1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
package app
import (
"time"
)
type GitHubOauthCreds struct {
ClientId string `mapstructure:"client-id"`
ClientSecret string `mapstructure:"client-secret"`
}
type Config struct {
Bind []string `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"`
Debug bool `flag:"debug" flag-help:"Enable debug mode"`
MongoDbUri string `flag:"mongodb-uri" flag-help:"URI for connection to mongodb"`
LogFile string `flag:"log-file" flag-scope:"web" flag-help:"Log file for combined host logs"`
TrustedIPRanges []string `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"`
Hostnames []string `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"`
DisableBackgroundJobs bool `flag:"disable-bg-jobs" flag-help:"Disable background jobs and only serve web pages"`
RateLimit time.Duration `flag:"rate-limit" flag-help:"Number seconds between requests for credential resources"`
RateLimitBurst int `flag:"rate-limit-burst" flag-help:"Number of burst requests allowed to credential endpoints"`
IssuerEndpoint string `flag:"issuer-endpoint" flag-help:"Oauth issuer endpoint"`
JWTAudience string `flag:"jwt-audience" flag-help:"Audience for issued JWTs"`
AuthCookieDuration time.Duration `flag:"auth-cookie-duration" flag-help:"Expiration duration of the auth cookies"`
GitHubOauthCreds string `flag:"github-oauth-vault-path" flag-help:"Vault material name for GitHub auth credentials"`
DNSApiKeyVaultPath string `flag:"dns-api-vault-path" flag-help:"Vault material for DNS API key"`
AutocertEmail string `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"`
AutocertHost string `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"`
NetboxHost string `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"`
NetboxApiKeyVaultPath string `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"`
}
var DefaultConfig = &Config{
Bind: []string{":8169"},
Debug: false,
MongoDbUri: "cloud-id-broker-prod-dynamic@mongodb.sea4.crute.me/cloud-id-broker-prod",
LogFile: "",
TrustedIPRanges: []string{"172.19.0.0/22", "2602:803:4072::/48"},
Hostnames: []string{"aws-access.crute.me"},
DisableBackgroundJobs: false,
RateLimit: 30 * time.Second,
RateLimitBurst: 30,
IssuerEndpoint: "https://aws-access.crute.me",
JWTAudience: "aws-access",
AuthCookieDuration: 24 * time.Hour,
GitHubOauthCreds: "service/aws-access/github-oauth",
DNSApiKeyVaultPath: "service/aws-access/dns-api-key",
AutocertEmail: "letsencrypt-certs@pomonaconsulting.com",
AutocertHost: "https://dns-manage.crute.me/acmev2",
NetboxHost: "https://netbox.crute.me",
NetboxApiKeyVaultPath: "infra/netbox-readonly",
}
|