config

package
v1.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2025 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Plugin = iota
	ManagementClient
)
View Source 
const (
	CommonName = "common_name"
)

Variables

View Source 
var Defaults = Config{
	Debug: Debug{
		Listen: ":9001",
	},
	Log: Log{
		Format:      "console",
		Level:       slog.LevelInfo,
		VPNClientIP: true,
	},
	HTTP: HTTP{
		AssetPath: types.FS{FS: assets.FS},
		BaseURL: types.URL{URL: &url.URL{
			Scheme: "http",
			Host:   "localhost:9000",
		}},
		Listen: ":9000",
		TLS:    false,
		Check: HTTPCheck{
			IPAddr: false,
		},
		Template: types.Template{Template: template.Must(template.New("index.gohtml").ParseFS(ui.Template, "index.gohtml"))},
	},
	OpenVPN: OpenVPN{
		Addr: types.URL{URL: &url.URL{
			Scheme:   "unix",
			Path:     "/run/openvpn/server.sock",
			OmitHost: true,
		}},
		AuthTokenUser:      true,
		AuthPendingTimeout: 3 * time.Minute,
		ClientConfig: OpenVPNConfig{
			Enabled: false,
			Path:    types.FS{FS: os.DirFS("/etc/openvpn-auth-oauth2/client-config-dir/")},
		},
		CommonName: OpenVPNCommonName{
			EnvironmentVariableName: "common_name",
			Mode:                    CommonNameModePlain,
		},
		OverrideUsername: false,
		Bypass: OpenVPNBypass{
			CommonNames: make([]string, 0),
		},
		Passthrough: OpenVPNPassthrough{
			Enabled: false,
			Address: types.URL{URL: &url.URL{
				Scheme:   "unix",
				Path:     "/run/openvpn-auth-oauth2/server.sock",
				OmitHost: true,
			}},
			SocketMode:  660,
			SocketGroup: "",
		},
		CommandTimeout:   10 * time.Second,
		ReAuthentication: true,
	},
	OAuth2: OAuth2{
		AuthStyle: OAuth2AuthStyle(oauth2.AuthStyleInParams),
		Client:    OAuth2Client{},
		Endpoints: OAuth2Endpoints{
			Auth:      types.URL{URL: &url.URL{Scheme: "", Host: ""}},
			Discovery: types.URL{URL: &url.URL{Scheme: "", Host: ""}},
			Token:     types.URL{URL: &url.URL{Scheme: "", Host: ""}},
		},
		Issuer:      types.URL{URL: &url.URL{Scheme: "", Host: ""}},
		Nonce:       true,
		PKCE:        true,
		UserInfo:    false,
		GroupsClaim: "groups",
		Provider:    "generic",
		Refresh: OAuth2Refresh{
			Expires:      time.Hour * 8,
			ValidateUser: true,
		},
		Scopes: make([]string, 0),
		Validate: OAuth2Validate{
			Groups: make([]string, 0),
			IPAddr: false,
			Issuer: true,
			Roles:  make([]string, 0),
		},
	},
}
View Source 
var ErrRequired = errors.New("required")
View Source 
var ErrVersion = errors.New("flag: version requested")

Functions

func Validate added in v1.0.0 

func Validate(mode int, conf Config) error

Validate validates the config.

Types

type Config 

type Config struct {
	ConfigFile string  `json:"config"  yaml:"config"`
	HTTP       HTTP    `json:"http"    yaml:"http"`
	Debug      Debug   `json:"debug"   yaml:"debug"`
	Log        Log     `json:"log"     yaml:"log"`
	OAuth2     OAuth2  `json:"oauth2"  yaml:"oauth2"`
	OpenVPN    OpenVPN `json:"openvpn" yaml:"openvpn"`
}

func New added in v1.23.1 

func New(args []string, writer io.Writer) (Config, error)

New loads the configuration from configuration files, command line arguments and environment variables in that order.

func (*Config) ReadFromConfigFile added in v1.23.1 

func (c *Config) ReadFromConfigFile(configFilePath string) error

ReadFromConfigFile reads the configuration from a configuration file and command line arguments.

func (*Config) ReadFromFlagAndEnvironment added in v1.23.1 

func (c *Config) ReadFromFlagAndEnvironment(args []string, writer io.Writer) error

ReadFromFlagAndEnvironment reads the configuration from command line arguments and environment variables.

func (Config) String added in v1.22.6 

func (c Config) String() string

type Debug added in v1.13.1 

type Debug struct {
	Listen string `json:"listen" yaml:"listen"`
	Pprof  bool   `json:"pprof"  yaml:"pprof"`
}

type HTTP added in v1.7.0 

type HTTP struct {
	BaseURL            types.URL      `json:"baseurl"              yaml:"baseurl"`
	AssetPath          types.FS       `json:"assets-path"          yaml:"assets-path"`
	Template           types.Template `json:"template"             yaml:"template"`
	Listen             string         `json:"listen"               yaml:"listen"`
	CertFile           string         `json:"cert"                 yaml:"cert"`
	KeyFile            string         `json:"key"                  yaml:"key"`
	Secret             types.Secret   `json:"secret"               yaml:"secret"`
	TLS                bool           `json:"tls"                  yaml:"tls"`
	Check              HTTPCheck      `json:"check"                yaml:"check"`
	EnableProxyHeaders bool           `json:"enable-proxy-headers" yaml:"enable-proxy-headers"`
}

func (HTTP) MarshalJSON added in v1.22.6 

func (h HTTP) MarshalJSON() ([]byte, error)

type HTTPCheck added in v1.7.0 

type HTTPCheck struct {
	IPAddr bool `json:"ipaddr" yaml:"ipaddr"`
}

type Log added in v1.0.0 

type Log struct {
	Format      string     `json:"format"        yaml:"format"`
	Level       slog.Level `json:"level"         yaml:"level"`
	VPNClientIP bool       `json:"vpn-client-ip" yaml:"vpn-client-ip"`
}

type OAuth2 added in v1.0.0 

type OAuth2 struct {
	Endpoints       OAuth2Endpoints   `json:"endpoint"         yaml:"endpoint"`
	Issuer          types.URL         `json:"issuer"           yaml:"issuer"`
	Client          OAuth2Client      `json:"client"           yaml:"client"`
	GroupsClaim     string            `json:"groups-claim"     yaml:"groups-claim"`
	AuthorizeParams string            `json:"authorize-params" yaml:"authorize-params"`
	Provider        string            `json:"provider"         yaml:"provider"`
	Scopes          types.StringSlice `json:"scopes"           yaml:"scopes"`
	Validate        OAuth2Validate    `json:"validate"         yaml:"validate"`
	Refresh         OAuth2Refresh     `json:"refresh"          yaml:"refresh"`
	AuthStyle       OAuth2AuthStyle   `json:"auth-style"       yaml:"auth-style"`
	Nonce           bool              `json:"nonce"            yaml:"nonce"`
	PKCE            bool              `json:"pkce"             yaml:"pkce"`
	UserInfo        bool              `json:"user-info"        yaml:"user-info"`
}

type OAuth2AuthStyle added in v1.17.0 

type OAuth2AuthStyle oauth2.AuthStyle

func (OAuth2AuthStyle) AuthStyle added in v1.17.0 

func (s OAuth2AuthStyle) AuthStyle() oauth2.AuthStyle

AuthStyle converts the wrapper type to oauth2.AuthStyle.

func (OAuth2AuthStyle) MarshalText added in v1.17.0 

func (s OAuth2AuthStyle) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface.

func (OAuth2AuthStyle) String added in v1.17.0 

func (s OAuth2AuthStyle) String() string

String returns the string representation of the auth style.

func (*OAuth2AuthStyle) UnmarshalText added in v1.17.0 

func (s *OAuth2AuthStyle) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface.

type OAuth2Client added in v1.0.0 

type OAuth2Client struct {
	ID           string       `json:"id"             yaml:"id"`
	Secret       types.Secret `json:"secret"         yaml:"secret"`
	PrivateKey   types.Secret `json:"private-key"    yaml:"private-key"`
	PrivateKeyID string       `json:"private-key-id" yaml:"private-key-id"`
}

type OAuth2Endpoints added in v1.2.0 

type OAuth2Endpoints struct {
	Discovery types.URL `json:"discovery" yaml:"discovery"`
	Auth      types.URL `json:"auth"      yaml:"auth"`
	Token     types.URL `json:"token"     yaml:"token"`
}

type OAuth2Refresh added in v1.13.0 

type OAuth2Refresh struct {
	Secret       types.Secret  `json:"secret"         yaml:"secret"`
	Expires      time.Duration `json:"expires"        yaml:"expires"`
	Enabled      bool          `json:"enabled"        yaml:"enabled"`
	UseSessionID bool          `json:"use-session-id" yaml:"use-session-id"`
	ValidateUser bool          `json:"validate-user"  yaml:"validate-user"`
}

type OAuth2Validate added in v1.0.0 

type OAuth2Validate struct {
	CommonName              string            `json:"common-name"                yaml:"common-name"`
	Acr                     types.StringSlice `json:"acr"                        yaml:"acr"`
	Groups                  types.StringSlice `json:"groups"                     yaml:"groups"`
	Roles                   types.StringSlice `json:"roles"                      yaml:"roles"`
	IPAddr                  bool              `json:"ipaddr"                     yaml:"ipaddr"`
	Issuer                  bool              `json:"issuer"                     yaml:"issuer"`
	CommonNameCaseSensitive bool              `json:"common-name-case-sensitive" yaml:"common-name-case-sensitive"`
}

type OpenVPN added in v1.23.1 

type OpenVPN struct {
	Addr               types.URL          `json:"addr"                 yaml:"addr"`
	Password           types.Secret       `json:"password"             yaml:"password"`
	ClientConfig       OpenVPNConfig      `json:"client-config"        yaml:"client-config"`
	Bypass             OpenVPNBypass      `json:"bypass"               yaml:"bypass"`
	CommonName         OpenVPNCommonName  `json:"common-name"          yaml:"common-name"`
	Passthrough        OpenVPNPassthrough `json:"pass-through"         yaml:"pass-through"`
	AuthPendingTimeout time.Duration      `json:"auth-pending-timeout" yaml:"auth-pending-timeout"`
	CommandTimeout     time.Duration      `json:"command-timeout"      yaml:"command-timeout"`
	AuthTokenUser      bool               `json:"auth-token-user"      yaml:"auth-token-user"`
	OverrideUsername   bool               `json:"override-username"    yaml:"override-username"`
	ReAuthentication   bool               `json:"reauthentication"     yaml:"reauthentication"`
}

type OpenVPNBypass added in v1.23.1 

type OpenVPNBypass struct {
	CommonNames types.StringSlice `json:"common-names" yaml:"common-names"`
}

type OpenVPNCommonName added in v1.12.0 

type OpenVPNCommonName struct {
	EnvironmentVariableName string                `json:"environment-variable-name" yaml:"environment-variable-name"`
	Mode                    OpenVPNCommonNameMode `json:"mode"                      yaml:"mode"`
}

type OpenVPNCommonNameMode added in v1.12.0 

type OpenVPNCommonNameMode int
const (
	CommonNameModePlain OpenVPNCommonNameMode = iota
	CommonNameModeOmit
	CommonNameModeOmitValue = "-"
)

func (OpenVPNCommonNameMode) MarshalText added in v1.12.0 

func (s OpenVPNCommonNameMode) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface.

func (OpenVPNCommonNameMode) String added in v1.12.0 

func (s OpenVPNCommonNameMode) String() string

String returns the string representation of the common name mode.

func (*OpenVPNCommonNameMode) UnmarshalText added in v1.12.0 

func (s *OpenVPNCommonNameMode) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface.

type OpenVPNConfig added in v1.23.1 

type OpenVPNConfig struct {
	Path       types.FS `json:"path"        yaml:"path"`
	TokenClaim string   `json:"token-claim" yaml:"token-claim"`
	Enabled    bool     `json:"enabled"     yaml:"enabled"`
}

type OpenVPNPassthrough added in v1.16.0 

type OpenVPNPassthrough struct {
	Address     types.URL    `json:"address"      yaml:"address"`
	Password    types.Secret `json:"password"     yaml:"password"`
	SocketGroup string       `json:"socket-group" yaml:"socket-group"`
	SocketMode  uint         `json:"socket-mode"  yaml:"socket-mode"`
	Enabled     bool         `json:"enabled"      yaml:"enabled"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.