Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // THE GLOBAL CONFIGURATION SINGLETON Conf = Config{} KubeClient client.Client )
View Source
var Version = "v0.3.X"
Functions ¶
func AdjustPath ¶
Types ¶
type BaseProviderConfig ¶
type BaseProviderConfig struct {
Name string `yaml:"name"`
Type string `yaml:"type"`
Enabled *bool `yaml:"enabled"` // Allow to disable a provider
CredentialAuthority *bool `yaml:"credentialAuthority"` // Is this ldap is authority for password checking
GroupAuthority *bool `yaml:"groupAuthority"` // Group will be fetched. Default true
Critical *bool `yaml:"critical"` // If true (default), a failure on this provider will leads 'invalid login'. Even if another provider grants access
GroupPattern string `yaml:"groupPattern"` // Group pattern. Default "%s"
UidOffet int `yaml:"uidOffset"` // Will be added to the returned Uid. Default to 0
}
func (*BaseProviderConfig) GetName ¶
func (this *BaseProviderConfig) GetName() string
func (*BaseProviderConfig) GetType ¶
func (this *BaseProviderConfig) GetType() string
func (*BaseProviderConfig) InitBase ¶
func (this *BaseProviderConfig) InitBase(idx int) error
func (*BaseProviderConfig) IsEnabled ¶
func (this *BaseProviderConfig) IsEnabled() bool
Default setting (initBase) is not performed when this is called
type Config ¶
type Config struct {
ConfigFolder string // This is not in the file, but set on reading. Used to adjust file path
WebhookServer Server `yaml:"webhookServer"` // The server for the mutating/validating and authentication webhook. Called only by API Server
AuthServer ServerExt `yaml:"authServer"` // The server for authentication. To be exposed externally. Called by koocli
DexServer ServerExt `yaml:"dexServer"` // Optional: Server to plug a DEX with a koobind connector (Port == -1 to invalidate it)
LogLevel int `yaml:"logLevel"` // Log level. 0: Info, 1: Debug, 2: Trace, ... Default is 0.
LogMode string `yaml:"logMode"` // Log output format: 'dev' or 'json'
AdminGroup string `yaml:"adminGroup"` // Only user belonging to this group will be able to access admin interface
InactivityTimeout *time.Duration `yaml:"inactivityTimeout"` // After this period without token validation, the session expire
SessionMaxTTL *time.Duration `yaml:"sessionMaxTTL"` // After this period, the session expire, in all case.
ClientTokenTTL *time.Duration `yaml:"clientTokenTTL"` // This is intended for the client (koocli), for token caching
TokenStorage string `yaml:"tokenStorage"` // 'memory' or 'crd'
Namespace string `yaml:"namespace"` // Default value for tokenNamespace and CRD providers
TokenNamespace string `yaml:"tokenNamespace"` // When tokenStorage==crd, the namespace to store them. Default to defaultNamespace
LastHitStep int `yaml:"lastHitStep"` // When tokenStorage==crd, the max difference between reality and what is stored in API Server. In per mille of InactivityTimeout. Aim is to avoid API servr overloading
Providers []interface{} `yaml:"providers"` // The ordered list of ID providers
AuthClients []v2.AuthClient `yaml:"authClients"` // List of allowed client for auth protocol
CrdNamespaces utils.StringSet // Not in the file, but used by validating webhook
AuthClientById map[string]v2.AuthClient // Not in the file
}
type Server ¶
type Server struct {
Host string `yaml:"host"` // Host is the address that the server will listen on. Defaults to "" - all addresses.
Port int `yaml:"port"` // Port is the port number that the server will serve.
CertDir string `yaml:"certDir"` // CertDir is the directory that contains the server key and certificate.
}
Source Files
Click to show internal directories.
Click to hide internal directories.