Documentation
¶
Overview ¶
Package config defines the environment baased configuration for this project. Each server has a unique config type.
Index ¶
- func ProcessWith(ctx context.Context, spec interface{}, l envconfig.Lookuper) error
- type APIServerConfig
- type AdminAPIServerConfig
- type Base64ByteSlice
- type CertificateSigningConfig
- type CleanupConfig
- type E2ERunnerConfig
- type E2ETestConfig
- type FirebaseConfig
- type IssueAPIConfig
- type ServerConfig
- type TokenSigningConfig
- type Validatable
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ProcessWith ¶
ProcessWith creates a new config with the given lookuper for parsing config.
Types ¶
type APIServerConfig ¶
type APIServerConfig struct {
Database database.Config
Observability observability.Config
Cache cache.Config
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
Port string `env:"PORT,default=8080"`
APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`
// Verification Token Config
VerificationTokenDuration time.Duration `env:"VERIFICATION_TOKEN_DURATION,default=24h"`
// Token signing
TokenSigning TokenSigningConfig
// Certificate signing
CertificateSigning CertificateSigningConfig
// Rate limiting configuration
RateLimit ratelimit.Config
// contains filtered or unexported fields
}
APIServerConfig represnets the environment based configuration for the API server.
func NewAPIServerConfig ¶
func NewAPIServerConfig(ctx context.Context) (*APIServerConfig, error)
NewAPIServerConfig returns the environment config for the API server. Only needs to be called once per instance, but may be called multiple times.
func (*APIServerConfig) AllowedTokenPublicKeys ¶ added in v0.5.1
func (c *APIServerConfig) AllowedTokenPublicKeys() map[string]string
AllowedTokenPublicKeys returns a map of 'kid' to the KMS KeyID reference. This represents the keys that are allowed to be used to verify tokens, the TokenSigningKey/TokenSigningKeyID.
func (*APIServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *APIServerConfig) ObservabilityExporterConfig() *observability.Config
func (*APIServerConfig) Validate ¶
func (c *APIServerConfig) Validate() error
type AdminAPIServerConfig ¶
type AdminAPIServerConfig struct {
Database database.Config
Observability observability.Config
Cache cache.Config
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
// Rate limiting configuration
RateLimit ratelimit.Config
Port string `env:"PORT,default=8080"`
APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`
CollisionRetryCount uint `env:"COLLISION_RETRY_COUNT,default=6"`
AllowedSymptomAge time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=336h"` // 336h is 14 days.
}
AdminAPIServerConfig represents the environment based config for the Admin API Server.
func NewAdminAPIServerConfig ¶
func NewAdminAPIServerConfig(ctx context.Context) (*AdminAPIServerConfig, error)
NewAdminAPIServerConfig returns the environment config for the Admin API server. Only needs to be called once per instance, but may be called multiple times.
func (*AdminAPIServerConfig) GetAllowedSymptomAge ¶
func (c *AdminAPIServerConfig) GetAllowedSymptomAge() time.Duration
func (*AdminAPIServerConfig) GetCollisionRetryCount ¶ added in v0.3.0
func (c *AdminAPIServerConfig) GetCollisionRetryCount() uint
func (*AdminAPIServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *AdminAPIServerConfig) ObservabilityExporterConfig() *observability.Config
func (*AdminAPIServerConfig) Validate ¶
func (c *AdminAPIServerConfig) Validate() error
type Base64ByteSlice ¶
type Base64ByteSlice []envconfig.Base64Bytes
Base64ByteSlice is a slice of base64-encoded strings that we want to convert to bytes.
func (Base64ByteSlice) AsBytes ¶
func (c Base64ByteSlice) AsBytes() [][]byte
AsBytes returns the value as a slice of bytes instead of its main type.
type CertificateSigningConfig ¶ added in v0.5.0
type CertificateSigningConfig struct {
// Keys determines the key manager configuration for this certificate signing
// configuration.
Keys keys.Config `env:",prefix=CERTIFICATE_"`
PublicKeyCacheDuration time.Duration `env:"PUBLIC_KEY_CACHE_DURATION, default=15m"`
SignerCacheDuration time.Duration `env:"CERTIFICATE_SIGNER_CACHE_DURATION, default=1m"`
CertificateSigningKey string `env:"CERTIFICATE_SIGNING_KEY, required"`
CertificateSigningKeyID string `env:"CERTIFICATE_SIGNING_KEY_ID, default=v1"`
CertificateIssuer string `env:"CERTIFICATE_ISSUER, default=diagnosis-verification-example"`
CertificateAudience string `env:"CERTIFICATE_AUDIENCE, default=exposure-notifications-server"`
CertificateDuration time.Duration `env:"CERTIFICATE_DURATION, default=15m"`
}
CertificateSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certifiate keys externally.
type CleanupConfig ¶
type CleanupConfig struct {
Database database.Config
Observability observability.Config
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
Port string `env:"PORT,default=8080"`
RateLimit uint64 `env:"RATE_LIMIT,default=60"`
// Cleanup config
CleanupPeriod time.Duration `env:"CLEANUP_PERIOD,default=15m"`
VerificationCodeMaxAge time.Duration `env:"VERIFICATION_CODE_MAX_AGE,default=24h"`
VerificationTokenMaxAge time.Duration `env:"VERIFICATION_TOKEN_MAX_AGE,default=24h"`
}
CleanupConfig represents the environment based configuration for the Cleanup server.
func NewCleanupConfig ¶
func NewCleanupConfig(ctx context.Context) (*CleanupConfig, error)
NewCleanupConfig returns the environment config for the cleanup server. Only needs to be called once per instance, but may be called multiple times.
func (*CleanupConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *CleanupConfig) ObservabilityExporterConfig() *observability.Config
func (*CleanupConfig) Validate ¶
func (c *CleanupConfig) Validate() error
type E2ERunnerConfig ¶ added in v0.6.0
type E2ERunnerConfig struct {
Database database.Config
Observability *observability.Config
// DevMode produces additional debugging information. Do not enable in
// production environments.
DevMode bool `env:"DEV_MODE"`
Port string `env:"PORT,default=8080"`
// Share config between server and command line versions.
TestConfig E2ETestConfig
}
E2ERunnerConfig represents the environment based configuration for the e2e-runner server.
func NewE2ERunnerConfig ¶ added in v0.6.0
func NewE2ERunnerConfig(ctx context.Context) (*E2ERunnerConfig, error)
NewE2ERunnerConfig returns the environment config for the e2e-runner server. Only needs to be called once per instance, but may be called multiple times.
func (*E2ERunnerConfig) Validate ¶ added in v0.6.0
func (c *E2ERunnerConfig) Validate() error
type E2ETestConfig ¶ added in v0.7.0
type E2ETestConfig struct {
VerificationAdminAPIServer string `env:"VERIFICATION_ADMIN_API, default=http://localhost:8081"`
VerificationAdminAPIKey string `env:"VERIFICATION_ADMIN_API_KEY"`
VerificationAPIServer string `env:"VERIFICATION_SERVER_API, default=http://localhost:8082"`
VerificationAPIServerKey string `env:"VERIFICATION_SERVER_API_KEY"`
KeyServer string `env:"KEY_SERVER, default=http://localhost:8080"`
HealthAuthorityCode string `env:"HEALTH_AUTHORITY_CODE,required"`
DoRevise bool `env:"DO_REVISIONS"`
}
func NewE2ETestConfig ¶ added in v0.7.0
func NewE2ETestConfig(ctx context.Context) (*E2ETestConfig, error)
NewE2ETestConfig contains just the necessary elements for command line execution.
type FirebaseConfig ¶
type FirebaseConfig struct {
APIKey string `env:"FIREBASE_API_KEY,required"`
AuthDomain string `env:"FIREBASE_AUTH_DOMAIN,required"`
DatabaseURL string `env:"FIREBASE_DATABASE_URL,required"`
ProjectID string `env:"FIREBASE_PROJECT_ID,required"`
StorageBucket string `env:"FIREBASE_STORAGE_BUCKET,required"`
MessageSenderID string `env:"FIREBASE_MESSAGE_SENDER_ID,required"`
AppID string `env:"FIREBASE_APP_ID,required"`
MeasurementID string `env:"FIREBASE_MEASUREMENT_ID,required"`
TermsOfServiceURL string `env:"FIREBASE_TERMS_OF_SERVICE_URL,required"`
PrivacyPolicyURL string `env:"FIREBASE_PRIVACY_POLICY_URL,required"`
}
FirebaseConfig represents configuration specific to firebase auth.
type IssueAPIConfig ¶
type IssueAPIConfig interface {
GetCollisionRetryCount() uint
GetAllowedSymptomAge() time.Duration
}
IssueAPIConfig is an interface that represents what is needed of the verification code issue API.
type ServerConfig ¶
type ServerConfig struct {
Firebase FirebaseConfig
Database database.Config
Observability observability.Config
Cache cache.Config
Port string `env:"PORT,default=8080"`
// Login Config
SessionDuration time.Duration `env:"SESSION_DURATION,default=24h"`
RevokeCheckPeriod time.Duration `env:"REVOKE_CHECK_DURATION,default=5m"`
// CookieKeys is a slice of bytes. The first is 64 bytes, the second is 32.
// They should be base64-encoded.
CookieKeys Base64ByteSlice `env:"COOKIE_KEYS,required"`
// CookieDomain is the domain for which cookie should be valid.
CookieDomain string `env:"COOKIE_DOMAIN"`
// CSRFAuthKey is the authentication key. It must be 32-bytes and can be
// generated with tools/gen-secret. The value's should be base64 encoded.
CSRFAuthKey envconfig.Base64Bytes `env:"CSRF_AUTH_KEY,required"`
// Application Config
ServerName string `env:"SERVER_NAME,default=Diagnosis Verification Server"`
CollisionRetryCount uint `env:"COLLISION_RETRY_COUNT,default=6"`
AllowedSymptomAge time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=336h"` // 336h is 14 days.
AssetsPath string `env:"ASSETS_PATH,default=./cmd/server/assets"`
// Certificate signing key settings, needed for public key / settings display.
CertificateSigning CertificateSigningConfig
// If Dev mode is true, cookies aren't required to be sent over secure channels.
// This includes CSRF protection base cookie. You want this false in production (the default).
DevMode bool `env:"DEV_MODE"`
// Rate limiting configuration
RateLimit ratelimit.Config
}
ServerConfig represents the environment based config for the server.
func NewServerConfig ¶
func NewServerConfig(ctx context.Context) (*ServerConfig, error)
NewServerConfig initializes and validates a ServerConfig struct.
func (*ServerConfig) FirebaseConfig ¶
func (c *ServerConfig) FirebaseConfig() *firebase.Config
FirebaseConfig returns the firebase SDK config based on the local env config.
func (*ServerConfig) GetAllowedSymptomAge ¶
func (c *ServerConfig) GetAllowedSymptomAge() time.Duration
func (*ServerConfig) GetCollisionRetryCount ¶ added in v0.3.0
func (c *ServerConfig) GetCollisionRetryCount() uint
func (*ServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *ServerConfig) ObservabilityExporterConfig() *observability.Config
func (*ServerConfig) Validate ¶
func (c *ServerConfig) Validate() error
type TokenSigningConfig ¶ added in v0.5.1
type TokenSigningConfig struct {
// Keys determines the key manager configuration for this token signing
// configuration.
Keys keys.Config `env:",prefix=TOKEN_"`
TokenSigningKeys []string `env:"TOKEN_SIGNING_KEY, required"`
TokenSigningKeyIDs []string `env:"TOKEN_SIGNING_KEY_ID, default=v1"`
TokenIssuer string `env:"TOKEN_ISSUER, default=diagnosis-verification-example"`
}
TokenSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certifiate keys externally.
func (*TokenSigningConfig) ActiveKey ¶ added in v0.5.1
func (t *TokenSigningConfig) ActiveKey() string
func (*TokenSigningConfig) ActiveKeyID ¶ added in v0.5.1
func (t *TokenSigningConfig) ActiveKeyID() string
func (*TokenSigningConfig) Validate ¶ added in v0.5.1
func (t *TokenSigningConfig) Validate() error
type Validatable ¶
type Validatable interface {
Validate() error
}
Validatable indicates that a type can be validated.
Source Files
Click to show internal directories.
Click to hide internal directories.