cc-backend/pkg/schema/config.go

// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg.
// All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package schema

import (
	"encoding/json"
	"time"
)

type LdapConfig struct {
	Url             string `json:"url"`
	UserBase        string `json:"user_base"`
	SearchDN        string `json:"search_dn"`
	UserBind        string `json:"user_bind"`
	UserFilter      string `json:"user_filter"`
	SyncInterval    string `json:"sync_interval"` // Parsed using time.ParseDuration.
	SyncDelOldUsers bool   `json:"sync_del_old_users"`

	// Should an non-existent user be added to the DB if user exists in ldap directory
	SyncUserOnLogin bool `json:"syncUserOnLogin"`
}

type JWTAuthConfig struct {
	// Specifies for how long a JWT token shall be valid
	// as a string parsable by time.ParseDuration().
	MaxAge string `json:"max-age"`

	// Specifies which cookie should be checked for a JWT token (if no authorization header is present)
	CookieName string `json:"cookieName"`

	// Deny login for users not in database (but defined in JWT).
	// Ignore user roles defined in JWTs ('roles' claim), get them from db.
	ValidateUser bool `json:"validateUser"`

	// Specifies which issuer should be accepted when validating external JWTs ('iss' claim)
	TrustedIssuer string `json:"trustedIssuer"`

	// Should an non-existent user be added to the DB based on the information in the token
	SyncUserOnLogin bool `json:"syncUserOnLogin"`
}

type IntRange struct {
	From int `json:"from"`
	To   int `json:"to"`
}

type TimeRange struct {
	From *time.Time `json:"from"`
	To   *time.Time `json:"to"`
}

type FilterRanges struct {
	Duration  *IntRange  `json:"duration"`
	NumNodes  *IntRange  `json:"numNodes"`
	StartTime *TimeRange `json:"startTime"`
}

type ClusterConfig struct {
	Name                 string          `json:"name"`
	FilterRanges         *FilterRanges   `json:"filterRanges"`
	MetricDataRepository json.RawMessage `json:"metricDataRepository"`
}

type Retention struct {
	Age       int    `json:"age"`
	IncludeDB bool   `json:"includeDB"`
	Policy    string `json:"policy"`
	Location  string `json:"location"`
}

// Format of the configuration (file). See below for the defaults.
type ProgramConfig struct {
	// Address where the http (or https) server will listen on (for example: 'localhost:80').
	Addr string `json:"addr"`

	// Addresses from which the /api/secured/* API endpoints can be reached
	ApiAllowedIPs []string `json:"apiAllowedIPs"`

	// Drop root permissions once .env was read and the port was taken.
	User  string `json:"user"`
	Group string `json:"group"`

	// Disable authentication (for everything: API, Web-UI, ...)
	DisableAuthentication bool `json:"disable-authentication"`

	// If `embed-static-files` is true (default), the frontend files are directly
	// embeded into the go binary and expected to be in web/frontend. Only if
	// it is false the files in `static-files` are served instead.
	EmbedStaticFiles bool   `json:"embed-static-files"`
	StaticFiles      string `json:"static-files"`

	// 'sqlite3' or 'mysql' (mysql will work for mariadb as well)
	DBDriver string `json:"db-driver"`

	// For sqlite3 a filename, for mysql a DSN in this format: https://github.com/go-sql-driver/mysql#dsn-data-source-name (Without query parameters!).
	DB string `json:"db"`

	// Config for job archive
	Archive json.RawMessage `json:"archive"`

	// Keep all metric data in the metric data repositories,
	// do not write to the job-archive.
	DisableArchive bool `json:"disable-archive"`

	// Validate json input against schema
	Validate bool `json:"validate"`

	// For LDAP Authentication and user synchronisation.
	LdapConfig *LdapConfig    `json:"ldap"`
	JwtConfig  *JWTAuthConfig `json:"jwts"`

	// If 0 or empty, the session does not expire!
	SessionMaxAge string `json:"session-max-age"`

	// If both those options are not empty, use HTTPS using those certificates.
	HttpsCertFile string `json:"https-cert-file"`
	HttpsKeyFile  string `json:"https-key-file"`

	// If not the empty string and `addr` does not end in ":80",
	// redirect every request incoming at port 80 to that url.
	RedirectHttpTo string `json:"redirect-http-to"`

	// If overwritten, at least all the options in the defaults below must
	// be provided! Most options here can be overwritten by the user.
	UiDefaults map[string]interface{} `json:"ui-defaults"`

	// Where to store MachineState files
	MachineStateDir string `json:"machine-state-dir"`

	// If not zero, automatically mark jobs as stopped running X seconds longer than their walltime.
	StopJobsExceedingWalltime int `json:"stop-jobs-exceeding-walltime"`

	// Defines time X in seconds in which jobs are considered to be "short" and will be filtered in specific views.
	ShortRunningJobsDuration int `json:"short-running-jobs-duration"`

	// Array of Clusters
	Clusters []*ClusterConfig `json:"clusters"`
}
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg.`
			`// All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`
			`package schema`

			`import (`
			`"encoding/json"`
			`"time"`
			`)`

			`type LdapConfig struct {`
			Url string `json:"url"`
			UserBase string `json:"user_base"`
			SearchDN string `json:"search_dn"`
			UserBind string `json:"user_bind"`
			UserFilter string `json:"user_filter"`
			SyncInterval string `json:"sync_interval"` // Parsed using time.ParseDuration.
			SyncDelOldUsers bool `json:"sync_del_old_users"`
Refactor auth module Separate parts Add user repository Add user schema 2023-08-17 10:29:00 +02:00
			`// Should an non-existent user be added to the DB if user exists in ldap directory`
			SyncUserOnLogin bool `json:"syncUserOnLogin"`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`}`

			`type JWTAuthConfig struct {`
Readd URL token and cleanup Fix session values. 2023-08-12 09:02:41 +02:00			`// Specifies for how long a JWT token shall be valid`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`// as a string parsable by time.ParseDuration().`
Extend config schema 2023-08-18 09:19:55 +02:00			MaxAge string `json:"max-age"`
Accept externally generated JWTs provided via cookie If there is an external service like an AuthAPI that can generate JWTs and hand them over to ClusterCockpit via cookies, CC can be configured to accept them 2022-10-19 13:36:13 +02:00
			`// Specifies which cookie should be checked for a JWT token (if no authorization header is present)`
			CookieName string `json:"cookieName"`

			`// Deny login for users not in database (but defined in JWT).`
			`// Ignore user roles defined in JWTs ('roles' claim), get them from db.`
Refactor auth module Separate parts Add user repository Add user schema 2023-08-17 10:29:00 +02:00			ValidateUser bool `json:"validateUser"`
Accept externally generated JWTs provided via cookie If there is an external service like an AuthAPI that can generate JWTs and hand them over to ClusterCockpit via cookies, CC can be configured to accept them 2022-10-19 13:36:13 +02:00
			`// Specifies which issuer should be accepted when validating external JWTs ('iss' claim)`
Refactor auth module Separate parts Add user repository Add user schema 2023-08-17 10:29:00 +02:00			TrustedIssuer string `json:"trustedIssuer"`

			`// Should an non-existent user be added to the DB based on the information in the token`
			SyncUserOnLogin bool `json:"syncUserOnLogin"`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`}`

			`type IntRange struct {`
			From int `json:"from"`
			To int `json:"to"`
			`}`

			`type TimeRange struct {`
			From *time.Time `json:"from"`
			To *time.Time `json:"to"`
			`}`

			`type FilterRanges struct {`
			Duration *IntRange `json:"duration"`
			NumNodes *IntRange `json:"numNodes"`
			StartTime *TimeRange `json:"startTime"`
			`}`

			`type ClusterConfig struct {`
			Name string `json:"name"`
			FilterRanges *FilterRanges `json:"filterRanges"`
			MetricDataRepository json.RawMessage `json:"metricDataRepository"`
			`}`

Introduce Retention and compression 2023-05-09 16:33:26 +02:00			`type Retention struct {`
Improve retention Add db cleanup Fixes #103 2023-05-11 09:40:13 +02:00			Age int `json:"age"`
			IncludeDB bool `json:"includeDB"`
			Policy string `json:"policy"`
			Location string `json:"location"`
Introduce Retention and compression 2023-05-09 16:33:26 +02:00			`}`

Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`// Format of the configuration (file). See below for the defaults.`
			`type ProgramConfig struct {`
			`// Address where the http (or https) server will listen on (for example: 'localhost:80').`
			Addr string `json:"addr"`

Add secured subrouter for REST API Rename IP filter option Add array helper in util 2023-08-14 14:33:05 +02:00			`// Addresses from which the /api/secured/* API endpoints can be reached`
			ApiAllowedIPs []string `json:"apiAllowedIPs"`
first iteraton of implementing ip-secured enpoint 2023-08-03 17:47:09 +02:00
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`// Drop root permissions once .env was read and the port was taken.`
			User string `json:"user"`
			Group string `json:"group"`

			`// Disable authentication (for everything: API, Web-UI, ...)`
			DisableAuthentication bool `json:"disable-authentication"`

			// If `embed-static-files` is true (default), the frontend files are directly
			`// embeded into the go binary and expected to be in web/frontend. Only if`
			// it is false the files in `static-files` are served instead.
			EmbedStaticFiles bool `json:"embed-static-files"`
			StaticFiles string `json:"static-files"`

			`// 'sqlite3' or 'mysql' (mysql will work for mariadb as well)`
			DBDriver string `json:"db-driver"`

			`// For sqlite3 a filename, for mysql a DSN in this format: https://github.com/go-sql-driver/mysql#dsn-data-source-name (Without query parameters!).`
			DB string `json:"db"`

			`// Config for job archive`
			Archive json.RawMessage `json:"archive"`

			`// Keep all metric data in the metric data repositories,`
			`// do not write to the job-archive.`
			DisableArchive bool `json:"disable-archive"`

Add option for json validation 2022-09-13 15:22:20 +02:00			`// Validate json input against schema`
			Validate bool `json:"validate"`

Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`// For LDAP Authentication and user synchronisation.`
			LdapConfig *LdapConfig `json:"ldap"`
			JwtConfig *JWTAuthConfig `json:"jwts"`

Readd URL token and cleanup Fix session values. 2023-08-12 09:02:41 +02:00			`// If 0 or empty, the session does not expire!`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			SessionMaxAge string `json:"session-max-age"`

			`// If both those options are not empty, use HTTPS using those certificates.`
			HttpsCertFile string `json:"https-cert-file"`
			HttpsKeyFile string `json:"https-key-file"`

			// If not the empty string and `addr` does not end in ":80",
			`// redirect every request incoming at port 80 to that url.`
			RedirectHttpTo string `json:"redirect-http-to"`

Readd URL token and cleanup Fix session values. 2023-08-12 09:02:41 +02:00			`// If overwritten, at least all the options in the defaults below must`
Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`// be provided! Most options here can be overwritten by the user.`
			UiDefaults map[string]interface{} `json:"ui-defaults"`

			`// Where to store MachineState files`
			MachineStateDir string `json:"machine-state-dir"`

			`// If not zero, automatically mark jobs as stopped running X seconds longer than their walltime.`
			StopJobsExceedingWalltime int `json:"stop-jobs-exceeding-walltime"`

Move ShortRunningJobsDuration value to root config 2023-03-01 16:34:59 +01:00			`// Defines time X in seconds in which jobs are considered to be "short" and will be filtered in specific views.`
			ShortRunningJobsDuration int `json:"short-running-jobs-duration"`

Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00			`// Array of Clusters`
			Clusters []*ClusterConfig `json:"clusters"`
			`}`