var (
Version = "unknown" // set this at link time
Commit = "unknown" // set this at link time
UserAgent = "relic/" + Version
Author = "SAS Institute Inc."
)
func DefaultConfig() string
type AmqpConfig struct {
URL string // AMQP URL to report signatures to i.e. amqp://user:password@host
CaCert string
KeyFile string
CertFile string
SigsXchg string // Name of exchange to send to (default relic.signatures)
}
func (aconf *AmqpConfig) ExchangeName() string
func (aconf *AmqpConfig) RoutingKey() string
type ClientConfig struct {
Nickname string // Name that appears in audit log entries
Roles []string // List of roles that this client possesses
Certificate string // Optional CA certificate(s) that sign client certs instead of using fingerprint-based auth
// contains filtered or unexported fields
}
func (cl *ClientConfig) Match(incoming []*x509.Certificate) (bool, error)
type Config struct {
Tokens map[string]*TokenConfig `yaml:",omitempty"`
Keys map[string]*KeyConfig `yaml:",omitempty"`
Server *ServerConfig `yaml:",omitempty"`
Clients map[string]*ClientConfig `yaml:",omitempty"`
Remote *RemoteConfig `yaml:",omitempty"`
Timestamp *TimestampConfig `yaml:",omitempty"`
Amqp *AmqpConfig `yaml:",omitempty"`
PinFile string `yaml:",omitempty"` // Optional YAML file with additional token PINs
// contains filtered or unexported fields
}
func FromEnvironment() (*Config, error)
FromEnvironment tries to build a client-only config from environment variables. If none are set then returns nil.
func ReadFile(path string) (*Config, error)
func (config *Config) GetKey(keyName string) (*KeyConfig, error)
func (config *Config) GetTimestampConfig() (*TimestampConfig, error)
func (config *Config) GetToken(tokenName string) (*TokenConfig, error)
func (config *Config) ListServedTokens() []string
ListServedTokens returns a list of token names that are accessible by at least one role
func (config *Config) NewKey(name string) *KeyConfig
func (config *Config) NewToken(name string) *TokenConfig
func (config *Config) Normalize(path string) error
func (config *Config) Path() string
type KeyConfig struct {
Token string // Token section to use for this key (linux)
Alias string // This is an alias for another key
Label string // Select a key by label
ID string // Select a key by ID (hex notation)
PgpCertificate string // Path to PGP certificate associated with this key
X509Certificate string // Path to X.509 certificate associated with this key
KeyFile string // For "file" tokens, path to the private key
Roles []string // List of user roles that can use this key
Timestamp bool // If true, attach a timestamped countersignature when possible
Hide bool // If true, then omit this key from 'remote list-keys'
// contains filtered or unexported fields
}
func (keyConf *KeyConfig) GetTimeout() time.Duration
func (keyConf *KeyConfig) Name() string
func (keyConf *KeyConfig) SetToken(tokenConf *TokenConfig)
type RemoteConfig struct {
URL string `yaml:",omitempty"` // URL of remote server
DirectoryURL string `yaml:",omitempty"` // URL of directory server
KeyFile string `yaml:",omitempty"` // Path to TLS client key file
CertFile string `yaml:",omitempty"` // Path to TLS client certificate
CaCert string `yaml:",omitempty"` // Path to CA certificate
ConnectTimeout int `yaml:",omitempty"` // Connection timeout in seconds
Retries int `yaml:",omitempty"` // Attempt an operation (at least) N times
}
type ServerConfig struct {
Listen string // Port to listen for TLS connections
ListenHTTP string // Port to listen for plaintext connections
KeyFile string // Path to TLS key file
CertFile string // Path to TLS certificate chain
LogFile string // Optional error log
Disabled bool // Always return 503 Service Unavailable
ListenDebug bool // Serve debug info on an alternate port
NumWorkers int // Number of worker subprocesses per configured token
TokenCheckInterval int
TokenCheckFailures int
TokenCheckTimeout int
// URLs to all servers in the cluster. If a client uses DirectoryURL to
// point to this server (or a load balancer), then we will give them these
// URLs as a means to distribute load without needing a middle-box.
Siblings []string
}
type TimestampConfig struct {
URLs []string // List of timestamp server URLs
MsURLs []string // List of microsoft-style URLs
Timeout int // Connect timeout in seconds
CaCert string // Path to CA certificate
Memcache []string // host:port of memcached to use for caching timestamps
RateLimit float64 // limit timestamp requests per second
RateBurst int // allow burst of requests before limit kicks in
}
type TokenConfig struct {
Type string // Provider type: file or pkcs11 (default)
Provider string // Path to PKCS#11 provider module (required)
Label string // Select a token by label
Serial string // Select a token by serial number
Pin *string // PIN to use, otherwise will be prompted. Can be empty. (optional)
Timeout int // (server) Terminate command after N seconds (default 60)
Retries int // (server) Retry failed commands N times (default 5)
User *uint // User argument for PKCS#11 login (optional)
UseKeyring bool // Read PIN from system keyring
// contains filtered or unexported fields
}
func (tconf *TokenConfig) Name() string