KeyServerStatsMaxAge is the maximum amount of time to retain key-server stats.
	KeyServerStatsMaxAge time.Duration `env:"KEY_SERVER_STATS_MAX_AGE, default=720h"`
	MobileAppMaxAge      time.Duration `env:"MOBILE_APP_MAX_AGE, default=168h"`

	// SigningTokenKeyMaxAge is the maximum amount of time that a rotated signing
	// token key should remain unpurged.
	SigningTokenKeyMaxAge time.Duration `env:"SIGNING_TOKEN_KEY_MAX_AGE, default=36h"`

	// VerificationSigningKeyMaxAge is the maximum amount of time that an already soft
	// delted SigningKey will be kept in the database before being purged.
	VerificationSigningKeyMaxAge time.Duration `env:"VERIFICATION_SIGNING_KEY_MAX_AGE, default=36h"`

	UserPurgeMaxAge time.Duration `env:"USER_PURGE_MAX_AGE, default=720h"`
	// VerificationCodeMaxAge is the period in which the full code should be available.
	// After this time it will be recycled. The code will be zeroed out, but its status persist.
	VerificationCodeMaxAge time.Duration `env:"VERIFICATION_CODE_MAX_AGE, default=48h"`
	// VerificationCodeStatusMaxAge is the time after which, even the status of the code will be deleted
	// and the entry will be purged. This value should be greater than VerificationCodeMaxAge
	VerificationCodeStatusMaxAge time.Duration `env:"VERIFICATION_CODE_STATUS_MAX_AGE, default=336h"`
	VerificationTokenMaxAge      time.Duration `env:"VERIFICATION_TOKEN_MAX_AGE, default=24h"`
}

CleanupConfig represents the environment based configuration for the Cleanup server.

func NewCleanupConfig 

func NewCleanupConfig(ctx context.Context) (*CleanupConfig, error)

NewCleanupConfig returns the environment config for the cleanup server. Only needs to be called once per instance, but may be called multiple times.

func (*CleanupConfig) ObservabilityExporterConfig added in v0.3.0 

func (c *CleanupConfig) ObservabilityExporterConfig() *observability.Config

func (*CleanupConfig) Validate 

func (c *CleanupConfig) Validate() error

type E2ERunnerConfig added in v0.6.0 

type E2ERunnerConfig struct {
	Database      database.Config
	Observability *observability.Config
	Features      FeatureConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT,default=8080"`

	VerificationAdminAPIServer string `env:"VERIFICATION_ADMIN_API, default=http://localhost:8081"`
	VerificationAdminAPIKey    string `env:"VERIFICATION_ADMIN_API_KEY"`
	VerificationAPIServer      string `env:"VERIFICATION_SERVER_API, default=http://localhost:8082"`
	VerificationAPIServerKey   string `env:"VERIFICATION_SERVER_API_KEY"`
	KeyServer                  string `env:"KEY_SERVER, default=http://localhost:8080"`
	HealthAuthorityCode        string `env:"HEALTH_AUTHORITY_CODE,required"`
	DoRevise                   bool   `env:"DO_REVISIONS"`

	// ENXRedirectURL is the host to use for testing the ENX redirector service.
	// This should be the value of the e2e realm's host, like
	// "https://e2e-realm.redirect-domain.com", where "redirect-domain.com" is
	// your enx redirect domain. The protocol is required. If this value is blank,
	// the enx redirect tests are not executed on the e2e-runner.
	ENXRedirectURL string `env:"ENX_REDIRECT_URL"`
}

E2ERunnerConfig represents the environment based configuration for the e2e-runner server.

func NewE2ERunnerConfig added in v0.6.0 

func NewE2ERunnerConfig(ctx context.Context) (*E2ERunnerConfig, error)

NewE2ERunnerConfig returns the environment config for the e2e-runner server. Only needs to be called once per instance, but may be called multiple times.

type FeatureConfig added in v0.21.0 

type FeatureConfig struct {
	// EnableAuthenticatedSMS allows for realms to managed SMS specific signing keys,
	// and enable/disable this feature. There is no launch timeline for GA.
	// This should not be used without prior coordination with Apple/Google.
	EnableAuthenticatedSMS bool `env:"ENABLE_AUTHENTICATED_SMS, default=false"`
}

FeatureConfig represents features that are introduced as off by default allowing for server operators to control their release.

func (*FeatureConfig) AddToTemplate added in v0.21.0 

func (f *FeatureConfig) AddToTemplate(m controller.TemplateMap) controller.TemplateMap

AddToTemplate takes TemplateMap and writes the status of all known feature flags for use in HTML templates.

type FirebaseConfig 

type FirebaseConfig struct {
	APIKey          string `env:"FIREBASE_API_KEY,required"`
	AuthDomain      string `env:"FIREBASE_AUTH_DOMAIN,required"`
	DatabaseURL     string `env:"FIREBASE_DATABASE_URL,required"`
	ProjectID       string `env:"FIREBASE_PROJECT_ID,required"`
	StorageBucket   string `env:"FIREBASE_STORAGE_BUCKET,required"`
	MessageSenderID string `env:"FIREBASE_MESSAGE_SENDER_ID,required"`
	AppID           string `env:"FIREBASE_APP_ID,required"`
	MeasurementID   string `env:"FIREBASE_MEASUREMENT_ID,required"`

	TermsOfServiceURL string `env:"FIREBASE_TERMS_OF_SERVICE_URL"`
	PrivacyPolicyURL  string `env:"FIREBASE_PRIVACY_POLICY_URL"`
}

FirebaseConfig represents configuration specific to firebase auth.

type IssueAPIConfig 

type IssueAPIConfig interface {
	GetCollisionRetryCount() uint
	GetAllowedSymptomAge() time.Duration
	GetEnforceRealmQuotas() bool
	GetRateLimitConfig() *ratelimit.Config
	GetENXRedirectDomain() string
	IsMaintenanceMode() bool
}

IssueAPIConfig is an interface that represents what is needed of the verification code issue API.

type Modeler added in v0.9.0 

type Modeler struct {
	Cache         cache.Config
	Database      database.Config
	Observability observability.Config
	RateLimit     ratelimit.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT, default=8080"`

	// MinValue and MaxValue determine the floor and ceiling limits for the
	// modeler.
	MinValue uint `env:"MODELER_MIN_VALUE, default=10"`
	MaxValue uint `env:"MODELER_MAX_VALUE, default=20000"`
}

Modeler is the configuration for the modeler service.

func NewModeler added in v0.9.0 

func NewModeler(ctx context.Context) (*Modeler, error)

NewModeler returns the config for the modeler server.

func (*Modeler) ObservabilityExporterConfig added in v0.9.0 

func (c *Modeler) ObservabilityExporterConfig() *observability.Config

func (*Modeler) Validate added in v0.9.0 

func (c *Modeler) Validate() error

type PasswordRequirementsConfig added in v0.9.0 

type PasswordRequirementsConfig struct {
	Length    int `env:"MIN_PWD_LENGTH,default=8"`
	Uppercase int `env:"MIN_PWD_UPPER,default=1"`
	Lowercase int `env:"MIN_PWD_LOWER,default=1"`
	Number    int `env:"MIN_PWD_DIGITS,default=1"`
	Special   int `env:"MIN_PWD_SPECIAL,default=1"`
}

PasswordRequirementsConfig represents the password complexity requirements for the server.

func (*PasswordRequirementsConfig) HasRequirements added in v0.9.0 

func (c *PasswordRequirementsConfig) HasRequirements() bool

HasRequirements is true if any requirements are set.

type RedirectConfig added in v0.9.0 

type RedirectConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config
	Features      FeatureConfig

	Port string `env:"PORT, default=8080"`

	AssetsPath string `env:"ASSETS_PATH, default=./cmd/enx-redirect/assets"`

	AppCacheTTL time.Duration `env:"APP_CACHE_TTL, default=5m"`

	// If Dev mode is true, extended logging is enabled and template
	// auto-reload is enabled.
	DevMode bool `env:"DEV_MODE"`

	// A map of hostnames to redirect to ens:// and a mapping to the region.
	// For example to redirect
	//   region.example.com to region US-AA
	//   otherregion.example.com to region US-BB
	// all matched hostnames are redirected to
	// "ens://"
	// The append region is added to the end
	// "US-AA,US-BB"
	//
	// The config for this is passed as a map, example:
	// HOSTNAME_TO_REGION="region.example.com:US-AA,otherregion.example.com:US-BB"
	HostnameConfig map[string]string `env:"HOSTNAME_TO_REGION"`
}

RedirectConfig represents the environment based config for the redirect server.

func NewRedirectConfig added in v0.9.0 

func NewRedirectConfig(ctx context.Context) (*RedirectConfig, error)

NewRedirectConfig initializes and validates a RedirectConfig struct.

func (*RedirectConfig) DatabaseConfig added in v0.10.0 

func (c *RedirectConfig) DatabaseConfig() *database.Config

func (*RedirectConfig) HostnameToRegion added in v0.9.0 

func (c *RedirectConfig) HostnameToRegion() (map[string]string, error)

HostnameToRegion returns a normalized map of the HOSTNAME_TO_REGION config value. Hostnames (key) are lowercased Regions (value) are uppercased

func (*RedirectConfig) ObservabilityExporterConfig added in v0.9.0 

func (c *RedirectConfig) ObservabilityExporterConfig() *observability.Config

type RotationConfig added in v0.20.0 

type RotationConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig

	// Port is the port upon which to bind.
	Port string `env:"PORT, default=8080"`

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// MinTTL is the minimum amount of time that must elapse between attempting
	// rotation events. This is used to control whether rotation is actually
	// attempted at the controller layer, independent of the data layer. In
	// effect, it rate limits the number of rotation requests.
	MinTTL time.Duration `env:"MIN_TTL, default=15m"`

	// TokenSigning is the token signing configuration. This defines the parent
	// key and common data like issuer, but the individual versions are controlled
	// by the database table.
	TokenSigning TokenSigningConfig

	// TokenSigningKeyMaxAge is the maximum age for a token signing key.
	TokenSigningKeyMaxAge time.Duration `env:"TOKEN_SIGNING_KEY_MAX_AGE, default=720h"` // 30 days

	// Verification rotation frequency.
	VerificationSigningKeyMaxAge time.Duration `env:"VERIFICATION_SIGNING_KEY_MAX_AGE, default=720h"` // 30 days
	// How long to wait to activate a new key after creation. This gives
	// the upstream key server time to import the new allowed public key.
	// A deactivated key will also be kept for this time period.
	VerificationActivationDelay time.Duration `env:"VERIFICATION_ACTIVATION_DELAY, default=1h"`
}

RotationConfig represents the environment-based configuration for the rotation service.

func NewRotationConfig added in v0.20.0 

func NewRotationConfig(ctx context.Context) (*RotationConfig, error)

NewRotationConfig returns the config for the rotation service.

func (*RotationConfig) ObservabilityExporterConfig added in v0.20.0 

func (c *RotationConfig) ObservabilityExporterConfig() *observability.Config

func (*RotationConfig) Validate added in v0.20.0 

func (c *RotationConfig) Validate() error

type SMSSigningConfig added in v0.21.0 

type SMSSigningConfig struct {
	// Keys determines the key manager configuration for this SMS signing
	// configuration.
	Keys keys.Config `env:", prefix=SMS_"`
}

SMSSigningConfig represents the settings for SMS-signing.

type ServerConfig 

type ServerConfig struct {
	Firebase      FirebaseConfig
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config
	Features      FeatureConfig

	// Certificate signing key settings, needed for public key / settings display.
	CertificateSigning CertificateSigningConfig

	// SMSSigning defines the SMS signing configuration.
	SMSSigning SMSSigningConfig

	Port string `env:"PORT,default=8080"`

	// Login Config
	SessionDuration    time.Duration `env:"SESSION_DURATION, default=20h"`
	SessionIdleTimeout time.Duration `env:"SESSION_IDLE_TIMEOUT, default=20m"`
	RevokeCheckPeriod  time.Duration `env:"REVOKE_CHECK_DURATION, default=5m"`

	// Password Config
	PasswordRequirements PasswordRequirementsConfig

	// CookieKeys is a slice of bytes. The first is 64 bytes, the second is 32.
	// They should be base64-encoded.
	CookieKeys Base64ByteSlice `env:"COOKIE_KEYS,required"`

	// CookieDomain is the domain for which cookie should be valid.
	CookieDomain string `env:"COOKIE_DOMAIN"`

	// CSRFAuthKey is the authentication key. It must be 32-bytes and can be
	// generated with tools/gen-secret. The value's should be base64 encoded.
	CSRFAuthKey envconfig.Base64Bytes `env:"CSRF_AUTH_KEY,required"`

	// Application Config
	ServerName          string        `env:"SERVER_NAME,default=Diagnosis Verification Server"`
	CollisionRetryCount uint          `env:"COLLISION_RETRY_COUNT,default=6"`
	AllowedSymptomAge   time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=672h"` // 672h is 28 days.
	EnforceRealmQuotas  bool          `env:"ENFORCE_REALM_QUOTAS, default=true"`

	AssetsPath  string `env:"ASSETS_PATH, default=./cmd/server/assets"`
	LocalesPath string `env:"LOCALES_PATH, default=./internal/i18n/locales"`

	// For EN Express, the link will be
	// https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode]
	// This repository contains a redirect service that can be used for this purpose.
	ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"`

	// If Dev mode is true, cookies aren't required to be sent over secure channels.
	// This includes CSRF protection base cookie. You want this false in production (the default).
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	// Rate limiting configuration
	RateLimit ratelimit.Config
}

ServerConfig represents the environment based config for the server.

func NewServerConfig 

func NewServerConfig(ctx context.Context) (*ServerConfig, error)

NewServerConfig initializes and validates a ServerConfig struct.

func (*ServerConfig) FirebaseConfig 

func (c *ServerConfig) FirebaseConfig() *firebase.Config

FirebaseConfig returns the firebase SDK config based on the local env config.

func (*ServerConfig) GetAllowedSymptomAge 

func (c *ServerConfig) GetAllowedSymptomAge() time.Duration

func (*ServerConfig) GetCollisionRetryCount added in v0.3.0 

func (c *ServerConfig) GetCollisionRetryCount() uint

func (*ServerConfig) GetENXRedirectDomain added in v0.9.0 

func (c *ServerConfig) GetENXRedirectDomain() string

func (*ServerConfig) GetEnforceRealmQuotas added in v0.9.0 

func (c *ServerConfig) GetEnforceRealmQuotas() bool

func (*ServerConfig) GetRateLimitConfig added in v0.9.0 

func (c *ServerConfig) GetRateLimitConfig() *ratelimit.Config

func (*ServerConfig) IsMaintenanceMode added in v0.17.0 

func (c *ServerConfig) IsMaintenanceMode() bool

func (*ServerConfig) ObservabilityExporterConfig added in v0.3.0 

func (c *ServerConfig) ObservabilityExporterConfig() *observability.Config

func (*ServerConfig) Validate 

func (c *ServerConfig) Validate() error

type StatsPullerConfig added in v0.20.0 

type StatsPullerConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig

	// Certificate signing
	CertificateSigning CertificateSigningConfig

	// KeyServerURL is the default URL of the key server - individual realms may override it
	KeyServerURL string `env:"KEY_SERVER_URL, required"`
	// The audience value to send to the keyserver.
	// Default matches: https://github.com/google/exposure-notifications-server/blob/main/internal/verification/config.go
	KeyServerStatsAudience string        `env:"KEY_SERVER_STATS_AUDIENCE, default=keyserver"`
	FileSizeLimitBytes     int64         `env:"STATS_PULLER_SIZE_LIMIT, default=64000"`
	DownloadTimeout        time.Duration `env:"STATS_PULLER_DOWNLOAD_TIMEOUT, default=1m"`

	// Port is the port upon which to bind.
	Port string `env:"PORT, default=8080"`

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// MinTTL is the minimum amount of time that must elapse between attempting
	// stats-pull events. This is used to control whether the pull is actually
	// attempted at the controller layer, independent of the data layer. In
	// effect, it rate limits the number of rotation requests.
	MinTTL time.Duration `env:"MIN_TTL, default=15m"`

	// StatsPullerMinPeriod defines the period for which the stats puller will hold a lock
	// which prevents other calls from entering.
	StatsPullerMinPeriod time.Duration `env:"STATS_PULLER_MIN_PERIOD, default=5m"`
}

StatsPullerConfig represents the environment-based configuration for the stats-puller service.

func NewStatsPullerConfig added in v0.20.0 

func NewStatsPullerConfig(ctx context.Context) (*StatsPullerConfig, error)

NewStatsPullerConfig returns the config for the stats-puller service.

func (*StatsPullerConfig) ObservabilityExporterConfig added in v0.20.0 

func (c *StatsPullerConfig) ObservabilityExporterConfig() *observability.Config

type TokenSigningConfig added in v0.5.1 

type TokenSigningConfig struct {
	// Keys determines the key manager configuration for this token signing
	// configuration.
	Keys keys.Config `env:", prefix=TOKEN_"`

	// TokenSigningKeys is the parent token signing key (not the actual signing
	// version). It is an array for backwards-compatibility, but in practice it
	// should only have one element.
	//
	// Previously it was a list of all possible signing key versions, but those
	// have moved into the database.
	//
	// TODO(sethvargo): Convert to string in 0.22+.
	TokenSigningKeys []string `env:"TOKEN_SIGNING_KEY, required"`

	// TokenSigningKeyIDs specifies the list of kids, corresponding to the
	// TokenSigningKey
	//
	// TODO(sethvargo): Remove in 0.22+.
	//
	// Deprecated: moved into the database.
	TokenSigningKeyIDs []string `env:"TOKEN_SIGNING_KEY_ID, default=v1"`

	// TokenIssuer is the `iss` field on the JWT.
	TokenIssuer string `env:"TOKEN_ISSUER, default=diagnosis-verification-example"`
}

TokenSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certificate keys externally.

func (*TokenSigningConfig) FindKeyByKid added in v0.20.0 

func (t *TokenSigningConfig) FindKeyByKid(kid string) (string, bool)

FindKeyByKid attempts to find the matching signing key for the given kid. The boolean indicates whether the search was successful.

TODO(sethvargo): remove in 0.22+.

func (*TokenSigningConfig) ParentKeyName added in v0.20.0 

func (t *TokenSigningConfig) ParentKeyName() string

ParentKeyName returns the name of the parent key.

func (*TokenSigningConfig) Validate added in v0.5.1 

func (t *TokenSigningConfig) Validate() error

Validate validates the configuration.

type Validatable 

type Validatable interface {
	Validate() error
}

Validatable indicates that a type can be validated.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.