Affected by 
Documentation
¶
Overview ¶
Package server contains a centralized structure for all configuration options.
Index ¶
- func RegisterIdentityFlags(v *viper.Viper, flags *pflag.FlagSet) error
- func RegisterServerFlags(v *viper.Viper, flags *pflag.FlagSet) error
- func SetViperDefaults(v *viper.Viper)
- type AggregatorConfig
- type AuthConfig
- type AuthzConfig
- type CORSConfig
- type Config
- type EventConfig
- type GRPCServerConfig
- type GoChannelEventConfig
- type HTTPServerConfig
- type IdentityConfig
- type IdentityConfigWrapper
- type LoggingConfig
- type MetricServerConfig
- type MetricsConfig
- type OpenFGAAuth
- type SQLEventConfig
- type TokenAuth
- type TracingConfig
- type WebhookConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterIdentityFlags ¶
RegisterIdentityFlags registers the flags for the identity server
func RegisterServerFlags ¶
RegisterServerFlags registers the flags for the Minder server
func SetViperDefaults ¶
SetViperDefaults sets the default values for the configuration to be picked up by viper
Types ¶
type AggregatorConfig ¶
type AggregatorConfig struct {
// LockInterval is the interval for locking events in seconds.
// This is the threshold between rule evaluations + actions.
LockInterval int64 `mapstructure:"lock_interval" default:"30"`
}
AggregatorConfig is the configuration for the event aggregator middleware
type AuthConfig ¶
type AuthConfig struct {
// NoncePeriod is the period in seconds for which a nonce is valid
NoncePeriod int64 `mapstructure:"nonce_period" default:"3600"`
// TokenKey is the key used to store the provider's token in the database
TokenKey string `mapstructure:"token_key" default:"./.ssh/token_key_passphrase"`
}
AuthConfig is the configuration for the auth package
func (*AuthConfig) GetTokenKey ¶
func (acfg *AuthConfig) GetTokenKey() ([]byte, error)
GetTokenKey returns a key used to encrypt the provider's token in the database
type AuthzConfig ¶ added in v0.0.27
type AuthzConfig struct {
// ApiUrl is the URL to the authorization server
ApiUrl string `mapstructure:"api_url" validate:"required"`
// StoreName is the name of the store to use for authorization
StoreName string `mapstructure:"store_name" default:"minder" validate:"required_without=StoreID"`
// StoreID is the ID of the store to use for authorization
StoreID string `mapstructure:"store_id" default:"" validate:"required_without=StoreName"`
// ModelID is the ID of the model to use for authorization
ModelID string `mapstructure:"model_id" default:""`
// Auth is the authentication configuration for the authorization server
Auth OpenFGAAuth `mapstructure:"auth" validate:"required"`
}
AuthzConfig is the configuration for minder's authorization
func (*AuthzConfig) Validate ¶ added in v0.0.27
func (a *AuthzConfig) Validate() error
Validate validates the Authz configuration
type CORSConfig ¶ added in v0.0.32
type CORSConfig struct {
// Enabled is the flag to enable CORS
Enabled bool `mapstructure:"enabled" default:"false"`
// AllowOrigins is the list of allowed origins
AllowOrigins []string `mapstructure:"allow_origins"`
// AllowMethods is the list of allowed methods
AllowMethods []string `mapstructure:"allow_methods"`
// AllowHeaders is the list of allowed headers
AllowHeaders []string `mapstructure:"allow_headers"`
// ExposeHeaders is the list of exposed headers
ExposeHeaders []string `mapstructure:"expose_headers"`
// AllowCredentials is the flag to allow credentials
AllowCredentials bool `mapstructure:"allow_credentials" default:"false"`
}
CORSConfig is the configuration for the CORS middleware that can be used with the HTTP server. Note that this is not applicable to the gRPC server.
type Config ¶
type Config struct {
HTTPServer HTTPServerConfig `mapstructure:"http_server"`
GRPCServer GRPCServerConfig `mapstructure:"grpc_server"`
MetricServer MetricServerConfig `mapstructure:"metric_server"`
LoggingConfig LoggingConfig `mapstructure:"logging"`
Tracing TracingConfig `mapstructure:"tracing"`
Metrics MetricsConfig `mapstructure:"metrics"`
Database config.DatabaseConfig `mapstructure:"database"`
Identity IdentityConfigWrapper `mapstructure:"identity"`
Auth AuthConfig `mapstructure:"auth"`
WebhookConfig WebhookConfig `mapstructure:"webhook-config"`
Events EventConfig `mapstructure:"events"`
Authz AuthzConfig `mapstructure:"authz"`
}
Config is the top-level configuration structure.
func DefaultConfigForTest ¶
func DefaultConfigForTest() *Config
DefaultConfigForTest returns a configuration with all the struct defaults set, but no other changes.
type EventConfig ¶
type EventConfig struct {
// Driver is the driver used to store events
Driver string `mapstructure:"driver" default:"go-channel"`
// RouterCloseTimeout is the timeout for closing the router in seconds
RouterCloseTimeout int64 `mapstructure:"router_close_timeout" default:"10"`
// GoChannel is the configuration for the go channel event driver
GoChannel GoChannelEventConfig `mapstructure:"go-channel" default:"{}"`
// SQLPubSub is the configuration for the database event driver
SQLPubSub SQLEventConfig `mapstructure:"sql" default:"{}"`
// Aggregator is the configuration for the event aggregator middleware
Aggregator AggregatorConfig `mapstructure:"aggregator" default:"{}"`
}
EventConfig is the configuration for minder's eventing system.
type GRPCServerConfig ¶
type GRPCServerConfig struct {
// Host is the host to bind to
Host string `mapstructure:"host" default:"127.0.0.1"`
// Port is the port to bind to
Port int `mapstructure:"port" default:"8090"`
}
GRPCServerConfig is the configuration for the gRPC server
func (*GRPCServerConfig) GetAddress ¶
func (s *GRPCServerConfig) GetAddress() string
GetAddress returns the address to bind to
type GoChannelEventConfig ¶
type GoChannelEventConfig struct {
// BufferSize is the size of the buffer for the go channel
BufferSize int64 `mapstructure:"buffer_size" default:"0"`
// PersistEvents is whether or not to persist events to the channel
PersistEvents bool `mapstructure:"persist_events" default:"false"`
// BlockPublishUntilSubscriberAck is whether or not to block publishing until
// the subscriber acks the message. This is useful for testing.
BlockPublishUntilSubscriberAck bool `mapstructure:"block_publish_until_subscriber_ack" default:"false"`
}
GoChannelEventConfig is the configuration for the go channel event driver for minder's eventing system.
type HTTPServerConfig ¶
type HTTPServerConfig struct {
// Host is the host to bind to
Host string `mapstructure:"host" default:"127.0.0.1"`
// Port is the port to bind to
Port int `mapstructure:"port" default:"8080"`
// CORS is the configuration for CORS
CORS CORSConfig `mapstructure:"cors"`
}
HTTPServerConfig is the configuration for the HTTP server
func (*HTTPServerConfig) GetAddress ¶
func (s *HTTPServerConfig) GetAddress() string
GetAddress returns the address to bind to
type IdentityConfig ¶
type IdentityConfig struct {
// IssuerUrl is the base URL where the identity server is running
IssuerUrl string `mapstructure:"issuer_url" default:"http://localhost:8081"`
// ClientId is the client ID that identifies the minder server
ClientId string `mapstructure:"client_id" default:"minder-server"`
// ClientSecret is the client secret for the minder server
ClientSecret string `mapstructure:"client_secret" default:"secret"`
// ClientSecretFile is the location of a file containing the client secret for the minder server (optional)
ClientSecretFile string `mapstructure:"client_secret_file"`
}
IdentityConfig is the configuration for the identity provider in minder server
func (*IdentityConfig) GetClientSecret ¶
func (sic *IdentityConfig) GetClientSecret() (string, error)
GetClientSecret returns the minder-server client secret
type IdentityConfigWrapper ¶
type IdentityConfigWrapper struct {
Server IdentityConfig `mapstructure:"server"`
}
IdentityConfigWrapper is the configuration for the identity provider
type LoggingConfig ¶
type LoggingConfig struct {
Level string `mapstructure:"level" default:"debug"`
Format string `mapstructure:"format" default:"json"`
LogFile string `mapstructure:"logFile" default:""`
// LogPayloads controls whether or not message payloads are ever logged.
// For debugging purposes, it may be useful to log the payloads that result
// in error conditions, but could also leak PII.
LogPayloads bool `mapstructure:"logPayloads" default:"false"`
}
LoggingConfig is the configuration for the logging package
type MetricServerConfig ¶
type MetricServerConfig struct {
// Host is the host to bind to
Host string `mapstructure:"host" default:"127.0.0.1"`
// Port is the port to bind to
Port int `mapstructure:"port" default:"9090"`
}
MetricServerConfig is the configuration for the metric server
func (*MetricServerConfig) GetAddress ¶
func (s *MetricServerConfig) GetAddress() string
GetAddress returns the address to bind to
type MetricsConfig ¶
type MetricsConfig struct {
Enabled bool `mapstructure:"enabled" default:"true"`
}
MetricsConfig is the configuration for the metrics
type OpenFGAAuth ¶ added in v0.0.27
type OpenFGAAuth struct {
// Method is the authentication method to use
Method string `mapstructure:"method" default:"none" validate:"oneof=token none"`
// Token is the configuration for OpenID Connect authentication
Token TokenAuth `mapstructure:"token"`
}
OpenFGAAuth contains the authentication configuration for OpenFGA
func (*OpenFGAAuth) Validate ¶ added in v0.0.27
func (o *OpenFGAAuth) Validate() error
Validate validates the OpenFGAAuth configuration
type SQLEventConfig ¶
type SQLEventConfig struct {
// InitSchema is whether or not to initialize the schema
InitSchema bool `mapstructure:"init_schema" default:"true"`
Connection config.DatabaseConfig `mapstructure:"connection" default:"{}"`
}
SQLEventConfig is the configuration for the database event driver
type TokenAuth ¶ added in v0.0.27
type TokenAuth struct {
// TokenPath is the path to the token to use for authentication.
// defaults to the kubernetes service account token
//nolint:lll
TokenPath string `mapstructure:"token_path" default:"/var/run/secrets/kubernetes.io/serviceaccount/token"`
}
TokenAuth contains the configuration for token authentication
type TracingConfig ¶
type TracingConfig struct {
Enabled bool `mapstructure:"enabled" default:"false"`
// for the demonstration, we use AlwaysSmaple sampler to take all spans.
// do not use this option in production.
SampleRatio float64 `mapstructure:"sample_ratio" default:"0.1"`
}
TracingConfig is the configuration for our tracing capabilities
type WebhookConfig ¶
type WebhookConfig struct {
// ExternalWebhookURL is the URL that we will send our webhook to
ExternalWebhookURL string `mapstructure:"external_webhook_url"`
// ExternalPingURL is the URL that we will send our ping to
ExternalPingURL string `mapstructure:"external_ping_url"`
// WebhookSecret is the secret that we will use to sign our webhook
// TODO: Check if this is actually used and needed
WebhookSecret string `mapstructure:"webhook_secret"`
}
WebhookConfig is the configuration for our webhook capabilities
Source Files
Click to show internal directories.
Click to hide internal directories.