github.com/grailbio/base@v0.0.11/cmd/ticket-server/doc.go

github.com/grailbio/base@v0.0.11/cmd/ticket-server/doc.go (about)

     1  // This file was auto-generated via go generate.
     2  // DO NOT UPDATE MANUALLY
     3  
     4  /*
     5  Command ticket-server runs a Vanadium server that provides restricted access to
     6  tickets. A ticket contains credentials and configurations that allows
     7  communicating with another system. For example, an S3 ticket contains AWS
     8  credentials and also the bucket and object or prefix to fetch while a Docker
     9  ticket contains the TLS certificate expected from the server, a client TLS
    10  certificate + the private key and the URL to reach the Docker daemon.
    11  
    12  Usage:
    13     ticket-server [flags]
    14  
    15  The ticket-server flags are:
    16   -aws-account-ids=
    17     Commma-separated list of AWS account IDs used to populate allow-list of k8s
    18     clusters.
    19   -aws-regions=us-west-2
    20     Commma-separated list of AWS regions used to populate allow-list of k8s
    21     clusters.
    22   -config-dir=
    23     Directory with tickets in VDL format. Must be provided.
    24   -danger-danger-danger-ec2-disable-address-check=false
    25     Disable the IP address check for the EC2-based blessings requests. Only
    26     useful for local tests.
    27   -danger-danger-danger-ec2-disable-pending-time-check=false
    28     Disable the pendint time check for the EC2-based blessings requests. Only
    29     useful for local tests.
    30   -danger-danger-danger-ec2-disable-uniqueness-check=false
    31     Disable the uniqueness check for the EC2-based blessings requests. Only
    32     useful for local tests.
    33   -dry-run=false
    34     Don't run, just check the configs.
    35   -ec2-blesser-role=
    36     What role to use for the blesser/ec2 endpoint. The role needs to exist in all
    37     the accounts.
    38   -ec2-dynamodb-table=
    39     DynamoDB table to use for enforcing the uniqueness of the EC2-based blessings
    40     requests.
    41   -ec2-expiration=8760h0m0s
    42     Expiration caveat for the EC2-based blessings.
    43   -google-admin=admin@grailbio.com
    44     Google Admin that can read all group memberships - NOTE: all groups will need
    45     to match the admin user's domain.
    46   -google-expiration=168h0m0s
    47     Expiration caveat for the Google-based blessings.
    48   -google-user-domain=grailbio.com
    49     Comma-separated list of email domains used for validating users.
    50   -k8s-blesser-role=ticket-server
    51     What role to use to lookup EKS cluster information on all authorized
    52     accounts. The role needs to exist in all the accounts.
    53   -k8s-expiration=8760h0m0s
    54     Expiration caveat for the K8s-based blessings.
    55   -name=
    56     Name to mount the server under. If empty, don't mount.
    57   -region=us-west-2
    58     AWS region to use for cached AWS session.
    59   -service-account=
    60     JSON file with a Google service account credentials.
    61  
    62  The global flags are:
    63   -alsologtostderr=true
    64     log to standard error as well as files
    65   -log_backtrace_at=:0
    66     when logging hits line file:N, emit a stack trace
    67   -log_dir=
    68     if non-empty, write log files to this directory
    69   -logtostderr=false
    70     log to standard error instead of files
    71   -max_stack_buf_size=4292608
    72     max size in bytes of the buffer to use for logging stack traces
    73   -metadata=<just specify -metadata to activate>
    74     Displays metadata for the program and exits.
    75   -stderrthreshold=2
    76     logs at or above this threshold go to stderr
    77   -time=false
    78     Dump timing information to stderr before exiting the program.
    79   -v=0
    80     log level for V logs
    81   -v23.credentials=
    82     directory to use for storing security credentials
    83   -v23.namespace.root=[/(v23.grail.com:internal:mounttabled)@ns-0.v23.grail.com:8101,/(v23.grail.com:internal:mounttabled)@ns-1.v23.grail.com:8101,/(v23.grail.com:internal:mounttabled)@ns-2.v23.grail.com:8101]
    84     local namespace root; can be repeated to provided multiple roots
    85   -v23.permissions.file=
    86     specify a perms file as <name>:<permsfile>
    87   -v23.permissions.literal=
    88     explicitly specify the runtime perms as a JSON-encoded access.Permissions.
    89     Overrides all --v23.permissions.file flags
    90   -v23.proxy=
    91     object name of proxy service to use to export services across network
    92     boundaries
    93   -v23.proxy.limit=0
    94     max number of proxies to connect to when the policy is to connect to all
    95     proxies; 0 implies all proxies
    96   -v23.proxy.policy=
    97     policy for choosing from a set of available proxy instances
    98   -v23.tcp.address=
    99     address to listen on
   100   -v23.tcp.protocol=
   101     protocol to listen with
   102   -v23.virtualized.advertise-private-addresses=
   103     if set the process will also advertise its private addresses
   104   -v23.virtualized.disallow-native-fallback=false
   105     if set, a failure to detect the requested virtualization provider will result
   106     in an error, otherwise, native mode is used
   107   -v23.virtualized.dns.public-name=
   108     if set the process will use the supplied dns name (and port) without
   109     resolution for its entry in the mounttable
   110   -v23.virtualized.docker=
   111     set if the process is running in a docker container and needs to configure
   112     itself differently therein
   113   -v23.virtualized.provider=
   114     the name of the virtualization/cloud provider hosting this process if the
   115     process needs to configure itself differently therein
   116   -v23.virtualized.tcp.public-address=
   117     if set the process will use this address (resolving via dns if appropriate)
   118     for its entry in the mounttable
   119   -v23.virtualized.tcp.public-protocol=
   120     if set the process will use this protocol for its entry in the mounttable
   121   -v23.vtrace.cache-size=1024
   122     The number of vtrace traces to store in memory
   123   -v23.vtrace.collect-regexp=
   124     Spans and annotations that match this regular expression will trigger trace
   125     collection
   126   -v23.vtrace.dump-on-shutdown=true
   127     If true, dump all stored traces on runtime shutdown
   128   -v23.vtrace.enable-aws-xray=false
   129     Enable the use of AWS x-ray integration with vtrace
   130   -v23.vtrace.root-span-name=
   131     Set the name of the root vtrace span created by the runtime at startup
   132   -v23.vtrace.sample-rate=0
   133     Rate (from 0.0 to 1.0) to sample vtrace traces
   134   -v23.vtrace.v=0
   135     The verbosity level of the log messages to be captured in traces
   136   -vmodule=
   137     comma-separated list of globpattern=N settings for filename-filtered logging
   138     (without the .go suffix).  E.g. foo/bar/baz.go is matched by patterns baz or
   139     *az or b* but not by bar/baz or baz.go or az or b.*
   140   -vpath=
   141     comma-separated list of regexppattern=N settings for file pathname-filtered
   142     logging (without the .go suffix).  E.g. foo/bar/baz.go is matched by patterns
   143     foo/bar/baz or fo.*az or oo/ba or b.z but not by foo/bar/baz.go or fo*az
   144  */
   145  package main