Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // THE GLOBAL CONFIGURATION SINGLETON Conf = Config{} KubeClient client.Client )
View Source
var Version = "v0.3.X"
Functions ¶
func AdjustPath ¶
Types ¶
type BaseProviderConfig ¶
type BaseProviderConfig struct { Name string `yaml:"name"` Type string `yaml:"type"` Enabled *bool `yaml:"enabled"` // Allow to disable a provider CredentialAuthority *bool `yaml:"credentialAuthority"` // Is this ldap is authority for password checking GroupAuthority *bool `yaml:"groupAuthority"` // Group will be fetched. Default true Critical *bool `yaml:"critical"` // If true (default), a failure on this provider will leads 'invalid login'. Even if another provider grants access GroupPattern string `yaml:"groupPattern"` // Group pattern. Default "%s" UidOffet int `yaml:"uidOffset"` // Will be added to the returned Uid. Default to 0 }
func (*BaseProviderConfig) GetName ¶
func (this *BaseProviderConfig) GetName() string
func (*BaseProviderConfig) GetType ¶
func (this *BaseProviderConfig) GetType() string
func (*BaseProviderConfig) InitBase ¶
func (this *BaseProviderConfig) InitBase(idx int) error
func (*BaseProviderConfig) IsEnabled ¶
func (this *BaseProviderConfig) IsEnabled() bool
Default setting (initBase) is not performed when this is called
type Config ¶
type Config struct { ConfigFolder string // This is not in the file, but set on reading. Used to adjust file path WebhookServer Server `yaml:"webhookServer"` // The server for the mutating/validating and authentication webhook. Called only by API Server AuthServer ServerExt `yaml:"authServer"` // The server for authentication. To be exposed externally. Called by koocli DexServer ServerExt `yaml:"dexServer"` // Optional: Server to plug a DEX with a koobind connector (Port == -1 to invalidate it) LogLevel int `yaml:"logLevel"` // Log level. 0: Info, 1: Debug, 2: Trace, ... Default is 0. LogMode string `yaml:"logMode"` // Log output format: 'dev' or 'json' AdminGroup string `yaml:"adminGroup"` // Only user belonging to this group will be able to access admin interface InactivityTimeout *time.Duration `yaml:"inactivityTimeout"` // After this period without token validation, the session expire SessionMaxTTL *time.Duration `yaml:"sessionMaxTTL"` // After this period, the session expire, in all case. ClientTokenTTL *time.Duration `yaml:"clientTokenTTL"` // This is intended for the client (koocli), for token caching TokenStorage string `yaml:"tokenStorage"` // 'memory' or 'crd' Namespace string `yaml:"namespace"` // Default value for tokenNamespace and CRD providers TokenNamespace string `yaml:"tokenNamespace"` // When tokenStorage==crd, the namespace to store them. Default to defaultNamespace LastHitStep int `yaml:"lastHitStep"` // When tokenStorage==crd, the max difference between reality and what is stored in API Server. In per mille of InactivityTimeout. Aim is to avoid API servr overloading Providers []interface{} `yaml:"providers"` // The ordered list of ID providers AuthClients []v2.AuthClient `yaml:"authClients"` // List of allowed client for auth protocol CrdNamespaces utils.StringSet // Not in the file, but used by validating webhook AuthClientById map[string]v2.AuthClient // Not in the file }
type Server ¶
type Server struct { Host string `yaml:"host"` // Host is the address that the server will listen on. Defaults to "" - all addresses. Port int `yaml:"port"` // Port is the port number that the server will serve. CertDir string `yaml:"certDir"` // CertDir is the directory that contains the server key and certificate. }
Click to show internal directories.
Click to hide internal directories.